User can’t change their own password if I don’t give the user edit permission, but if I give the edit permission, they can change everyone’s password including the admin! That is a security issue we are facing…
Yes, for now users that get edit permission get to change all password. This feature is intended for admins only: to create/edit/delete users.
solved in 2017.1 upgrade… soon.