Currently, for the newly created Service Management projects by default, the Customer Permission setting is set to Anyone on the web (without logging in). This raised security concerns from customer end-users. Some users who belong to an old user group claimed that there was a risk their ticket details were exposed to other user groups. It should be set to Customers added by agents and admins or there should be an option to change the default customer permissions.