diff --git a/application/src/main/java/org/thingsboard/server/controller/UserController.java b/application/src/main/java/org/thingsboard/server/controller/UserController.java
index a2b3a6d6bc..86e4456638 100644
--- a/application/src/main/java/org/thingsboard/server/controller/UserController.java
+++ b/application/src/main/java/org/thingsboard/server/controller/UserController.java
@@ -182,7 +182,7 @@ public class UserController extends BaseController {
             @RequestBody User user,
             @ApiParam(value = "Send activation email (or use activation link)", defaultValue = "true")
             @RequestParam(required = false, defaultValue = "true") boolean sendActivationMail, HttpServletRequest request) throws ThingsboardException {
-        if (Authority.TENANT_ADMIN.equals(getCurrentUser().getAuthority())) {
+        if (!Authority.SYS_ADMIN.equals(getCurrentUser().getAuthority())) {
             user.setTenantId(getCurrentUser().getTenantId());
         }
         checkEntity(user.getId(), user, Resource.USER);
diff --git a/dao/src/main/java/org/thingsboard/server/dao/service/validator/UserDataValidator.java b/dao/src/main/java/org/thingsboard/server/dao/service/validator/UserDataValidator.java
index 4df37ddc00..5a26990fcd 100644
--- a/dao/src/main/java/org/thingsboard/server/dao/service/validator/UserDataValidator.java
+++ b/dao/src/main/java/org/thingsboard/server/dao/service/validator/UserDataValidator.java
@@ -19,6 +19,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
 import org.springframework.stereotype.Component;
 import org.thingsboard.server.common.data.Customer;
+import org.thingsboard.server.common.data.Device;
 import org.thingsboard.server.common.data.EntityType;
 import org.thingsboard.server.common.data.StringUtils;
 import org.thingsboard.server.common.data.User;
@@ -66,6 +67,24 @@ public class UserDataValidator extends DataValidator<User> {
         }
     }
 
+    @Override
+    protected User validateUpdate(TenantId tenantId, User user) {
+        User old = userDao.findById(user.getTenantId(), user.getId().getId());
+        if (old == null) {
+            throw new DataValidationException("Can't update non existing user!");
+        }
+        if (!old.getTenantId().equals(user.getTenantId())) {
+            throw new DataValidationException("Can't update user tenant id!");
+        }
+        if (!old.getAuthority().equals(user.getAuthority())) {
+            throw new DataValidationException("Can't update user authority!");
+        }
+        if (!old.getCustomerId().equals(user.getCustomerId())) {
+            throw new DataValidationException("Can't update user customer id!");
+        }
+        return old;
+    }
+
     @Override
     protected void validateDataImpl(TenantId requestTenantId, User user) {
         if (StringUtils.isEmpty(user.getEmail())) {