We have a folder with projects inside which have `project-based security` enabled and the Inheritance Strategy is set to `Inherit from parent`. The folder's permissions are:

In the screenshot above I've added `myname-noaccess` just to illustrate the group permissions - in reality it is missing in the configuration.

The problem is that the users from the `myname-noaccess` group, although not configured anywhere, are able to see the all of projects within the folder. While trying to figure out the issue, I noticed that `myname-noaccess` users actually have the same permissions as the `myname` group and once I removed it the folder and projects inside stopped appearing for `myname-noaccess`. 

I believe there might be an issue with how the permissions are being detected - most likely there is a wildcard somewhere.

The temporary fix is to rename `myname` group to something like `myname-core`.