[mooreds]

That's cool. FusionAuth has a self service function: https://fusionauth.io/docs/v1/tech/account-management/ but it is limited to user profile data, rather than roles and permissions.

How do you prevent a user from assigning themselves roles they shouldn't? Is there some kind of cage preventing escalation?

[akajla]

The self-service dashboard is scoped only to privileged users (typically account/tenant-specific admins like IT admins) that have a specific permission.