Presently I’ve set out team as “Administrators” over “All Domains” to allow them to click “Authorize” when running “cloudflared tunnel login”.
However this is far greater access than I’d like.
I’d like a minimum level of permissions required would be for them to be able to run the following commands and only for the
cloudflared tunnel login
cloudflared tunnel create whatever
cloudflared tunnel route dns whatever.my.domain
cloudflared tunnel run --url=“https://localhost:9999” whatever