Look at the permission scheme for both projects. Concentrating on "browse projects" permission (because that one says "these people can see the project and the issues in it).
In there, you'll probably see it says something like "Role: Users" and/or "Group: jira-users"
For groups, you need to remove people from the group, or remove the group access from the permissions.
For Roles, you then need to look at each project header, and remove users and/or groups from the roles that allow them access.
The usual problem here is Jira's default settings - it uses the group "jira users" to mean "Can log in", but then ALSO uses it in the default roles, so every time you create a new project, Jira users gets added in, and then everyone who can log in also gets access to the project.
You need to unpick that by removing jira-users from all the projects (replacing it with users or groups to let people who should have access back in) and removing it from the default role.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.