Allow user to revoke own leases

Vault
1

What kind of policy is needed for a user to revoke own dynamic secret (database user/pass) leases?
I can’t figure out from documentation if a user can revoke without the sudo capability