diff --git a/jupyterhub/roles.py b/jupyterhub/roles.py
index e6b864c1..a53e5a53 100644
--- a/jupyterhub/roles.py
+++ b/jupyterhub/roles.py
@@ -52,7 +52,7 @@ def get_default_roles():
             'description': 'Post activity only',
             'scopes': [
                 'users:activity!user',
-                'access:servers!user',
+                'access:servers!server',
             ],
         },
         {
diff --git a/jupyterhub/tests/test_roles.py b/jupyterhub/tests/test_roles.py
index cec5c0df..7bd90d63 100644
--- a/jupyterhub/tests/test_roles.py
+++ b/jupyterhub/tests/test_roles.py
@@ -848,8 +848,12 @@ async def test_server_token_role(app):
     orm_server_token = orm.APIToken.find(app.db, server_token)
     assert orm_server_token
 
-    server_role = orm.Role.find(app.db, 'server')
-    assert set(server_role.scopes) == set(orm_server_token.scopes)
+    # resolve `!server` filter in server role
+    server_role_scopes = {
+        s.replace("!server", f"!server={user.name}/")
+        for s in orm.Role.find(app.db, "server").scopes
+    }
+    assert set(orm_server_token.scopes) == server_role_scopes
 
     assert orm_server_token.user.name == user.name
     assert user.api_tokens == [orm_server_token]
diff --git a/jupyterhub/tests/test_spawner.py b/jupyterhub/tests/test_spawner.py
index 950a50b6..8245a0a8 100644
--- a/jupyterhub/tests/test_spawner.py
+++ b/jupyterhub/tests/test_spawner.py
@@ -336,7 +336,12 @@ async def test_spawner_insert_api_token(app):
     assert found
     assert found.user.name == user.name
     assert user.api_tokens == [found]
-    assert set(found.scopes) == set(orm.Role.find(app.db, "server").scopes)
+    # resolve `!server` filter in server role
+    server_role_scopes = {
+        s.replace("!server", f"!server={user.name}/")
+        for s in orm.Role.find(app.db, "server").scopes
+    }
+    assert set(found.scopes) == server_role_scopes
     await user.stop()
 
 
@@ -366,7 +371,7 @@ async def test_spawner_bad_api_token(app):
     "have_scopes, request_scopes, expected_scopes",
     [
         (["self"], ["inherit"], ["inherit"]),
-        (["self"], [], ["access:servers!user", "users:activity!user"]),
+        (["self"], [], ["access:servers!server=USER/", "users:activity!user"]),
         (
             ["self"],
             ["admin:groups", "users:activity!server"],