I like the security group feature, but I find this behavior unpleasant.

I think you can easily fix this.

Customer already have an INTERNAL security group and an BC environment with this enabled.

1) You create an environment called EXTERNAL with a Security Group EXTERNAL

2) You create a guest user A with Security Group EXTERNAL

3) You import users in EXTERNAL, all is good - the A user is created in user list as it should.

4) You import users in INTERNAL environment, the A user is ALSO created ! This is either a bug, or a poor feature in my opinion.

It has to be said, that the A user can NOT access the INTERNAL environment, but it's hurting my eyes, and also from audit-revision perspective this is not good.