Yes, this can be achieved by issuing a re-authentication request from the client, which will in turn obtain a new token and send that token to Ably using the existing realtime connection. The capabilities (permissions) specified in that token will be automatically applied.  


See the Upgrading the token on a connection documentation for more info.