The default role of Guest for Project/Group access tokens can cause confusion about token permissions
Release notes
Problem to solve
The default role of Guest
when building a Project or Group Access Token does not confer any write capabilities within projects, but this is non-obvious to the token creator.
For example, when creating a Project Access Token, I can. select the role of Guest
and choose to enable the write_repository
scope, even though Guest
users have no permissions to write to the project repository.
Proposal
MVC: Set a more permissive default role of Developer
in the token creation screen
Future Iteration: Render a table of allowed actions below the choice of role and scope, so that the token creator can intuitively understand the permissions they're granting the token.
Intended users
Feature Usage Metrics
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.