Mendix ACL Prevention

Hi I want to ask how to prevent user to access the System.user information object related only for that user, currently i face condition when I loggin with user A, i can see all the list of user under Entity System.User.   How to prevent when do this access to API only returned the object  which belogngs to session user loggedin   {     "action":"retrieve_by_xpath",     "params":{         "xpath":"//System.User",         "schema":{         },         "count":false     } }    
1 answers

This should already be the case. 




When I test this in my applications, I can only see the user that I'm logged in with. Are you sure you're not logged in with a role that has rights to access other user roles?