Add "Manage Project Access Tokens" as a customizable permission
Today, only Maintainers can manage project access tokens. This, along with other permissions, make the maintainer role have too much privilege, when Developer may not have enough. So we are making a custom role for managing project access tokens which can be added to any base role.
Screenshots or screen recordings
How to set up and validate locally
Numbered steps to set up and validate the change are strongly suggested.
-
Create a new custom role that enables
manage_project_access_tokensas from Group -> Settings -> Roles and Permissions -
Assign this role to a group guest, developer or maintainer using REST API endpoint
curl --request PUT --header "Content-Type: application/json" --header "Authorization: Bearer $YOUR_ACCESS_TOKEN" --data '{"member_role_id": '$MEMBER_ROLE_ID', "access_level": 10}' "https://gdk.test:3000/api/v4/groups/$ID/members/$GUEST_USER_ID"- Check if the user can do the following actions:
- Create project access tokens from the UI and via REST API
- List project access tokens from the UI and via REST API
- Delete project access tokens from the UI and via REST API
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.
Fixes #421778 (closed)
Edited by Aboobacker MK