It would be great if we had the ability as a System Admin to control what a user can edit in their user profile. The major use case would be stopping a user from editing their email address to a personal one without permission. This would cause control issues. Namely, as a prelude to this, if SSO is set up, if should by default stop a user from changing their email as this should be tied to SSO.