If I set the option: “Keywords are visible for everyone, but only the following groups can use them”.
…select groups > save > then reload the page or go back into the options later, the two selected groups are no longer displayed. However, the function comes into effect and only these two groups can subsequently assign tags from the group.
This can cause confusion for multiple administrators. Is this the way it is supposed to be? 
Thanks already for the feedback
I just tried testing this with Discourse Version - 2.9.0.beta3, however, I was unable to reproduce the issue.
Specially, I setup a tag group with settings similar that what you described, ie - “Tags are visible for everyone, but only the following groups can use them” and then selected two groups and clicked save.
After reloading, the two groups were both visible, and upon clicking the “Tags are visible to everyone…” menu, both groups were able to be deselected.
I used Chrome Version 99.0.4844.84 to access Discourse, and also tested with another admin on the site using Firefox 91.7.1esr and was still unable to reproduce the issue.
I hope this helps provide some insight into this bug.
After further testing, I found that if a specific group is not visible to the moderator editing the tag group settings than that group will not show up on the edit tap group page.
More details about the testing process I went through:
The “secret” group that is only visible to the group owner.
Tag Group Setting as seen from owner of “secret” group, after adding '“secret” group.
View from other moderator outside of “secret” group. The “secret” group is unable to be seen.
That all being said, I believe this is working as intended, since the group in question would be hidden from that moderator anyways, however, that moderator wouldn’t be able to add that group to the tag group settings, as they wouldn’t be able to see anything related to that group at all.
This might not be exactly the situation originally described, since it sounds like the two groups that were added to the tap group settings were visible by everyone (or at least visible to the moderators editing the settings), but this was the only was I was able to get results similar to what was described.
Thank you for your response and for trying to recreate the problem.
To understand the problem even better, I have attached screenshots here. You can see that I authorize the two groups “Administrator” and “Moderator” to use these tags.
After I close the page and open it again, these two groups are no longer selected, which would mean that the two “roles” would no longer have the sole right to use the tags in the tag group. But these two still have only the right to use the tags. So the problem is that it does not save the two roles as set.
And
I hope this could be understood better.
Excuse me, small addition, since here by mistake the wrong group is to be seen in the Screenshot above, it concerns here naturally this group:
Tag group settings:
It doesn’t matter what I use on Tags are visible only to following groups it will disapper right away from there if a reload, visit some other page and then come back or doing log out/login.
If I don’t return to tag group settings I can see that limited tga under its group on tag page. But it isn’t limiting anything.
Here I can limit visibility of one tag to TL2 but lower TLs see it anyway.
I can’t reproduce this at the moment. Maybe check the visibility and other settings of the groups you are trying to limit visibility to. 
I don’t know if it’s what Jakke is talking about, but I have an odd experience on my dev install (latest):
So far, once saved, no issue.
When I reload, the group name doesn’t appear
I have been trying to reproduce this but I cannot. I just did a fresh pull of latest commit.
create new tag group:
saved and list shows tag group as expected, even when page is reloaded.
and when I reload that page I get the same expected result and I can edit that tag group again:
And those would be what? I’m trying to limit visibility using trust level. But I don’t understand why even that could be play any roll. It is a tag group and there isn’t any other settings that could affect.
So you can limit visibility of a tag? Don’t care so much about that disappearing setting — there is a couple similar cases and I’m quite sure it comes from iPadOS and/or DiscourseHub.
I did upgrading something like 12 hours ago and can, of course, tell exact build, but this has been issue now quite long time. I should tell earlier, but I forgot, and now I needed that feature again.
I should limit away every component before this posting but that is a bit time consuming between everything else, but if you all really can limit visibility then I have to (but tag groups have certain history break every now and then 
)
yes
I limit this tag group to staff:
Try to find a tag in that tag group with a user who isn’t staff:
Darn. When I allow TL2 then my TL1 test person sees tag, but anons not.
Thanks. I have to dig a bit deeper.
This starts to be interesting. No matter if I tried win-laptop, several browsers, iPad/iPhone… no luck.
But if used selfmade group as limiting one it stayed. A little bit more digging and one issue is automated groups that is translated. Like trustlevel_x vs. Finnish luottamustaso_x. Dsicourse just doesn’t accept translated ones. Well, with tag groups anyway.
And yet my TL1 users sees tags no matter what limiting group I’m using.
Edit:
I can’t change default locale from finnish to english(US). That is by design, I guess. So trying how it works when locales are… default ones, is quite impossible to me.
I thought about that too. In this topic Non-english automatic groups don't stick when applied to Tag Group visibility/usability restrictions the German locale is used.
Just wondering if there is some light in tunnel that we can use automatic translated names of trustlevels? Sure, I can, and I did, another group and let all in some trustlevel be members… but that is a bit boring solution when we have already groups for trustlevels.
I’ve merged these two reports together for better tracking of the issue.
I think I have a repro:
default locale to ‘suomi’/sidekiq/scheduler page and trigger Jobs::EnsureDbConsistency (to ensure group names are updated)Obviously, my test site is in Finnish so I’m fairly confident of the result but not 100% confident as I don’t read Finnish and it can get a little confusing. If someone else could repro that would also be great.
I think your steps are correct. (My default locale was German before so I skipped steps 1 and 2). You could add a step to change your user’s locale to English.
You can also use “Tags are visible to everyone, but only the following groups can use them”.
While they aren’t visible in the tag groups settings, my tl1test user cannot use them anymore. This was also mentioned in the first post.
This is the bit I wasn’t sure of. For mine, after setting ‘visible only to Finnish TL2’, a TL1 user could still see them.
