aam_change_own_password

This capability is managed by the Additional Caps service that is enabled by default in the free AAM version. You can enable or disable this service on the AAM "Settings" page under the Services tab.

The aam_change_own_password is a custom capability that you create manually. Upon creation, all users and roles that do not have this capability explicitly granted will not be able to change their own password on the Profile page.

The capability is deeply integrated with the WordPress core functionality and leverages the show_password_fieldsopen in new window filter to hide password fields on the Edit Profile page.

In addition, it uses the WordPress core check_passwordsopen in new window action to wipe incoming credentials if the user tries to bypass HTML form or leverage RESTful API.