Fine grained permissions for organization tokens

[o-l-a-v]

This feature request exists for users, but not for organization tokens:

• https://github.com/pulumi/pulumi-cloud-requests/issues/122

Currently, organization tokens are either "member" or "admin":

• https://www.pulumi.com/docs/pulumi-cloud/access-management/access-tokens/#organization-access-tokens
• https://github.com/pulumi/pulumi-cloud-requests/issues/242

If one were to use an organization token for fetching audit logs using the audit log API:

• About audit logs: https://www.pulumi.com/docs/pulumi-cloud/audit-logs/#exporting-audit-logs-using-the-api
• About API: https://www.pulumi.com/docs/pulumi-cloud/cloud-rest-api/#audit-logs

One would have to add admin permissions to the token:

• https://github.com/pulumi/pulumi-cloud-requests/issues/135

This does not follow the concept of least privelege.

Affected feature

Please implement the ability to give granular / fine grained permissions to org tokens, like only having the ability to read/get audit logs.

Examples:

• Cloudflare: https://developers.cloudflare.com/fundamentals/api/reference/permissions/