It would be great to have the ability to create access tokens with custom-scoped permissions. Right now, tokens inherit all the permissions of the user who creates them, which can be risky in some situations. Determining specific permissions for each token would make things more secure and flexible.