diff --git a/datasette/app.py b/datasette/app.py
index 15b4820c..257b9204 100644
--- a/datasette/app.py
+++ b/datasette/app.py
@@ -682,10 +682,10 @@ class Datasette:
 
         def abbreviate_action(action):
             # rename to abbr if possible
-            permission = self.permissions.get(action)
-            if not permission:
+            action_obj = self.actions.get(action)
+            if not action_obj:
                 return action
-            return permission.abbr or action
+            return action_obj.abbr or action
 
         if expires_after:
             token["d"] = expires_after
diff --git a/datasette/templates/create_token.html b/datasette/templates/create_token.html
index 409fb8a9..ad7c71b6 100644
--- a/datasette/templates/create_token.html
+++ b/datasette/templates/create_token.html
@@ -57,7 +57,7 @@
     <summary style="cursor: pointer;">Restrict actions that can be performed using this token</summary>
     <h2>All databases and tables</h2>
     <ul>
-      {% for permission in all_permissions %}
+      {% for permission in all_actions %}
         <li><label><input type="checkbox" name="all:{{ permission }}"> {{ permission }}</label></li>
       {% endfor %}
     </ul>
@@ -65,7 +65,7 @@
     {% for database in database_with_tables %}
       <h2>All tables in "{{ database.name }}"</h2>
       <ul>
-        {% for permission in database_permissions %}
+        {% for permission in database_actions %}
           <li><label><input type="checkbox" name="database:{{ database.encoded }}:{{ permission }}"> {{ permission }}</label></li>
         {% endfor %}
       </ul>
@@ -75,7 +75,7 @@
       {% for table in database.tables %}
         <h3>{{ database.name }}: {{ table.name }}</h3>
         <ul>
-          {% for permission in resource_permissions %}
+          {% for permission in child_actions %}
             <li><label><input type="checkbox" name="resource:{{ database.encoded }}:{{ table.encoded }}:{{ permission }}"> {{ permission }}</label></li>
           {% endfor %}
         </ul>
diff --git a/tests/test_auth.py b/tests/test_auth.py
index b38b92f4..3b3be2fc 100644
--- a/tests/test_auth.py
+++ b/tests/test_auth.py
@@ -137,7 +137,6 @@ async def test_no_logout_button_in_navigation_if_no_ds_actor_cookie(ds_client, p
     )
 
 
-@pytest.mark.xfail(reason="Actor restrictions need additional work, refs #2534")
 @pytest.mark.parametrize(
     "post_data,errors,expected_duration,expected_r",
     (