https://jira.atlassian.com/browse/CONFCLOUD-57825
Currently, when linking a Confluence Space to Service Desk the setting "Any active user can view this space" is enabled automatically in the Confluence space. That means, that any Confluence users, regardless of not being Service Desk customers will be able to view the space, regardless of the space permissions.
I have the same problem, I should use a specific restriction on pages in each space as a workaround (a lot a work time and risk). This is clearly a security hole and not a « feature »… I don’t understand.
There is a ticket created in 2017 !!!!
Please come and vote for change, or please, Atlassian, change the ticket into a bug (as a feature, we may have to wait a long time yet...).
Thank you