Index: src/wp-admin/custom-background.php
===================================================================
--- src/wp-admin/custom-background.php	(revision 32912)
+++ src/wp-admin/custom-background.php	(working copy)
@@ -259,6 +259,7 @@
 </tr>
 <?php endif; ?>
 
+<?php if ( current_user_can( 'upload_files' ) ): ?>
 <tr>
 <th scope="row"><?php _e('Select Image'); ?></th>
 <td><form enctype="multipart/form-data" id="upload-form" class="wp-upload-form" method="post">
@@ -278,6 +279,7 @@
 	</form>
 </td>
 </tr>
+<?php endif; ?>
 </tbody>
 </table>
 
Index: src/wp-admin/custom-header.php
===================================================================
--- src/wp-admin/custom-header.php	(revision 32912)
+++ src/wp-admin/custom-header.php	(working copy)
@@ -509,7 +509,7 @@
 </tr>
 <?php endif; ?>
 
-<?php if ( current_theme_supports( 'custom-header', 'uploads' ) ) : ?>
+<?php if ( current_user_can( 'upload_files' ) && current_theme_supports( 'custom-header', 'uploads' ) ) : ?>
 <tr>
 <th scope="row"><?php _e( 'Select Image' ); ?></th>
 <td>
Index: src/wp-includes/class-wp-customize-control.php
===================================================================
--- src/wp-includes/class-wp-customize-control.php	(revision 32912)
+++ src/wp-includes/class-wp-customize-control.php	(working copy)
@@ -721,6 +721,7 @@
 		$this->json['label'] = html_entity_decode( $this->label, ENT_QUOTES, get_bloginfo( 'charset' ) );
 		$this->json['mime_type'] = $this->mime_type;
 		$this->json['button_labels'] = $this->button_labels;
+		$this->json['canUpload'] = current_user_can( 'upload_files' );
 
 		$value = $this->value();
 
@@ -823,9 +824,11 @@
 				</div>
 			</div>
 			<div class="actions">
+				<# if ( data.canUpload ) { #>
 				<button type="button" class="button remove-button"><?php echo $this->button_labels['remove']; ?></button>
 				<button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['change']; ?></button>
 				<div style="clear:both"></div>
+				<# } #>
 			</div>
 		<# } else { #>
 			<div class="current">
@@ -843,7 +846,9 @@
 				<# if ( data.defaultAttachment ) { #>
 					<button type="button" class="button default-button"><?php echo $this->button_labels['default']; ?></button>
 				<# } #>
+				<# if ( data.canUpload ) { #>
 				<button type="button" class="button upload-button" id="{{ data.settings['default'] }}-button"><?php echo $this->button_labels['select']; ?></button>
+				<# } #>
 				<div style="clear:both"></div>
 			</div>
 		<# } #>
@@ -1158,8 +1163,6 @@
 		$width = absint( get_theme_support( 'custom-header', 'width' ) );
 		$height = absint( get_theme_support( 'custom-header', 'height' ) );
 		?>
-
-
 		<div class="customize-control-content">
 			<p class="customizer-section-intro">
 				<?php
@@ -1180,11 +1183,13 @@
 				</div>
 			</div>
 			<div class="actions">
+				<?php if ( current_user_can( 'upload_files' ) ): ?>
 				<?php /* translators: Hide as in hide header image via the Customizer */ ?>
 				<button type="button"<?php echo $visibility ?> class="button remove"><?php _ex( 'Hide image', 'custom header' ); ?></button>
 				<?php /* translators: New as in add new header image via the Customizer */ ?>
 				<button type="button" class="button new"><?php _ex( 'Add new image', 'header image' ); ?></button>
 				<div style="clear:both"></div>
+				<?php endif; ?>
 			</div>
 			<div class="choices">
 				<span class="customize-control-title header-previously-uploaded">