Hello,
The permission that allows users to change their picture is granted by the builtin User Self-Service Security Role. By default, the Role grants the Allow Write Personal Information permission, which includes writing the Picture property.
The easiest way to disallow users to change their pictures would be to change the permissions granted by the User Self-Service Role. For example, you can add the Deny Write 'Picture' property permission to the Role. Since Deny permissions always override Allow permissions, users will no longer be able to write the Picture property of their own accounts, that is, they will not be able to change their pictures. To accomplish the task:
- Launch Adaxes Administration Console.
- Expand the service node that represents your service.
- Navigate to Configuration \ Security Roles \ Builtin
- Locate and select the User Self-Service Security Role.
- In the Result Pane (located to the right), click the Add button at the top of the Permissions section.
- In the dialog that appears, select the User object type.
- In the Property-specific permissions section, check the Write 'Picture' property permission in the Deny column.
- Click OK and save the Security Role.