Prevent bot accounts elevation to Administrator accounts

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

• Close this issue

Problem to solve

Bot accounts are created whenever a Project Access Token or Group Access Token is created. At the moment any Administrator can also elevate these bot accounts to Admin level and might pose as a security concern.

Proposal

We can consider the following routes moving forward:

• Do not allow bot accounts to be elevated to Administrators (remove option when editing users),
• or add an option in the gitlab.rb to disable this behavior.

Intended users

• Amy (Application Security Engineer)
• Isaac (Infrastructure Engineer)
• Alex (Security Operations Engineer)

Feature Usage Metrics

Does this feature require an audit event?

This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.