Block Realm user listing all app users

Hi All,

I wonder if you could help with a security problem I have. It appears my logged in users would have access to list all Realm users in the app. I am using email/password Auth and I call from my client which returns all the app users.
I don’t want basic users to be able to do this. Does anyone have a solution or is this a limitation of the Realm SDK?
I feel like anyone can sign up, look at the js source to get the app id and do this call. This is a security concern unless I has missed something.

I am using the web sdk.

Your help/thoughts would be appreciated

This should only be calling logged in users who never logged out from that app. Are you noticing other behavior?

Thank @Sumedha_Mehta1
That makes more sense. We have to sign out and remove the user and the function won’t list them.

I think this issue should be addressed @Sumedha_Mehta1
I am sure there are some basic rules that can be set.
your answer will help us all.