...
Note that all access keys have Admin permissions with unrestricted access to the domain.
The goal of assigning a user an access key is simply keeping track of who you gave the credentials to. Bear in mind that the assigned key will have Admin permissions regardless of the role of the assigned user.
If you are looking for more restricted credentials, we recommend using tokens. Tokens are instead user-specific, they are limited to access data and resources to which the assigned user already has permissions. Learn more about tokens in this article.
Access keys and tokens assigned to a deleted user will be reassigned to the domain owner and remain enabled. We recommend disabling them if these credentials are known or accessible by an undesired person.
Access keys and tokens assigned to a disabled user will remain enabled and still assigned to that user.
What permissions do I need?
To enable the Access Keys area to generate new keys or manage existing ones, you need the API Keys permission.
...