You can create tokens with the UI, API, and CLI (coder token). When using Coder in automation, some enterprises may wish to create tokens with a reduced scope. These use cases have been suggested and should be addressed in this issue:

• Token to only fetch audit logs
• Token to only create/push templates (not change permissions)
• Token to only create/update users
• Token to only read users
• Token to only read workspaces
• Token to only push workspace logs (or update workspaces the user owns)
• Token to only read DAUs and other deployment stats.

Github's read/write permissions model makes sense to me, it doesn't seem like we need anything too complex, but also open to other ideas if it's trivial with our RBAC.

Nice to have

• Token to send stats / push / update specific workspaces and templates