[cube2222]

Finally.

The fact that so far any token reasonably operating on repositories had to have the full repo scope and, as far as I'm aware, the repo scope allows making public repos private (which resets all traction you've ever got: stars, forks, etc.), or delete them all together, was ridiculous. Now there's a separate "Repository Administration" scope.

Moreover, you had to create purpose-suited GitHub accounts if you wanted to do cross-repo GitHub Actions (like updating a homebrew repo), and grant them access to only that repo, if you didn't want to have that GitHub Action have full access on your level.

So yeah, finally. Time to decommission all these existing tokens. Thanks GitHub!

[insanitybit]

God, "finally" was exactly my response. I can't believe how bad Github's ACLs and permissions are. This is much needed, our PATs are one of our most significant risks so we have jobs to audit them etc but... I just don't want them to be god mode just so that we can have scripts create repositories.

[robertlagrant]

Totally agree. I can't believe it's been so poorly implemented up until now.

[cube2222]

Has somebody already found the access level required to make IntelliJ accept this new kind of token?