The default role of Guest for Project/Group access tokens can cause confusion about token permissions

Release notes

Problem to solve

The default role of Guest when building a Project or Group Access Token does not confer any write capabilities within projects, but this is non-obvious to the token creator.

For example, when creating a Project Access Token, I can. select the role of Guest and choose to enable the write_repository scope, even though Guest users have no permissions to write to the project repository.

Proposal

MVC: Set a more permissive default role of Developer in the token creation screen

Future Iteration: Render a table of allowed actions below the choice of role and scope, so that the token creator can intuitively understand the permissions they're granting the token.

Intended users

Feature Usage Metrics

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.