Change password via REST not possible for non-administrator / HTTP 403 Forbidden

Hi dear community,
I've built a Live Application that is called "Set your password".

This live application just has two input fields and one button.
The button sends the request to the Bonita API via put.

The payload is generated via Javascript:
var payload = { "password": $data.newPass, "password_confirm": $data.newPassRepeat };

The API is called via:
../API/identity/user/{{ userId.user_id }}

If I use this as an administrator, it works, as a user I get a 403 forbidden error. Why?

How to set taskAssigneeId


I have a table [Users] already populated and I would like to use the users' IDs [UserId] as taskAssigneeIds,

I actually need so because I have to store actions and there respective executors in another table which has a foreign key referencing [Users].[UserId]

All these tables already exist, and I can't afford to alter any of them.