By default ALL users can manage only their own System.User details. Including the administrator.
The USERrole Administrator has a default user management setting: All
Which allows users with the userrole Administrator to manage all accounts => System.User details
Thus enabling the production security ensures you can only access and change the System.User details if its the users’ own account. Or it should be the administrator logged in.
I don't know with what role you entered your app, but check the proper access rules on ‘Account' and in Project > Security your User Role and which role he has in the administration Module and which roles he is allowed to manage