In admin, prevent ability to create impersonation token for internal user

Everyone can contribute. Help move this issue forward while earning points, leveling up and collecting rewards.

Work on this issue
Close this issue

From https://gitlab.com/gitlab-org/manage/import-and-integrate/discussions/-/issues/112#note_2076937556:

As an admin, I can go to the instance settings > Users and I'll see the placeholder users appear in the list. While the possibility to impersonate a placeholder user is deactivated/disabled, there's an option to create an Impersonation Token.

Although the API appears to deny internal users https://gitlab.com/gitlab-org/manage/import-and-integrate/discussions/-/issues/112#note_2077999694 we should remove the ability to create an impersonation tokens for internal users as a defence in depth measure.

Edited Jul 29, 2025 by 🤖 GitLab Bot 🤖