If user does not have necessary privileges, hide the 'Edit user' links ("Action" column) in the "Users overview" page.
The user can access the privileges page with only the basic set of editing options is "change password". The minimum requirement to change the user's password is be able to have access on the user table. I don't see any point in hiding the action column because the user can not access privileges page unless he can actually change any privilege from the entire set.
I would also suggest that we hide actions that the user doesn't have access to. Which I am going to attempt to implement now.
I just tested with the upcoming 4.2 release (http://demo.phpmyadmin.net/master) and do not see the User tab in this case; I still see "Change Password" on the main page. So this looks fixed to me.