If you give that user, of the group they are in, permissions to create
objects (along with the other permissions necessary for that, like
OpenExclusive for the database) then they can ... however, giving them
OpenExclusive means just that - they'll lock everyone else out of the
database when they do.
Generally speaking, by the time you deploy your application there should be
no need for user to create tables (expect for temporary tables, and those
are often build on the fly in separate databases) or queries that are
actually saved to the database. Instead, they can build dynamic SQL that
will allow them to interact with the database.
A word of caution: don't give them full access to the data (i.e. allow them
to run delete queries, or update queries without a qualifier) ... doing so
is just begging for that phone call: "Hey, what did you do to my data? All
my customers have the same last name..."