07/22/2019, 11:38 AM
am I right that access tokens have all capabilities of a user? so there is currently no way to limit token to certain stacks or restrict whether it can create new stack or not for instance?


07/22/2019, 3:29 PM
If your organization is on a Team or Enterprise plan (or free trial), you’ll see a Teams tab in the Pulumi console that lets you ascribe stack-specific permissions to a team, yes.
But you’re correct in that an access token represents a user; there is not currently a concept of a token having roles or permissions separate from those of the user they belong to.