Affects Version/s: 6.1.0 CE GA1, 6.1.10 EE GA1, 6.2.0 CE M2
Steps to reproduce:
1. Create tow new users A and B
2. Create a new organization with a site and assign both users as members
3. Assign the Site Owner or Site Administrator role to user A
4. Log in with user A and in control panel click on Users and Organizations
5. Click on the organization to see the list of its members
6. Click on user B to view his data
7. Change anything and click save
"Your request completed successfully."
User A can edit user B's data even though he is only the admin/owner of the site but not the organization.