I also came here to find a proper way to unchek
Authenticated - Permissions - Users-permissions - User - find
But, by unchecking it, the related entity’s find doesn’t work with filtering relation id(user id)
Enabling find acess to Authenticated seems like a big security hole.
By the way, My IsOwner global policy version - #16 by msoler75 helped me a lot about securing user related entities.