Users own and manage their application credentials.
Organization administrators and organization users can use application credentials only to access and manage buckets that they own.
Application credentials add constraints to the bucket access. With an application credential, an API client cannot create buckets or delete existing buckets. If you specify bucket names during the creation of application credentials, you only allow accessing and managing the specified bucket.