PRM is used to assign access to the users (adding, removing, adding to groups etc)
However, we need a different team to handle the security provision without having access to any other components in OneStream.
It seems challenging to provide such group/user who can assign access without having Admin role.
Does 6.6 version fix this with the Security updates available in 6.6 or the Provision manager again needs to have the Admin role?
Or are there any APIs we can use to modify the users based on requests.
This is exactly what the "Manage System Security" role is for in 6.6. There is also a BRApi for security management, you can use to do all kinds of things, I've seen them in BRs attached to DM jobs that were started from REST API calls sent from an IT owned system for user management, you could also use a service account to add the DM to a task scheduler job and have it pull updates in from some external source.