It appears users are able to view records in reports that they don’t have permissions to. For example, users who have a department specified in their permissions are still able to view all departments in reports! I also ensured that ‘Apply User Permissions’ is checked in the query report but it doesn’t seem to make a difference
Is this a bug??