Ory Identities (Kratos) does not provide a built-in way to make specific fields in the identity's

traits

immutable (i.e., prevent users from updating only certain fields via the settings/profile update flow). By design, all fields in

traits

are user-editable through the settings flow, as traits are intended to be user-managed attributes [Identity metadata & traits](https://www.ory.sh/docs/kratos/manage-identities/managing-users-identities-metadata). If you need to store data that users should not be able to update, the recommended approach is to use the

metadata_public

or

metadata_admin

fields, which are only modifiable via the Admin API and not by the end user [Identity metadata & traits](https://www.ory.sh/docs/kratos/manage-identities/managing-users-identities-metadata). There is a community suggestion to introduce a “reject” action or a built-in hook to block updates to certain fields, but this is not currently available as a feature [Add GUI option to disable settings flow](https://github.com/ory/network/issues/188). In summary: - Traits are always user-editable. - Use metadata fields for system-managed, immutable data. - There is no built-in way to make only specific trait fields read-only for users.