Authenticated users can add/change their personal data in frontend


Currently I have added more fields (e.g. firstName, lastName, address etc.) under Content Type “User”. Now when I call an ID via graphql and a jwt token the user details appear. But the problem is that I can also display other ID. Not only those with my jwt-token or my own user-ID.

Now how can I enable in strapi v4 add/change personal data via frontend endpage (via graphql). I stumbled across the term isOwner. But can’t find much more about this in v4.
I’m also not sure if I should create a separate content type on Strapi (e.g. Personal-Data) with a RElation 1:1 to a User-Account. But again, I can display other users via ID (without changed jwt token).

Thanks a lot for the help.