Open
Description
Is your feature request related to a problem? Please describe.
Now, api keys are able to be sliced by sandboxes (should be “workspaces” for consistency), images, registries, and volumes.
This is an all-or-nothing separation of resource access.
Instead, keys should be able to be read/write for each resource. This is especially true for browser usage (and may replace #1930 suggestion)
For example, I can have a client-friendly key that is just able to read and start a workspace. But can’t create any. I can imagine the granularity would be useful for other resources too.