Update users on keycloak returns 403 without realm-management roles

The keycloak REST API for updating users returns 403. I generated a token for user X using client credentials. Now for user X I would like to update some property. Intuitively a user should be allowed to update themselves but without the realm-management role of manage-users this returns 403. Now the issue with manage-users is that it is a very broad role and gives a lot of extra permissions to the user like deleting other users. I just want a user X to be able to update themselves how can I drive this through keycloak?