diff --git a/app/finders/contributed_projects_finder.rb b/app/finders/contributed_projects_finder.rb
index 0209649b017f672b4b5b65c68e637419dc1b379c..4f7fe1c748b8ce2bc8e6517996ca5a2a972abd91 100644
--- a/app/finders/contributed_projects_finder.rb
+++ b/app/finders/contributed_projects_finder.rb
@@ -11,7 +11,7 @@ class ContributedProjectsFinder
   #
   # Returns an ActiveRecord::Relation.
   def execute(current_user = nil)
-    if current_user
+    if current_user && !current_user.external?
       relation = projects_visible_to_user(current_user)
     else
       relation = public_projects
diff --git a/app/finders/joined_groups_finder.rb b/app/finders/joined_groups_finder.rb
index fbdf492c9650d8b7a0e298c6d742f667463a8fcc..ff744689e3d77de05a00cc322a189d8f4e6162f6 100644
--- a/app/finders/joined_groups_finder.rb
+++ b/app/finders/joined_groups_finder.rb
@@ -12,7 +12,7 @@ class JoinedGroupsFinder
   #
   # Returns an ActiveRecord::Relation.
   def execute(current_user = nil)
-    if current_user
+    if current_user && !current_user.external?
       relation = groups_visible_to_user(current_user)
     else
       relation = public_groups
diff --git a/app/finders/personal_projects_finder.rb b/app/finders/personal_projects_finder.rb
index a61ffa229900574be7d1e0c8304b4c29baa7d780..0e2d915da54df3cd1dd4b4e1e7baf299349424ad 100644
--- a/app/finders/personal_projects_finder.rb
+++ b/app/finders/personal_projects_finder.rb
@@ -11,7 +11,7 @@ class PersonalProjectsFinder
   #
   # Returns an ActiveRecord::Relation.
   def execute(current_user = nil)
-    if current_user
+    if current_user && !current_user.external?
       relation = projects_visible_to_user(current_user)
     else
       relation = public_projects
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 455ea7bcc69af83eaceded028da57f5f0bc23155..134ae440c9cd028a5986f5ad7e354bf56ef1808d 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -295,8 +295,11 @@ class Ability
     end
 
     def can_read_group?(user, group)
-      user.admin? || group.public? || group.internal? || group.users.include?(user) ||
-      ProjectsFinder.new.execute(user, group: group).any?
+      if user.external?
+        group.public? || ProjectsFinder.new.execute(user, group: group).any?
+      else
+        user.admin? || group.public? || group.internal? || group.users.include?(user) || ProjectsFinder.new.execute(user, group: group).any?
+      end
     end
 
     def namespace_abilities(user, namespace)
diff --git a/db/schema.rb b/db/schema.rb
index f5e3e5bc861eb77c84e51741807811797edb0e7b..f1bccd62745c8749d8c191b7d40dda96437619f5 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -777,9 +777,9 @@ ActiveRecord::Schema.define(version: 20160314143402) do
     t.string   "type"
     t.string   "title"
     t.integer  "project_id"
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.boolean  "active",                default: false,    null: false
+    t.datetime "created_at",                               null: false
+    t.datetime "updated_at",                               null: false
+    t.boolean  "active",                                   null: false
     t.text     "properties"
     t.boolean  "template",              default: false
     t.boolean  "push_events",           default: true