@k26123612 ,
Please see other questions related to API permissions:
Thorough Example
In your case, it depends on auth type. For OAuth, you need to restrict the user to just the report suites they can use API on. For JWT, you can create a product profile containing only the report suites needed. Furthermore, if you want the user to manage their own JWT-based integration, you only need to set them as a developer of the product profile and then they can't use Analytics on any other profile.
All the best,
Jacob