Hey kalafut,
Thanks for this. In this case, the group membership of the original entity remains the same. The issue is that I’m creating a new token explicitly listing the policies I want the token to have, but Vault is still adding extra policies as they’re attached to the entity.
JAmes