A user token gives you all the permissions of the user who issued it. That means you can perform - via Web API - any action the user can do via the UI. If the user is a global admin, that user’s User Token gives you full rights to the instance.
A Project Analysis token gives you only rights to run analysis on the specific project it was generated for.
This is baked into the project onboarding wizards. And you can create one from your profile: [User avatar (top-right)] → My account → Security.
To use it, pass it as the sonar.login value in analysis for the relevant project
Thank you for the reply. So, my understanding is that a token generation of a user is standard for both a User token and a Project analysis token. If global permission is given to that token, then it’s a User token and has full access to do all actions. Whereas, if only Execute Analysis permission is given to that token for a specific project, then the Project analysis token can only analyse the project.