I need users to have the upload_files capability to allow them to add images to their bio. As soon as a user gets this capability he/she is able to change the User Photo settings within the dashboard. Not good.
The users only have read and upload_files capabilities. A subsciber role with added upload_files.
Is there a way to prevent the users from accessing the User Photo settings?