As a user of Phabricator in a data-sensitive industry we are trying to limit access to projects in a very strict manner.
We had setup a project in a way to restrict membership as best as we know how... There are two configurations that non-admin users were still able to add users that conflicts with my understanding of the policies.
**Configuration 1**
* Created #Projects __Secret Project__.
* __Secret Project__ can only be edited by members of __Secret Project__
* __Secret Project__ can only be viewed by members of __Secret Project__
* No one can join __Secret Project__
**Configuration 2**
* Created #Projects __Secret Project__.
* Created #Legalpad document //Secret Project Membeship//.
* __Secret Project__ can only be edited by members of __Secret Project__
* __Secret Project__ can only be viewed by members of __Secret Project__
* Users can only join __Secret Project__ if they sign //Secret Project Membership//
After having either of these configurations, a non-admin member of __Secret Project__ was able to add a user, who had not signed //Scret Project Membership//, to the project. This is somewhat related to T7403