If someone has access to the AWS console, should it be right for them to also have access to the AWS API? What would be a suitable use-case for them to be granted access to one but not the other?

Note that this is about human users, not services. It makes sense for services to only have API access. I’m wondering more about human users not having API access (or at least an easy way to get API access).