diff --git a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/directory/DirectoryEntryServlet.java b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/directory/DirectoryEntryServlet.java
index 1128dd454d1e53a9485c5c54d15301f2aef894cd..4539f540af2c797648b1e707d8971cb9e343f248 100644
--- a/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/directory/DirectoryEntryServlet.java
+++ b/jams-server/src/main/java/net/jami/jams/server/servlets/api/admin/directory/DirectoryEntryServlet.java
@@ -38,6 +38,7 @@ import net.jami.jams.common.authmodule.AuthModuleKey;
 import net.jami.jams.common.dao.StatementElement;
 import net.jami.jams.common.dao.StatementList;
 import net.jami.jams.common.objects.user.AccessLevel;
+import net.jami.jams.common.objects.user.User;
 import net.jami.jams.common.objects.user.UserProfile;
 import org.json.JSONObject;
 
@@ -86,7 +87,6 @@ public class DirectoryEntryServlet extends HttpServlet {
     }
 
     @Override
-    @ScopedServletMethod(securityGroups = {AccessLevel.ADMIN})
     protected void doPut(HttpServletRequest req, HttpServletResponse resp) throws IOException, SecurityException {
         //Update a user's profile.
         //Check if he is AD/LDAP - then return a 500, because we can't update those profile datas.
@@ -94,14 +94,27 @@ public class DirectoryEntryServlet extends HttpServlet {
         StatementList select = new StatementList();
         StatementElement st = new StatementElement("username", "=", userProfile.getUsername(), "");
         select.addStatement(st);
-        if (dataStore.getUserDao().getObjects(select).get(0).getUserType() != AuthenticationSourceType.LOCAL) {
-            resp.sendError(500, "The user is not a local user, therefore we cannot change his data!");
+
+        User targetUser = dataStore.getUserDao().getObjects(select).get(0);
+        select = new StatementList();
+        st = new StatementElement("username", "=", req.getAttribute("username").toString(), "");
+        select.addStatement(st);
+
+        User callingUser = dataStore.getUserDao().getObjects(select).get(0);
+
+        if (targetUser.getUserType() != AuthenticationSourceType.LOCAL) {
+            resp.sendError(403, "The user is not a local user, therefore we cannot change his data!");
             return;
         }
-        if (dataStore.updateUserProfile(userProfile)) {
-            resp.setStatus(200);
+
+        if (callingUser.getAccessLevel() == AccessLevel.ADMIN || (callingUser.getAccessLevel() == AccessLevel.USER && callingUser.getUsername().equals(targetUser.getUsername()))) {
+            if (dataStore.updateUserProfile(userProfile))
+                resp.setStatus(200);
+            else
+                resp.sendError(404, "Could not update the users's profile information");
         } else {
-            resp.sendError(500, "could not update the users's profile information");
+            resp.sendError(403, "The user is either not an admin account or is attempting to edit a profile that is not his own!");
+            return;
         }
     }