Access right for ServiceUer to Change users password

I created a forget Password service for the user to reset his/her own password by sending a link to his email and providing a reset password page.

Inside this service I use:

session = resolver.adaptTo(Session.class);

UserManager userMgr = resolver.adaptTo(UserManager.class);
Authorizable a = userMgr.getAuthorizable(userid, User.class);
User user = (User)userMgr.getAuthorizable(userid, User.class);

user.changePassword(newPassword);

session.save()

The resolver here is a resourceResolver for a serviceUser Account  "userManager" and I have granted access to '/home' read/modify/create,Read ACL,Edit ACL but I still receive "javax.jcr.AccessDeniedException: OakAccess0000: Access denied " when I run "session.save()"

Anything I am missing here?