Add API to let group owners list PATs scoped to their group

Problem to solve

We released the credential inventory in 12.6 and followed with APIs to enable admins to list and revoke PATs so customers could build their own tooling around credential management. This functionality is not available for GitLab.com customers, however, leaving GitLab.com customers in a place where they cannot control their namespace access in all of the ways their security policies require.

Intended users

Cameron (Compliance Manager)
Sidney (Systems Administrator)

User experience goal

A group owner can use an API to list the Personal Access Tokens (metadata only) that are scoped to their group.

Proposal

Extend the current API to allow group owners to query an endpoint that returns only PATs which are scoped to their group

Further details

I'm not sure if this would be a new endpoint altogether due to technical constraints or not.

Permissions and Security

Add expected impact to Owner (50) members

Edited Jan 13, 2021 by Matt Gonzales (ex-GitLab)