Currently, all plans created in Portfolio are by default browsable to everyone who has Portfolio access. This creates a problem with multi-tenant instances, where portfolio users should only view plans they are allowed to view, and don't have any access to other plans. Such users are able to see plan names, and this can give away sensitive information such as client names to them.

The problem will be sorted if we allow specifying default plan permissions, rather than trying to educate all users to lock down every single plan after creation.