Do not allow group Owners create Service accounts on Self-managed
What does this MR do and why?
Solves #451025 (closed)
Currently group owners are able to create service account users on Self-managed. With this MR this bug will be resolved and only admins will be allowed to create service account users on Self-managed. Group owners can still create service account users on GitLab.com.
Changelog: fixed
EE: true
How to set up and validate locally
- Create a Personal access token as instance admin
- Create a personal access token as group owner
Try following curl request by running your gdk setup in self-managed
mode one by one with both tokens
curl --request POST --header "PRIVATE-TOKEN: token_val" "https://gdk.test:3443/api/v4/groups/:group_id/service_accounts"
The request should throw error for group owner's token
and successful for instance admin token
Now Try running gdk in SAAS mode
https://docs.gitlab.com/ee/development/ee_features.html and use the same token for group owner with curl request
curl --request POST --header "PRIVATE-TOKEN: token_va" "https://gdk.test:3443/api/v4/groups/:group_id/service_accounts"
Now service account user should be created properly