what should be the minimal access required to the different kinds of user for Gateway, OAuth, Portal, MySQL, Cassandra, REDIT?
Can you elaborate on your question? The minimal access level would depend on what you actual need the user to do.
The policy manager allows creation of roles for managing users access for PM.
Role-Based Access (RBAC) Guidelines - CA API Gateway - 9.3 - CA Technologies Documentation
For OTK, the user grants defined in the doc would be required for setting up the DB and using the JDBC connection.
Create or Upgrade the OTK Database - CA API Management OAuth Toolkit - 4.2 - CA Technologies Documentation
Portal also allows definition of roles
Roles and Permissions - CA API Developer Portal - 4.2 - CA Technologies Documentation
Functionality by User Role - CA API Developer Portal 3.5 - CA Technologies Documentation
To add to Joe's post that more finer grain controls can we done through security zones as well. Understanding Security Zones - CA API Gateway - 9.3 - CA Technologies Documentation