I fear that every Sprints user will get access to all repositories the authorizing account has access to in GitLab.
The integration does not seam to care about the authorization and mapping from a security point of view (NDA, IPA and code security).

In most companies (especially the bigger sized companies with several products or companies providing developing service to their customers - not every developer has access to all GitLab repositories.

How do I have to configure the mapping so that Sprints users will only have access to GitLab information through Sprints if they already have access to the particular mapped GitLab repositories?

Which GitLab Account should be used to connect Sprints?
Who has the right to map repositories, projects and issues to Sprints?
Where can I see, what information is revealed to which user?
I'm fearing that starting this, every user could get access to all repositories and branches, even if they are out of their business.
This is forbidden by policy and NDAs in our organization and our customer A does not want to allow access to 'his' portion of the code, by developers who are not involved in his projects and bound by NDA.

Thanks