Instead of having only one group assigned, new users are receiving all the existing groups - even tho they are closed groups - this ended up in them being able to read all the messages/notifications being sent to anyone.
If I check their profile using admin options it says they only have one group assigned and only Trust0 & Trust1 permissions. PS: Beta group does not have any permissions that could be making them see that.
In short: how can I make users have only one specific group instead of what’s happening now?
I am pretty sure it was a bug with my installation, first time doing it - might have messed with app.yml and other things I should not have. Sorry for posting this topic before trying all I could.
Deleted docker images and reinstalled it, works great now!