You can currently limit customers to:
1. "View, search, and export product keys"
2. "Edit product keys (total activations, field data, tags, etc.)"
3. "Create new product keys"
4. "Revoke, delete, deactivate, and manually activate"
Where when you go a layer down you need all the permissions "up". For example to "create new product keys" you also need permission to "view" and "edit" product keys. All of these permissions are on the user management page.
So we can't give a customer permission to "deactivate" keys without also giving them permission to "view" keys. (Or else how would they deactivate a key they don't have permission to view?)
We can split off the "Revoke / delete / deactivate" permissions into separate permissions. Would that work for you?