User access tokens update (#913)

* Update security-tokens.md Added line about Org API Tokens being deprecated * Update security-tokens.md * Update docs/hub/security-tokens.md Co-authored-by: Mishig <[email protected]> * Update docs/hub/security-tokens.md --------- Co-authored-by: Omar Sanseviero <[email protected]> Co-authored-by: Mishig <[email protected]>
huggingface · Aug 11, 2023 · 868966a · 868966a
1 parent a4af401
commit 868966a
Showing 1 changed file with 12 additions and 3 deletions.
diff --git a/docs/hub/security-tokens.md b/docs/hub/security-tokens.md
@@ -5,8 +5,8 @@
 User Access Tokens are the preferred way to authenticate an application or notebook to Hugging Face services. You can manage your access tokens in your [settings](https://huggingface.co/settings/tokens).
 
 <div class="flex justify-center">
-<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/access-tokens.png"/>
-<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/access-tokens-dark.png"/>
+<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/User-Access-Token.png"/>
+<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/User-Access-Token-dark.png"/>
 </div>
 
 Access tokens allow applications and notebooks to perform specific actions specified by the scope of the roles shown in the following:
@@ -15,6 +15,15 @@ Access tokens allow applications and notebooks to perform specific actions speci
 
 - `write`: tokens with this role additionally grant write access to the repositories you have write access to. Use this token if you need to create or push content to a repository (e.g., when training a model or modifying a model card).
 
+Note that Organization API Tokens have been deprecated: 
+
+<div class="flex justify-center">
+<img class="block dark:hidden" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/API-token.png"/>
+<img class="hidden dark:block" src="https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/hub/API-token_dark.png"/>
+</div>
+
+If you are a member of an organization with read/write/admin role, then your User Access Tokens will be able to read/write the resources according to the token permission (read/write) and organization membership (read/write/admin).
+
 ## How to manage User Access Tokens?
 
 To create an access token, go to your settings, then click on the [Access Tokens tab](https://huggingface.co/settings/tokens). Click on the **New token** button to create a new User Access Token.
@@ -63,4 +72,4 @@ We recommend you create one access token per app or usage. For instance, you cou
 
  This way, you can invalidate one token without impacting your other usages.
 
-We also recommend only giving the appropriate role to each token you create. If you only need read access (i.e., loading a dataset with the `datasets` library or retrieving the weights of a model), only give your access token the `read` role.
+We also recommend only giving the appropriate role to each token you create. If you only need read access (e.g., loading a dataset with the `datasets` library or retrieving the weights of a model), only give your access token the `read` role.