This idea has been merged into another idea. To comment or vote on this idea, please visit DO-I-320 Spaces: custom API key permissions.
On AWS, you can restrict an Access Key / Secret Key to certain S3 bucket(s). This way, your app A can hack bucket X, and your app B can have bucket Y, but if A gets compromised, It won't be able to delete files from Y.
It is way too complicated on AWS, but very powerful.
Being able, on Digital Ocean, to check "all Spaces" or "Space A" or "Space A + Space B" for a given Spaces access key would be great. Like selecting "all repos" or "repo A" on Github !