One use case: with a root token, by default there are no "rules" attached to the token. As such, no secrets are "discovered" even though they exist.

Request is to be able to manually crawl an endpoint to see if the user has access to them.