Issue Summary

When allowing users from your @domain to get access to your site, we make sure that your organization will be able to log in to your Atlassian site - even if we disable new users to be granted with product access, at least the users are created there.
Though, if a regular user either share a JIRA issue or Confluence page with someone that is/is not added to the user management, this user is added to the site and granted with product access.

Steps to Reproduce

Part #1: Make sure to allow users from your domain to have access in your site

1. Go to your Site Administration > Site Access;
2. Check the second option Approve the following domains;
3. Add your @domain.com and hit enter;
4. Click on Save Changes.

Part #2: Disable new users with product access

1. Go to your Site Administration > Product Access;
2. Untoggle all the New users have access to this product options.

Part #3: Reproducing the issue

1. Log in with a regular user with no admin or site-admin permissions;
2. Access either a Confluence page or JIRA issue with this user;
3. In the content you accessed, hit the share option;
4. Type an email address from a user that doesn't have access to the site or have access to the site but with no product access - be sure this email address belongs to the @domain.com you set on Step #1;
5. Copy the URL;
6. On an incognito window, paste the link and log in to the site with the email you shared the content.

Expected Results

You are supposed to fall in a screen asking to request access to that product.

Actual Results

You are able to log in on the site, seeing the content that was shared.

NOTES:

• even if the shared content has some permissions/restrictions that prevent the user to see that content, the product access was granted - with your site-admin account, access this user profile and you will that.

Workaround

Remove the @domain.com from the Site Access, for now.