Here’s what I understand:
I’ve set privacy rules for those fields, only users with specific “Role” can access them, “everyone else” have access to none of those files.
Here is an additional screenshot that might also help:
Do you have any clue what the vulnerability is about? And what I should be doing from there?
Essentially, all your data objects (bubble things) are publicly visible unless you define privacy rules which make the only accessible to those who meet the rule you define (your privacy rule!)