How do I restrict access to the Cherwell API/Web Service to non-Admin Users?

How do I restrict access to the Cherwell API/Web Service to non-Admin Users?

I want to ensure that Users aren't attempting to go around our admins to create/update business objects like Incident. We are on CSM version 9.1.1.

Thanks