452 votesAnonymous commented
We have the same issue as Mark, we don't use project level scoping at all, only environment scoping. As it currently stands people who shouldn't see production scoped variables can see them if they are in a variable set. This behaviour has changed somewhere between 3.5.2 and 3.17.8 since we defined and tested our access model and had it signed off by our internal auditors, now this breaking our access design.
14 votesAnonymous supported this idea ·