I have already reported this to C1 Support, but thought it should be publicised so people dont give the permission out and open themselves to security issues.
When setting up the Access Scopes for ‘power users’ in customers locations, be aware that i have set one up for a customer account (luckily as a test) and found that whilst the devices tab is limited to just the company defined in the role, when going into the dashboards or running the Hardware Inventory report, it does’t filter the devices. I ran the hardware inventory report whilst acting as a customer and found that i could view ALL device information.