The entries in the Directory can be limited to those created by the logged-in user, with this setting:
__ Display entries only the the creator of the entry (users will not see other people's entries). (limituser)
When he views a Single Entry, the url can easily be changed so he can view an entry created by another user. And if Editing is enabled, he can EDIT the entry of another user!
URL when viewing a legit single entry (one created by this user)
But he can easily change that url to
and see the entry whether he created it or not.
And if the EDIT url var is there too
he can edit the entry.