I have been assigned direct access to a workspace in the external tenant, and have also inherited access through an AD security group, and in both cases I can access and edit content in that workspace (create reports, dataflows etc).
Everything that is said in this link and this link suggests that I should not have access. But I can do everything that is explained in those articles, despite the "Allow external guest users to edit and manage content in the organization" being disabled.
I don't understand how this is happening - I am an external guest user, so I shouldn't be able to access and edit content in this workspace, surely? This feels like a huge security hole.
Is this expected behaviour? Is there something I'm missing?