When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.