It would be great to have some kin of mechanism that limits the access tokens to only a certain organization. The use case for this is storing environment specific access secrets in CI tools.
For example, I want to deploy the staging version of my app to orgname-staging organization, while the prod version goes to orgname-prod organization. I use two different tokens for each, but as of today all tokens have full account access.
If it was possible to limit the organizational scope of access of the tokens to just a single organization, then it would be easier to maintain proper access controls to the prod environment. I.e. only devops have access to prod, while both dev+ devops have access to staging.