Permissions at cluster or node level ?

In the API-viewer you can see the permissions for the different options, and some of them do require a certain permission for a certain node.
If you set the permissions without recursiveness (or low enough in the tree) you can set it to specific nodes / storages / etc.

For example:
https://pve.proxmox.com/pve-docs/api-viewer/index.html#/nodes/{node}/apt/repositories
Check: ["perm","/nodes/{node}",["Sys.Audit"]]
In other words: To get the status of the repository, you need audit-rights to that specific node