We’ve recently upgraded from Version 11.7 to 11.9 (11.09.04.009). In 11.7 we gave many users access to $F1.USR.PREF.MNT – User Settings (via menu $F1.USR.ENVIR.MNU) primarily to enable them to toggle between different security categories. In 11.9 this same function gives people access to creating, deleting and editing users. Thankfully we picked this issue up during our Testing prior to going live and adjusted accordingly, as this has the potential to be a major security risk.
If you are on 11.9, check your workplaces to see if you’re inadvertently giving regular users the ‘keys to the kingdom’. 11.9 , 11.7 and earlier versions feature Roles including GL Officer, AP Officer, and Manager include a Menu titled User Environment ($F1.USR.ENVIR.MNU) and anyone with access to this can easily make themselves super-users.