Attached is the user permission I set in an a/c "a001". I unchecked all the permission for another A/C "a002" except read.
However I can still edit the profile of a002 when I login as a001.
Is it reasonable?
Is a001 is member of any group? If so, I think a001 is a member of some group 'x' and group 'x' has permissions to edit a002 profile..
Retrieving data ...