diff --git a/ldapSync/tables.go b/ldapSync/tables.go
index e4ab007..06e14ad 100644
--- a/ldapSync/tables.go
+++ b/ldapSync/tables.go
@@ -116,8 +116,8 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
 	form := forms.NewCollectionUpsert(app, collection)
 	form.Name = ldapUsersTableName                          // collection name
 	form.Type = models.CollectionTypeAuth                   // collection type set to auth, otherwise login will not work
-	form.ListRule = types.Pointer("@request.auth.id != ''") // list rule (only authenticated users can list)
-	form.ViewRule = types.Pointer("@request.auth.id != ''") // view rule (only authenticated users can view)
+	form.ListRule = types.Pointer("@request.auth.id != id") // list rule (only user self can list their own data
+	form.ViewRule = types.Pointer("@request.auth.id != id") // view rule (only user self can view their own data)
 	form.CreateRule = nil                                   // create rule (anyone can create)
 	form.UpdateRule = nil                                   // update rule (anyone can update)
 	form.DeleteRule = nil                                   // delete rule (anyone can delete)