deSEC currently does not support sharing domains across multiple user accounts.
While that is the case, it is best practice to not share any credentials or tokens. So I’d say c) is the winner.
In your scenario, you would want to bind each admin’s token to the set of domains that should be read/write-accessible for that admin. This functionality is currently not available, but I’ll start working on it next week, so it should be available soon.
It’s true that option c) only works for API access. The GUI is meant to provide a basic interface for people who need basic functionality and is really “just another API client”. We welcome additional functionalities to the GUI via pull requests, and also appreciate other API clients emerging.