Move broad access PATs form to new page and improve scop grouping
Summary
As part of introducing fine-grained Personal Access Tokens (PATs), we need to improve the user experience for broad access PATs by moving the form to a dedicated page and enhancing the scope grouping and information presentation.
Proposal
We will introduce fine-grained PATs in a new form and need to make consistency updates to the UX of broad access PATs, including:
Core Changes
- Move form to new page: Create a dedicated page for broad access PAT creation/management
- Group related permissions: Organize scopes into logical groups for better usability
- Move description to information section: Align with other token permission patterns across GitLab
- Add API scope warning: Alert users when they select full API scope
- Suggest fine-grained tokens: Recommend fine-grained tokens as a more secure alternative
Problem Statement
Currently, the broad access PAT creation experience:
- Lives in the CRUD table
- Has ungrouped scope selections that can be overwhelming
- Lacks clear warnings about overly broad permissions
- Doesn't guide users toward more secure alternatives
Goals
- Improve Security Awareness: Help users understand the implications of broad access tokens
- Enhance Usability: Make scope selection more intuitive through logical grouping
- Promote Best Practices: Guide users toward fine-grained tokens when appropriate
- Maintain Consistency: Align with GitLab's token management UX patterns
User Stories
As a developer, I want to easily understand what permissions I'm granting when creating a PAT, so I can make informed security decisions.
As a security-conscious user, I want to be warned when I'm about to create overly broad access tokens, so I can choose more restrictive alternatives.
As a new GitLab user, I want scope options to be organized logically, so I can quickly find the permissions I need without being overwhelmed.
Implementation Notes
- This change should be coordinated with the fine-grained PAT implementation