Issue Summary

When linking a Confluence space to a service project, customers from the project will be able to view the space directly in Confluence if they have an Atlassian account.

When another project is linked to a different space, customers from a different project that is also integrated with other Confluence spaces will be able to view it when accessing Confluence, even though they are not customers of the project(s) in question.

Spaces open for the public will also be visible to these customers even if the Global permissions are not open for the public.

Steps to Reproduce

1. Create three spaces in Confluence.
2. Set one of the spaces to have public access enabled.
3. Once the spaces are created, create two Service Management projects.
4. Link the projects with the different spaces not open for the public (I.E. project A with space A and project B with space B).
   1.  The viewing permissions should be Restricted (so the customer can view the space in Confluence).
5. Have at least one customer account (with an Atlassian account, but no product access).
6. Under Project A, add the account as a Jira Service Management customer.
7. Have the user accessing Confluence.

Expected Results

The customers should only be able to view the space linked to the project where they are a customer.

Actual Results

The customers can view and access any spaces linked to Jira Service Management projects or with public access enabled.

Workaround

Currently, there is no known workaround for this behavior. A workaround will be added here when available.