This problem came up in bug 48323 comment 4.
Current situation:
Marking specific comments and attachments in Bugzilla as private, and accessing comments and attachments marked as private require membership in the "insidergroup" group (which does not allow manual membership but can only be set to another existing Bugzilla group).
The insidergroup group is currently set to the admin group in the Wikimedia Bugzilla configuration.
General info: http://www.bugzilla.org/features/#private
Problem:
Sometimes trusted non-admin users want to hide a comment if it contains private info. So far reports were moved to the "Security" Bugzilla product which is unreasonable as the issue covered might not be a security issue and as it blocks access to the complete bug report instead of the specific comment only.
Solution:
Create a new Bugzilla group "privatecomments". Make members of "admin" and "security" group automatically members of the "privatecomments" group. (This new group will also allow adding individuals manually to the "privatecomments" group.) Set the insidergroup in the Bugzilla configuration to "privatecomments".
Version: wmf-deployment
Severity: normal