The exception is being raised by a password verification function, assigned to the user via a profile.
You can see the profile name and the function being applied by querying:
select du.profile, dp.limit
from dba_users du
join dba_profiles dp on dp.profile = du.profile
where du.username = '<YOUR_USER>'
and dp.resource_name = 'PASSWORD_VERIFY_FUNCTION';
You can then see what the function is actually doing by looking at its source, using the name identified in the previous query:
select text
from dba_source
where owner = 'SYS'
and name = '<FUNCTION_NAME>'
order by line;
From there you can see when and why it’s happening, by looking for a line like:
raise_application_error(-20002, 'YOU ARE NOT ALLOWED TO CHANGE THE PASSWORD FOR CRITICAL SCHEMAS');
and seeing what logic leads to it being raised.
You’ll need to decide whether that rule is (still) appropriate for that user – clearly it’s there for a reason so don’t remove it or change the user’s profile without really understanding it, and discussing with the DBA and/or application owner etc. – basically anyone with an interest in that user account.
