For example, I don't want this user to :
But Allow this user to:
If I use RBAC, can I have guidance?
you will need to use RBAC for that, after creating a user you will need to create (ROLE or CLUSTER ROLE depends if you want it to apply to a specific namespace or not) and then create (ROLE BINDING or CLUSTER ROLE BINDING) and bind between the user and the role you created. you can find it all here https://kubernetes.io/docs/reference/access-authn-authz/rbac/