It is not possible to set up a remote user for client xxx that only has access to client xxx's stuff, right? The only limitation for remote users that I can see is the access limitation to different things (dns, sites, mail etc.). The reason I ask is because of the LE DNS-01 api. I thought it could be useful for others that they can also generate own certs - but only for domains that run under said client.
Yes, the remote api acts as admin, so if you would give a client the paswrd of a remote user then he can take over your server.