Server is 10.7.1 and services are secured with ArcGIS Server Build-in credentials.
I have 3 separates services that are all acting the same way no matter how many times I attempt to share, stop/start, and enable/disable options.
I add a secured feature service to a web map in agol. The feature services contains features created by many different users. I have ownership-based access control enabled and all 3 options are disabled (none are checked). I want users to be able to see their features but not other users. As far as I can tell this should work. However, everyone still sees all features no matter the owner. They can click a polygon and see the owner in the attributes. They can not edit attributes of other's features but they can cut it to or change the shape.
Any idea what's happening?