Grafana Cloud has introduced Cloud Access Policies to address the limitations of the previously used API keys, which provided only coarse-grained access controls through roles like Viewer, Editor, and Admin. The new Cloud Access Policies offer enhanced security and flexibility by allowing users to define explicit fine-grained scopes, such as metrics:read and logs:write, and realms that specify access permissions for specific Grafana Cloud organizations or stacks. This system reduces the risk of unauthorized access and supports the principle of least privilege while simplifying the management of user permissions. Additional features include filtering by labels for more refined access control, the ability to create multiple tokens per access policy, and custom token expiration options. These improvements aim to replace API keys entirely, offering better security and usability for Grafana Cloud users.