According to API Tokens documentation, User Tokens should be allowed to modify the org. I have a user token created from https://app.terraform.io/app/settings/tokens for the user who is the organization owner for the org i am using. With this user I can modify the org and create org variable sets in HCP Terraform.
I am using curl to check the privileges for this token. When i check curl -H "Authorization: Bearer <user_token>" https://app.terraform.io/api/v2/organizations/<my_org>, I get a successful response.
When I check curl -H "Authorization: Bearer <user_token>" https://app.terraform.io/api/v2/organizations/<my_org>/variable-sets, I get a 404.
When i try to execute a run for a config that uses tfe_variable_set to try creating an org variable set in my org, the apply fails both on runs triggered via UI and via my GitHub Actions pipeline. The error is “Error: Error creating variable set <var_set_name>, for organization: <my_org>: resource not found”
There is a disparity in expectations here. Why can I create variable sets in the UI and navigate the whole org in it using my user, but I cannot see anything but the org details with the user token for my user? Why does my actual privileges not match what is documented? How should I go about resolving this so I can have a token that I can use to create variable sets instead of having to create and manage them manually?