Traditionally a user can edit it's own row using the session-key and edit other's user data using the Master-Key.
Using the master-key is not an option, as that would be a security risk.
I've tried using ROLES and CLP on the class _Users to give permission to write/read to users that will be considered "admins", but I'm still getting a 206 error "you cannot modify user X"
My question is: Is it possible to edit other user's data without a master-key?
Not directly as far as I am aware. I have had a requirement to achieve something similar, with some users being able to edit other users information.
I achieved this through the use of cloud functions. The idea is to verify the requesting user has permission to modify the user, and once it has been established that the user is an admin, using the master-key is not a security risk, as only authenticated users should get beyond the permission-check.