First, the user you impersonate will have an Access Type.
On the Administration tab, under Security and Role Management, Access Types, view that Access Type
On tab 3. Roles of the Access Type you will see "REST Web Service API Role".
On the Administration tab, under Security and Role Management, Role Management, Role List, view that Role.
On tab 1. Additional Information, sub-tab 2. Function Access, modify the Function Access you want for that Role.