diff --git a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
index cfcabe57801..4637eb01ea6 100755
--- a/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
+++ b/services/src/main/java/org/keycloak/services/resources/admin/UserResource.java
@@ -892,7 +892,7 @@ public class UserResource {
         @APIResponse(responseCode = "404", description = "Not Found")
     })
     public void setCredentialUserLabel(final @PathParam("credentialId") String credentialId, String userLabel) {
-        auth.users().requireManage(user);
+        auth.users().requireResetPassword(user);
         CredentialModel credential = user.credentialManager().getStoredCredentialById(credentialId);
         if (credential == null) {
             // we do this to make sure somebody can't phish ids
@@ -1324,4 +1324,4 @@ public class UserResource {
             this.lifespan = lifespan;
         }
     }
-}
\ No newline at end of file
+}
diff --git a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java
index c77644f06c0..d871caa939c 100644
--- a/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java
+++ b/tests/base/src/test/java/org/keycloak/tests/admin/authz/fgap/UserResourceTypeEvaluationTest.java
@@ -18,6 +18,7 @@
 package org.keycloak.tests.admin.authz.fgap;
 
 import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.hasSize;
 import static org.hamcrest.Matchers.instanceOf;
 import static org.hamcrest.Matchers.notNullValue;
 import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -474,6 +475,11 @@ public class UserResourceTypeEvaluationTest extends AbstractPermissionTest {
         createPermission(client, userAlice.admin().toRepresentation().getId(), usersType, Set.of(VIEW), allowMyAdminPermission);
 
         users.get(search.get(0).getId()).resetPassword(credential);
+
+        // set credential label - admin UI sets the label upon resetting the password
+        List<CredentialRepresentation> credentials = users.get(search.get(0).getId()).credentials();
+        assertThat(credentials, hasSize(1));
+        users.get(search.get(0).getId()).setCredentialUserLabel(credentials.get(0).getId(), "User Label");
     }
 
     @Test