In this use case, permission is granted to access the user record as read-only and view the user's photo. The core information standard fields display but are not editable.
The following are the permissions necessary to create this scenario:
|PERMISSION NAME||PERMISSION DESCRIPTION||CATEGORY|
|Users - Edit Users Photo||Enables administrator to upload a photo for a user via the admin/users screen. This permission only works when used in conjunction with the Users - View permission.||Core Administration|
|Users – View General Information||Grants ability to view the general fields on a user record, including first name, last name, username, assigned OUs, and custom relationships. This permission works in conjunction with the Universal Profile - User Record - View Users permission. This permission can be constrained by OU, User's OU, User's Self, User Self and Subordinates, and User. This is an administrator permission.||Core Administration|
User Record Page
All visible fields on the user record are grayed out and not editable. Thebutton does not display, as the user does not have permission to edit the user's photo. The Modification History is visible to the user.