Ideally, I as an administrator should be able to create named tokens (that will correspond to the “user” that shows in audit trails) for specific uses. I should be able to grant specific privileges either via roles or some other method to these tokens so that they can only be used where needed and that if they are compromised then someone doesn’t have full access everything. These should be manageable by all admins somewhere in the setup module. Having other “users” that could have tokens would be fine if we could have a new level of user, like API user, that won’t take up a license or be able to login to the GUI, they will only be able to have a web token and a role assigned (that dictates what the API will let them do).
The current setup uses a license per admin account created with a token. If you use your own admin account things will fail when you leave and it marks everything as done by you. It is a poor security model to have all tokens have full access if that isn't needed in the application you use the token in.
