Rest api methods can be controlled by access rights at the level of Read and Write permissions.
In the case of Trigger, more actions are covered, View, Add/Edit, Delta and Execute. If the user does not have the right to Execute, no trigger will be able to be executed.
Permissions at the Person level define the possibility of viewing the login history and login details of an individual user, as well as the possibility of modifying group/organization membership.