No matter how you like to participate in developer communities, Pulumi wants to meet you there. If you want to meet other Pulumi users to share use-cases and best practices, contribute code or documentation, see us at an event, or just tell a story about something cool you did with Pulumi, you are part of our community.

Pulumi Community

am I right that access tokens have all capabilities of a user? so there is currently no way to limit token to certain stacks or restrict whether it can create new stack or not for instance?

If your organization is on a Team or Enterprise plan (or free trial), you’ll see a Teams tab in the Pulumi console that lets you ascribe stack-specific permissions to a team, yes.

But you’re correct in that an access token represents a user; there is not currently a concept of a token having roles or permissions separate from those of the user they belong to.