User can login to journal for which they are not registered

We are running several instances of OJS each hosting a single journal. Recently we have started adding additional journals to existing instances. We are discovering that a user who has registered with journal A in a given instance can use their credentials to login to journal B even if they have not registered with journal B. We were also able to reproduce this behaviour in OJS on an installation at another institution. The user is not able to do anything in the other journal except look at their profile.
Is this expected behaviour?

HI @elt,

As per our other discussion here: Expected behaviour of Add Reviewer - Enroll existing user - #4 by rcgillis - this is expected behavior, and as noted, the user cannot perform any functions in the journal for any roles that have not been assigned.


Thanks indeed for the clarification!