I am in the process of getting our Rock server going by 1/1/18.  After putting in a few families, I wanted to see what it looked like on the outside to someone who has never had access to their profile.  I put in my full family and asked one of my children to go the the external website and try to log in.  They were able to register their account, and was directed to confirm with the email address.  When they were in the profile section, they were able to see the other members of the family.  In the list, beside each person, there is an UPDATE button.  My son, was able to go to the update and change any personal information that he wanted on anyone in the family that he could see.  He changed my wife's name and phone number as well as gave his sister a funny nickname. 

So, if this is possible, I could see that someone in the family could fool around and change anything without the other person knowing which could mess up sending email or sms messages and no one would know what he did unless someone happened to look at it. 

If we only had a few members, this may be detected quickly.  With hundreds of users, I would find it hard to see if anyone did this as a joke and never went back to change it. 

Is there a way to restrict users from this update except for themselves?  so that the only person they would see the UPDATE button for would be themselves?  Or am I thinking too much on this?  I would want parents to be able to change their children's info.  I just don't want siblings pulling things on each other.

I would like thoughts on this matter.