Use case:
User A needs to have access to create /update users from OIM UI ( this is granted through Admin role)
But same user should not be able to call OIM APIs as OIM UI has more restrictions/validation to show limited fields and populate certain loookups and OIM API calls also enable more access to user (this user can be used as batch user to create any number of users) which needs restriction
Please let me know if someone has came across such requirement