Information
macOS has a privilege that can be granted to any user that will allow that user to unlock active user's sessions.
Rationale:
Disabling the admins and/or user's ability to log into another user's active and locked session prevents unauthorized persons from viewing potentially sensitive and/or personal information.
Impact:
While Fast user switching is a workaround for some lab environments especially where there is even less of an expectation of privacy this setting change may impact some maintenance workflows
Solution
Run the following command to disable a user logging into another user's active and/or locked session:
$ sudo security authorizationdb write system.login.screensaver use-login-window-ui
YES (0)
References
https://derflounder.wordpress.com/2014/02/16/managing-the-authorization-database-in-os-x-mavericks/
https://www.jamf.com/jamf-nation/discussions/18195/system-login-screensaver