Do you know if the custom group created for your defect users used TdAdmin as the base during creation? As a new custom user group is created, you are prompted to choose a default group as the base to preset the permissions. You then edit the permissions after creation.
I ask as it is a best practice now to use the TdAdmin group as the base for all custom groups. Then remove down the permissions to fit your need. Groups created from the other default groups are very often having issues such as checked permissions being ignored or conflicts with actions (such as when filters are in use).
If you do not know which base was used, I suggest you create a new user group based from TdAdmin and then reduce the permissions for your defect only users. Add a user in and test to be sure actions work as expected. This is a very common issue these days and I would wager your existing group did not use TdAdmin as base during creation.