Yes, the user needs to have access to the site and have view permissions on the plan to see the data the shared report.
Jira issue level security is designed in a manner that a user must have the appropriate permission levels to access data for that data to be seen in any location, reports to view data will run permissions checks to verify the user has access before it can be viewed.
Also to restrict access to a report you can remove access to a report via removing permissions for that user at the plan level as covered in the "Sharing reports" documentation.
For sharing externally data needs to be exported to a static form such as PDF or CSV and sent as one off reports, In portfolio reports there is an option to export the Scope or Release reports that can be used to send data to the external partners as static data.
To see this feature in action check out our recent dependencies demo here: https://www.youtube.com/watch?v=eQu5VsUqyZA Keeping on top of your dependencies is a key part of ensuring project success....
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events