Associating policy with node identity token loses its initial permissions

I use node-identity tokens to more easily let consul nodes join the cluster.

I’ve tried associating such a node-identity token with a new policy (that allow registering a praticular service), but what it did was to remove the permissions that come with node-identity tokens (such as node:write) and exclusively added the permissions in the policy I’ve associated it with.

onsul acl token update -accessor-id 768bf4fc-9503-c206-c36b-b0e00db7158b -policy-name prom_sv_write

Using -append-policy-name instead of -policy-name didn’t make a difference.

How can I use node-identity tokens with additional policies?

I was able to make it work by also specifying -node-identity NODE:DATACENTER.