If you have an organisation set up and you have have Team 1 and:
- In Team 1, you have Project A and Project B.
- Person X is a member of Team 1
- Person Y is a member of Project A (but not a Team 1 or Project B member)
- Person Z is a member of Project B (but not a Team 1 or Project A member)
- All Persons are member of your organisation (i.e. have the same email - e.g. x@mycompany.com)
- If you set Project A as Make public to Team 1, Person Z can still see everything in Project A (even though they are not a Team 1 or Project A member)
- Same for Person Y seeing into Project B.
- Person X can see into both, which is expected since it says Make public to Team 1 and they are a member of the overall Team.
- Fortunately, this issue does not happen if a person is not an organisation member and is, instead, just a guest user (i.e. do NOT have the same email - e.g. x@mycompany.com)**
- Just making a Project private is not a solution to this because it undermines the point of having overall team members with oversight over a team without having to be Project Members.
- This should be fixed ASAP before confidential info is leaked across organisations!