<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=259254) </details> <!--IssueSummary end--> ## Description Currently, it looks like the Gitpod app requires access to the full user API which seems excessive :thinking:  This opens up a security attack vector for compromising users and could even be a deterrent for user adoption. Let's evaluate what permissions are actually needed by Gitpod. Maybe GitLab needs to expose some permissions in a more granular way?