Allow group owners to define PAT expiration for scoped tokens

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

We released the credential inventory in 12.6 and have released several related credential management features, such as PAT expiration and list and revoke PATs via API; however, these features are largely available only for self-managed customers leaving GitLab.com customers in a painful spot for credential management.

Intended users

• Cameron (Compliance Manager)
• Sidney (Systems Administrator)

User experience goal

A group owner can specify an expiration for Personal Access Tokens in their group.

Proposal

• Remove the group-managed account restriction
• Apply this policy only to credentials scoped to the group or projects within the group

Further details

This issue requires the implementation of #297441 (closed) and may not be necessary since the capability already exists behind group-managed accounts.

Permissions and Security

• Add expected impact to Owner (50) members