I ve noticed something that for me is an important security issue.
My version is 7.8.2.
The story is that in my instalation , regular users have the right to change preferencies of other regualr users .
To be more specific, in the list view of Tasks module i have added the “created by” column.
Lets say i ve logged in as “regular user 1” who is not administrator.
Clicking on any user (lets say “regular user 2”)on this column, opens the user’s (“regular user 2”) profile.
From that page “regular user 1” can reset “regular user 2” preferencies and home page. Also “regular user 1” can view “regular user 2” settings and module access.
Is that normal?