Workspaces are essentially public to all users that have READ access (global READ access turned on).

So, for example, when a job uses the git SCM plugin to clone the repository into the job workspace, ALL of the code is still visible to ANYONE that has READ access. Is it possible to only allow people of the org that the repo belongs to view that content? Or does global read access for authenticated users have to be turned off?