@rambo1 

since it's an OOB ACL I won't recommend updating that.

If you update then it will impact other tables as well since the OOB ACL might be used by other tables as well

Cart API is an OOB API. I don't think you can restrict that

1 thing you can do is validate using before insert BR on REQ AND RITM table and see if REQ and RITM is getting submitted by correct role user if it comes from API

If my response helped please mark it correct and close the thread so that it benefits future readers.