Access Token vs actAs/readAs command arguments (java bindings)

You must explicitly say what parties are you acting or reading on behalf of. The token is essentially taken as opaque and passed as is to the Ledger API server that will validate the provided claims against the token, meaning that each set of provided parties must be a subset of the ones listed in the token. This allows to use tokens associated with a variety of claims but issue commands and read transactions only with the party (or parties) that are relevant for your application.