We’ve been working on that. Specifically being able to scope the permissions of tokens.
For instance, creating a metrics:read scoped token for Grafana or a logs:read for accessing and forwarding logs.
Not sure when it’ll happen exactly, but this is on the roadmap!