If you use an Access Token with Person Bearer, it is no longer possible to perform every action for security reasons. If the bearer is a normal member of an organization (not an admin) then it is no longer possible:

- POST /machines​/{machine_id}​/machine_ownership
- POST /sites
- PATCH /sites/{site_id}

If these requests now fail a 403 Forbidden is returned. Every other endpoint works as before. If an admin is the bearer, there is no change.