Any user can modify or delete other users
Nextcloud version (eg, 20.0.5):
Next cloud 20.0.5
Operating system and version (eg, Ubuntu 20.04):
Apache or nginx version (eg, Apache 2.4.25):
PHP version (eg, 7.4):
The issue you are facing:
As the main admin, I have created a new user and made him part of a group, this user is not an admin.
This new user can now login and from menu users==>everyone can see some of the users and for some of these users, he can deleted them or wipe their data while.
(“Some of the users” means, he can see users that are part of a group (any group), but he cannot see users that have no group.)
It look like, as long as a non admin user is part of a group he has the possibility to delete or update other users as long as they are part of a group.
This is a “dangerous” possibility, how can I correct this behavior?