I recently bought a 2014 mini which had been used as a media server. It is intended to remain in my holiday abode for use when it is occupied. After installing Catalina, I ran DriveDX which was unhappy with the disc condition. The previous owner had replaced the spinner with an early 300G Crucial SSD. Setting aside a couple of hours I decided to replace that with a spare HD I had. On opening the mini, I found it was the model with a PCIe port easily accessible just by removing the bottom cover!! Oh joy!! So I got a 250G PCIe SSD and cable and did the simple install.
On the original SSD I installed a fresh copy of Big Sur with an admin account and a standard account. On the PCIe I installed Big Sur with a single admin account. The spare HD which was going to be used to replace the Crucial SSD got a USB3 cable and a fresh copy of Big Sur with a single admin account.
So int SSD has admin1 and Std accounts
PCIe SSD has admin2 account
USB3 HD has admin3 account
Each account has a different password.
Now here is the phenomenon of interest…….no matter which disc I boot from, the admin accounts on the other discs are available to read and write. The Standard account permissions forbid this.
So three different accounts with three different passwords can each manipulate the others data, while the Standard account has permissions set to prevent access. Hmmm….
Of course…when I created each admin account it was assigned User ID 501. Does this mean that in Big Sur one can install macOS 11 on a portable disc and have access to any 501 account under Big Sur? Probably not, but I would to hear comments and suggestions for protecting accounts from each other.