By default all user has access to command “su”. This command allows login to other user from current shell. Of course they should know target user password. The problem is you cannot have control/log of users once they switched successfully. What happens if the user by chance able to switch as root?
Desired secure method to switch across user is restrict “su” command. Enforce them to use “sudo” instead.