Allow to create Project Access Tokens and Group Access Tokens (subgroups) via API with at least an owner-scoped Group Access Token
Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.
First of all, I'm aware that there has been previous discussions about allowing to create PrAT with other resource access tokens. And that there are some security concerns that have been raised which led to the current implementation disallowing this.
My case is that having an owner-scoped GAT "owns" the entire group - it's different to the GAT and PrAT "only" having maintainer scope (even though a GitLab user with that permission scope in the UI can create access tokens, ...) - and therefore should be able to manage the entire projects and subgroup features in their group - including creating PrATs for subprojects and GATs for subgroups.
Is there a chance to lift that restriction and allowing GAT with owner scope to create PrATs and GAT within their subgroups / subprojects?
The current workaround is to rely on a "dummy" user, which unfortunately defeats the purpose of GATs for us entirely.