Information
macOS has a privilege that can be granted to any user that will allow that user to unlock an active user's sessions.
Rationale:
Disabling the administrator's and/or user's ability to log into another user's active and locked session prevents unauthorized persons from viewing potentially sensitive and/or personal information.
Impact:
While Fast user switching is a workaround for some lab environments, especially where there is even less of an expectation of privacy, this setting change may impact some maintenance workflows.
Solution
Terminal Method:
Run the following command to disable a user logging into another user's active and/or locked session:
$ /usr/bin/sudo /usr/bin/security authorizationdb write system.login.screensaver use-login-window-ui
YES (0)