On top of the ACL way which I feel not fully safe, there could be an account initial backup preferably outside of /root pod for example in .dB/accountsBackup.
The user can have access on the server page to an admin Pod page where with his credentials ( checked against the .dB/users/) he could have access to an API with :
. Rebuild of his lnltial profile card
. Pod delete,
. Edit Pod parameters (pod user name, password, security email, …
. Backup/reload extended profile
. Edit external WebID and associated parameters
The server page is then a Pod admin/creation page.