Personal Access Token and Scope - it's either all or nothing

Can’t set the scope to only read / write. So I don’t want delete to be part of the scope.

Isn’t it a data security problem if the scope allows the retrieve records and delete them too?

Whether or not someone or something can create or delete records is a property of that table’s schema. Airtable hase defined it at the step above PAT: the user/service account itself.

Until or unless Airtable updates their PAT scope levels to include separate scopes for creation and deletion, you’ll have to modify the table’s permission settings.

1 Like