Adding a project access token does not generate an AUDIT event
Topic: Project Access Tokens https://docs.gitlab.com/ee/user/project/settings/project_access_tokens.html
Issue at hand: Project access tokens provide a range of functionality via APIs... so it is important to make sure that proper audit trail is available for the creation of a token and expiration or deletion.
Designs
- Show closed items
Activity
-
Newest first Oldest first
-
Show all activity Show comments only Show history only
- Maintainer
Setting label(s) devopsmanage based on ~"group::access".
- 🤖 GitLab Bot 🤖 added devopsmanage label
added devopsmanage label
- 🤖 GitLab Bot 🤖 added sectiondev label
added sectiondev label
- Melissa Ushakov changed milestone to %Next 1-3 releases
changed milestone to %Next 1-3 releases
- Melissa Ushakov added to epic &2587
added to epic &2587
- 🤖 GitLab Bot 🤖 added [deprecated] Accepting merge requests label
added [deprecated] Accepting merge requests label
- Contributor
@serenafang This issue would be a great one to refine and pick up in %13.6
Collapse replies - Developer
@mushakov Thanks Melissa! I'll take a look
- Melissa Ushakov mentioned in issue gitlab-org/manage/general-discussion#17286
mentioned in issue gitlab-org/manage/general-discussion#17286
- Serena Fang assigned to @serenafang
assigned to @serenafang
- 🤖 GitLab Bot 🤖 removed [deprecated] Accepting merge requests label
removed [deprecated] Accepting merge requests label
- Serena Fang created merge request !48094 (closed) to address this issue
created merge request !48094 (closed) to address this issue
- Serena Fang mentioned in merge request !48094 (closed)
mentioned in merge request !48094 (closed)
- Contributor
Customer with 300 Ultimate Users considered project token has the potential risk for security bleach. It is essential that this is auditable.
- 🤖 GitLab Bot 🤖 added customer label
added customer label
- Serena Fang added workflowin dev label
added workflowin dev label
- Serena Fang changed milestone to %13.9
changed milestone to %13.9
- Serena Fang mentioned in merge request !51660 (merged)
mentioned in merge request !51660 (merged)
- Serena Fang added Category:Audit Events workflowin review labels and removed workflowin dev label
added Category:Audit Events workflowin review labels and removed workflowin dev label
- Developer
I'm closing this issue, as the MR to resolve it has been merged: !51660 (merged). Successfully/unsuccessfully creating/revoking a project access token now generates an audit event.
1 Collapse replies - Developer
- Serena Fang closed
closed
- Liam McAndrew added backend label
added backend label
- Suzanne Selhorn mentioned in merge request gitlab-docs!3607 (closed)
mentioned in merge request gitlab-docs!3607 (closed)