Previously access tokens always have same permission as user, which is not convenient. With 10.7, permissions of access tokens can be customized to authorize desired projects with desired roles, as long as the projects themselves can be managed by the account.