diff --git a/modules/Users/actions/Save.php b/modules/Users/actions/Save.php
index bbe106565344b8870df76dac3b3a789fbfc1592b..378a09d58eaf8923993576419f9493ce076380fd 100644
--- a/modules/Users/actions/Save.php
+++ b/modules/Users/actions/Save.php
@@ -122,7 +122,13 @@ class Users_Save_Action extends Vtiger_Save_Action {
 			if ($status == true) {
 				throw new AppException(vtranslate('LBL_DUPLICATE_USER_EXISTS', $module));
 			}
+		} else {
+			if ($request->has('user_name') || $request->has('user_password') || $request->has('accesskey') ) {
+				// should use separate actions.
+				throw new AppException(vtranslate('LBL_PERMISSION_DENIED', $module));
+			}
 		}
+
 		$recordModel = $this->saveRecord($request);
 
 		if ($request->get('relationOperation')) {
diff --git a/modules/Users/models/Record.php b/modules/Users/models/Record.php
index ecaf1385fe705f348b2a4ae7426b63bca016f418..06fc11f1d9f6f949b04adb8d509f6fe295f8fee1 100644
--- a/modules/Users/models/Record.php
+++ b/modules/Users/models/Record.php
@@ -882,8 +882,9 @@ class Users_Record_Model extends Vtiger_Record_Model {
 		$response = array('success'=> false,'message' => 'error');
 		$record = self::getInstanceFromPreferenceFile($forUserId);
 		$moduleName = $record->getModuleName();
+		$currentUserModel = static::getCurrentUserModel();
 		
-		if(!Users_Privileges_Model::isPermittedToChangeUsername($forUserId)) {
+		if($currentUserModel->getId() == $forUserId || !Users_Privileges_Model::isPermittedToChangeUsername($forUserId)) {
 			$response['message'] = vtranslate('LBL_PERMISSION_DENIED', $moduleName);
 			return $response;
 		}