Setting up e.g. a personal space and giving only the owner full access, anonymous access denied, some people (administrators?) still have access (can view, change permission and add comments). This is regardless of space or site restriction.

We are using the build-in security systems shared with JIRA v6.0.1.

This is a big issue for us, since confidential data has been made available to non eligible personal and we have hundreds of people all over the world using our setup which incl. several people with administrator rights.