we are currently using two management accounts, one with full access (role:admin) and one with less access (role:maintainer).
The maintainer role has following rights/claims set:
account:read, user:write, user:read, trialPolicy:write, trialPolicy:read, trialActivation:write, trialActivation:read, tag:write, tag:read, role:read, release:write, release:read, product:write, product:read, personalAccessToken:write, licensePolicy:write, licensePolicy:read, license:write, license:read, invoice:read, eventLog:read, analytics:read, activation:read, account:write, webhook:read, webhook:write
With the maintainer account I’m not able to generate a personal access token, it always fails with “scope ‘xxx’ is not allowed”, where xxx stands for the first ticked scope in the list.
Is it possible that only admin accounts are allowed to create tokens?