It would be nice to split out and have independent controls on issues permissions based on visibility and assignment. For my use case, I want a specific role to be able to see all issues (help prevent duplicates) but only be able to assign to their company. Current state to see all issues you then have rights to assign to anyone. Short term it could be solved by adding an entire company as a watcher, but unless you use templates (and depend on the user to select the template), there isn't a way to set a default watcher. Having view only full visibility and assign only to own company would resolve this.
An additional option would be where you can set a role to only be able to assign to a set list of roles.
