That security of the Limited read and write for the User role of the administration module is not to allow the basic user to change their information, I don’t see any value of giving the User the ability to change/ Read if IsLocalUser or not, this basically for the administrator and backend , removing that field from the page should solve your problem, are you shwoing this field in the change password?