We have some users with permission to see and work only on one project.

If those users generate a workload report on period, grouping by "Category, resouce, project, issue" for example, and select "all categories" and "all proyects" they'll get a listing of all the issues in every project and category on which some time has been logged in. That can not click on the issues or in the projects they don't belong to, but they get a fukll view of projects, issue summaries, time worked on each project...

This is making 'public' some critical info on our organization... how can I make this users to see only their own issues when they generate this kind of reports?