#256469: always disallow editing/deleting uid1 (except when edited by self); removed 'authenticated user' from permissions and checks, since it's implicit