You need *SECADM in order to perform the function of changing any passwords other than your own. You also need at least object management (*OBJMGT) and use (*USE) authority to whatever profiles are to be changed.
The authorities can be adopted by running an adopted-authority program.
You cant Reset the Password without having *SECADM authority.
But, User can be able to change the password by using CHGPWD command.