export-login --acls are not documented

You should be able to find the information you need here:
https://dashboard.snapcraft.io/docs/api/macaroon.html

Though we should probably incorporate that into the help menu, or snapcraft docs?

`package_upload` appears to be too excessive for my CI job. `package_push` looks too restricted - does it mean that pushed package will not appear in any channels at all if I didn't allow `package_release`?

If I upload snap with new description field in snapcraft.yaml with `package_push`, but without `package_update` - will the description update in snapstore / snap info?

Sorry, I missed the last post.

I agree with your sentiment, package_upload is perhaps too much for CI.

If simply pushing to the store, package_push is sufficient if the idea is to manually promote a revision to a channel at a later date. If you want to release to a channel (e.g. edge), then package_release is required and ideally be restricted to a channel.

For my CI tokens, I do something like:
```
snapcraft export-login --snaps=<snap-name> --channels=edge --acls=package_push,package_release -
```

`package_access` may also be useful in some cases as well.

Although it would not have been my guess, releasing a snap appears to update the snap's metadata automatically, even if the credentials does not include `package_update`.

https://dashboard.snapcraft.io/docs/api/macaroon.html is a dead link now

https://snapcraft.io/docs/snapcraft-authentication is a new link, but there is still no docs on ACLs neither in cmdline, nor in the web page.

Best details so far are at https://dashboard.snapcraft.io/docs/reference/v1/macaroon.html#request-a-macaroon but you have to already know what to look for in order to find that page