This is based on User type and permissions. If the External User has Full User license for example, they will be able to see these, but they should only be able to see what they have access to. If you do not give them access to it, they should not see it.
Confirm the users User Type, Role and Global permissions and consider the fact that they may have too many permissions.
Otherwise, we can only specify which are seen at a global level, not per User and the rest is handled through permissions.