diff --git a/gen/restapi/embedded_spec.go b/gen/restapi/embedded_spec.go
index c930b7a..2753ab2 100644
--- a/gen/restapi/embedded_spec.go
+++ b/gen/restapi/embedded_spec.go
@@ -95,6 +95,13 @@ func init() {
             "name": "X-Bearer-Lifetime",
             "in": "header"
           },
+          {
+            "type": "boolean",
+            "default": false,
+            "description": "Form token for all users or only for this gate.",
+            "name": "X-Bearer-For-All-Users",
+            "in": "header"
+          },
           {
             "description": "Bearer tokens to form.",
             "name": "tokens",
@@ -1689,6 +1696,13 @@ func init() {
             "name": "X-Bearer-Lifetime",
             "in": "header"
           },
+          {
+            "type": "boolean",
+            "default": false,
+            "description": "Form token for all users or only for this gate.",
+            "name": "X-Bearer-For-All-Users",
+            "in": "header"
+          },
           {
             "description": "Bearer tokens to form.",
             "name": "tokens",
diff --git a/gen/restapi/operations/auth_parameters.go b/gen/restapi/operations/auth_parameters.go
index 9bdf03f..08dac73 100644
--- a/gen/restapi/operations/auth_parameters.go
+++ b/gen/restapi/operations/auth_parameters.go
@@ -26,10 +26,13 @@ func NewAuthParams() AuthParams {
 	var (
 		// initialize parameters with default values
 
-		xBearerLifetimeDefault = int64(100)
+		xBearerForAllUsersDefault = bool(false)
+		xBearerLifetimeDefault    = int64(100)
 	)
 
 	return AuthParams{
+		XBearerForAllUsers: &xBearerForAllUsersDefault,
+
 		XBearerLifetime: &xBearerLifetimeDefault,
 	}
 }
@@ -43,6 +46,11 @@ type AuthParams struct {
 	// HTTP Request Object
 	HTTPRequest *http.Request `json:"-"`
 
+	/*Form token for all users or only for this gate.
+	  In: header
+	  Default: false
+	*/
+	XBearerForAllUsers *bool
 	/*Token lifetime in epoch.
 	  In: header
 	  Default: 100
@@ -69,6 +77,10 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute
 
 	o.HTTPRequest = r
 
+	if err := o.bindXBearerForAllUsers(r.Header[http.CanonicalHeaderKey("X-Bearer-For-All-Users")], true, route.Formats); err != nil {
+		res = append(res, err)
+	}
+
 	if err := o.bindXBearerLifetime(r.Header[http.CanonicalHeaderKey("X-Bearer-Lifetime")], true, route.Formats); err != nil {
 		res = append(res, err)
 	}
@@ -112,6 +124,29 @@ func (o *AuthParams) BindRequest(r *http.Request, route *middleware.MatchedRoute
 	return nil
 }
 
+// bindXBearerForAllUsers binds and validates parameter XBearerForAllUsers from header.
+func (o *AuthParams) bindXBearerForAllUsers(rawData []string, hasKey bool, formats strfmt.Registry) error {
+	var raw string
+	if len(rawData) > 0 {
+		raw = rawData[len(rawData)-1]
+	}
+
+	// Required: false
+
+	if raw == "" { // empty values pass all other validations
+		// Default values have been previously initialized by NewAuthParams()
+		return nil
+	}
+
+	value, err := swag.ConvertBool(raw)
+	if err != nil {
+		return errors.InvalidType("X-Bearer-For-All-Users", "header", "bool", raw)
+	}
+	o.XBearerForAllUsers = &value
+
+	return nil
+}
+
 // bindXBearerLifetime binds and validates parameter XBearerLifetime from header.
 func (o *AuthParams) bindXBearerLifetime(rawData []string, hasKey bool, formats strfmt.Registry) error {
 	var raw string
diff --git a/handlers/auth.go b/handlers/auth.go
index 8d5f936..02a9546 100644
--- a/handlers/auth.go
+++ b/handlers/auth.go
@@ -22,8 +22,9 @@ import (
 const defaultTokenExpDuration = 100 // in epoch
 
 type headersParams struct {
-	XBearerLifetime uint64
-	XBearerOwnerID  string
+	XBearerLifetime    uint64
+	XBearerOwnerID     string
+	XBearerForAllUsers bool
 }
 
 type objectTokenParams struct {
@@ -40,7 +41,8 @@ type containerTokenParams struct {
 
 func newHeaderParams(params operations.AuthParams) headersParams {
 	prm := headersParams{
-		XBearerOwnerID: params.XBearerOwnerID,
+		XBearerOwnerID:     params.XBearerOwnerID,
+		XBearerForAllUsers: *params.XBearerForAllUsers,
 	}
 
 	if params.XBearerLifetime != nil && *params.XBearerLifetime > 0 {
@@ -122,7 +124,10 @@ func prepareObjectToken(ctx context.Context, params objectTokenParams, pool *poo
 	if err != nil {
 		return nil, fmt.Errorf("couldn't transform token to native: %w", err)
 	}
-	btoken.ForUser(owner)
+
+	if !params.XBearerForAllUsers {
+		btoken.ForUser(owner)
+	}
 
 	iat, exp, err := getTokenLifetime(ctx, pool, params.XBearerLifetime)
 	if err != nil {
diff --git a/spec/rest.yaml b/spec/rest.yaml
index 8418ddd..ac03699 100644
--- a/spec/rest.yaml
+++ b/spec/rest.yaml
@@ -79,6 +79,11 @@ paths:
           name: X-Bearer-Lifetime
           type: integer
           default: 100
+        - in: header
+          description: Form token for all users or only for this gate.
+          name: X-Bearer-For-All-Users
+          type: boolean
+          default: false
         - in: body
           name: tokens
           required: true