Add "Manage Deploy Tokens" as a customizable permission
Release notes
Group owners and project maintainers have the ability to manage deploy tokens. This often leads to a user becoming overprivileged where they may not need other group or project destructive permissions. With the release of this permission, you can create a custom role to allow a Developer (or any base role) plus this permission to manage push rules without being overprivileged.
Background
Group owners and project maintainers have the ability to deploy tokens. This leads organizations elevating a subset of users who need to manage these settings that as a consequence can edit other Group/Project settings. This permission will allow a custom role such as Developer + this permission offering organizations to reduce Owners and Maintainers in their environment
Proposal and User Experience
- When creating a role, any base can be selected. A new permission is available and labeled "Manage Deploy Tokens" that can be selected.
- The permission actions for
admin_deploy_tokensincludes CRUD and all the properties associated:
| Group Actions | Project Actions |
|---|---|
|
Group Repository Settings
|
Project Repository Settings
|
APIs
Views+Workflows include:
-
Base + permission: Can see Group-> Settings -> Repository Settings -> Deploy Tokens -
Base + permission: Can see Project-> Settings -> Repository Settings -> Deploy Tokens
Documentation
-
Permissions attribute: admin_deploy_tokens -
Permission Title: Manage Deploy Tokens -
Permission Description: Configure deploy tokens at the group or project level. -
Update prerequisites for...