Commit changes to the repository, generating a new "Differential" code review entry.

To create a new Differential Revision, you run "arc diff". No "Commit" object is created, but a "Revision" object and a "Diff" object.

If the user doesn't have permissions to view the Repository, than the Revision will not be associated with any Repository, and will have the default view settings, which are usually "All Users".
You can change the default view settings by navigating to applications - → Differential: Configure - → Edit Policies.

@pmbento - I think your situation sounds a little confusing - could you clarify the details? The user is not granted visibility of the repository in Phabricator but still is able to create Differential Revisions on it? This sounds a little odd, as I assume they have access to the repository in order to create the diff revisions in the first place.

@avivey - That was the case in fact. The default policy was set as "All Users", so no bug here.

Thank you very much for your suport @avivey and @cspeckmim.

In T9534#139617, @avivey wrote:

Commit changes to the repository, generating a new "Differential" code review entry.

To create a new Differential Revision, you run "arc diff". No "Commit" object is created, but a "Revision" object and a "Diff" object.

If the user doesn't have permissions to view the Repository, than the Revision will not be associated with any Repository, and will have the default view settings, which are usually "All Users".
You can change the default view settings by navigating to applications - → Differential: Configure - → Edit Policies.