Granular permissions for cloudflare tunnels

Presently I’ve set out team as “Administrators” over “All Domains” to allow them to click “Authorize” when running “cloudflared tunnel login”.

However this is far greater access than I’d like.
I’d like a minimum level of permissions required would be for them to be able to run the following commands and only for the my.domain domain.

  1. cloudflared tunnel login
  2. cloudflared tunnel create whatever
  3. cloudflared tunnel route dns whatever.my.domain
  4. cloudflared tunnel run --url=“https://localhost:9999” whatever