Userpass password change from UI

I am using the following template policy to allow each user to change their userpass password.
Each user is able to change the password using VAULT HTTP API but from UI each user is unable to change his password.Do i need to modify the following policy to get this done.
Can any one please help me on this.

#Template policy to allow user to update his own password
path “auth/userpass/users/{{identity.entity.aliases.auth_accessor.name}}/password” {
capabilities = [ “update” ],
allowed_parameters = {
“password” =
}
}

You don’t need the /password at the end of your path. That’s what is breaking your policy.

$ vault policy read g-userpass-password
path "auth/userpass/users/{{identity.entity.aliases.auth_userpass_2cd6891d.name}}" {
  capabilities = [ "update" ]
  allowed_parameters = {
    "password" = []
  }
}

Even after removing it is not allowing me to change the password from UI. I am only able to change the password using Vault HTTP API.

Must be missing your policy. That policy works, running 1.8.4 now and has been working since 1.6.1.

I am using vault version 1.8.2. It is not allowing me to change the password from UI after logging in with my userpass creds. I am only able to change the password using Vault HTTP API.

The following policies allow me to update the password from UI

path "sys/auth" {
  capabilities = ["read"]
}
path "auth/userpass/users/*" {
  capabilities = ["list"]
}
path "auth/userpass/users/testapp" {
  capabilities = ["read", "update"]
}

@9whirls The policy you provided works. but, the user will be able to assign any policy to his/her own account which is not good.

when using “allowed_parameters”, API requests are working but requests from UI are failing. This is because in API requests we only send the data that is required to be updated, in this case we only send “password”. but, In case of UI, for every password update request it sends all the parameters in the API which is causing the issue.