Granular level authorization not possible in openai

I wanted to check how others are solving this problem. If I get the api key, I can do anything with any of the models in open ai including fine tuning. How are we putting some controls to restrict. Is building an abstraction layer on top of these APIs the only solution.