When using Board > Work Item > Item (Bug/Task/Activity) Etc - A user can use @ mention and search for all users in the organisation and not restricted to only the ones with permission for the project.
The 'Limit user visibility for projects' setting does not work or restrict the look up of users to project only for the @ mentions with any of the WYSIWYG controls on Description, Discussion entries etc.
This exposes the list of other client users or groups we have to the user and may be a conflict of interest and is not ideal for a Marketing agency who have different client projects that need access and client contributing to work items.
Is there a way to limit the user access on using the @ mention search so it does not scan the whole organisation user and groups.
I have tried varies permission and tests around this, if I use reader permission they can view items but not edit the work item so need a higher privilege refined on work items to allow to edit but have the @ mention restriction for searching all users/groups. Using contributor allows the edit but also allows them to search the users and groups on organisation and not limited to project only users and groups.