I think it’s a bug.
We have a group named restauration with users evantill and user2
We have a category named restauration with permissions only for users of the restauration group
We have an other group CE13 with users evantill and user3
We have a category named CE13 with permissions only for users of the CE13 group
when going to the group url https://discourse.sophiebarat.fr/groups/restauration we will have all messages from any users in this group including messages from other categories.
In our case, user user2 have no permissions on category CE13 but it will see all messages from user evantill including messages in the CE13 category.