Am I mistaken or is there no way to give a role read/write privileges in regards to the built-in Tokens collection through the web interface?
tokens are going to be under Schemas in the dashboard, and I believe are the same as keys for the purposes of roles and permissions.