You can limit the update of user inside beforeUpdate lifecycle, by checking current role and the dynamic zone, if these are different then do not update user and throw an error.
You can limit the update of user inside beforeUpdate lifecycle, by checking current role and the dynamic zone, if these are different then do not update user and throw an error.