diff --git a/app/finders/contributed_projects_finder.rb b/app/finders/contributed_projects_finder.rb
index 0209649b017..4f7fe1c748b 100644
--- a/app/finders/contributed_projects_finder.rb
+++ b/app/finders/contributed_projects_finder.rb
@@ -11,7 +11,7 @@ class ContributedProjectsFinder
   #
   # Returns an ActiveRecord::Relation.
   def execute(current_user = nil)
-    if current_user
+    if current_user && !current_user.external?
       relation = projects_visible_to_user(current_user)
     else
       relation = public_projects
diff --git a/app/finders/joined_groups_finder.rb b/app/finders/joined_groups_finder.rb
index fbdf492c965..ff744689e3d 100644
--- a/app/finders/joined_groups_finder.rb
+++ b/app/finders/joined_groups_finder.rb
@@ -12,7 +12,7 @@ class JoinedGroupsFinder
   #
   # Returns an ActiveRecord::Relation.
   def execute(current_user = nil)
-    if current_user
+    if current_user && !current_user.external?
       relation = groups_visible_to_user(current_user)
     else
       relation = public_groups
diff --git a/app/finders/personal_projects_finder.rb b/app/finders/personal_projects_finder.rb
index a61ffa22990..0e2d915da54 100644
--- a/app/finders/personal_projects_finder.rb
+++ b/app/finders/personal_projects_finder.rb
@@ -11,7 +11,7 @@ class PersonalProjectsFinder
   #
   # Returns an ActiveRecord::Relation.
   def execute(current_user = nil)
-    if current_user
+    if current_user && !current_user.external?
       relation = projects_visible_to_user(current_user)
     else
       relation = public_projects
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 455ea7bcc69..134ae440c9c 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -295,8 +295,11 @@ class Ability
     end
 
     def can_read_group?(user, group)
-      user.admin? || group.public? || group.internal? || group.users.include?(user) ||
-      ProjectsFinder.new.execute(user, group: group).any?
+      if user.external?
+        group.public? || ProjectsFinder.new.execute(user, group: group).any?
+      else
+        user.admin? || group.public? || group.internal? || group.users.include?(user) || ProjectsFinder.new.execute(user, group: group).any?
+      end
     end
 
     def namespace_abilities(user, namespace)
diff --git a/db/schema.rb b/db/schema.rb
index f5e3e5bc861..f1bccd62745 100644
--- a/db/schema.rb
+++ b/db/schema.rb
@@ -777,9 +777,9 @@ ActiveRecord::Schema.define(version: 20160314143402) do
     t.string   "type"
     t.string   "title"
     t.integer  "project_id"
-    t.datetime "created_at"
-    t.datetime "updated_at"
-    t.boolean  "active",                default: false,    null: false
+    t.datetime "created_at",                               null: false
+    t.datetime "updated_at",                               null: false
+    t.boolean  "active",                                   null: false
     t.text     "properties"
     t.boolean  "template",              default: false
     t.boolean  "push_events",           default: true