[BE] Add instrumentation to log events when creating (g)PATs (#580477) · Issues · GitLab.org / GitLab

[BE] Add instrumentation to log events when creating (g)PATs

Wave the following success metrics for Granular PAT https://gitlab.com/groups/gitlab-operating-model/-/work_items/188 * **Adoption by GitLab Product Security:** Fine-grained enforcement enabled on 80% of top level groups owned / managed by GitLab within 3 months of GA * **User Adoption:** 50% of new PATs generated use the fine-grained permission model * **Error Rate:** Misconfiguring \< 5% of tokens with incorrect access * **Backward compatibility:** Existing broad tokens operate without disruption * **Development cost**: \<2 hour implementation time for a permission on a new resource ### Metrics to track * Total number of namespaces with fine-grained PAT enforced, baseline count at GA, filtered by namespace owned by GitLab * Count of legacy or fine-grained PATs created by user, filtered by namespaces with fine-grained PAT enforced, filtered by namespaces owned by GitLab * User journey - generate token, use, success/failure, use legacy token ### Instrumentation | Metrics | Weekly | Monthly | |---------|--------|---------| | `counts.count_total_personal_access_token_created_granular` | :white_check_mark: | :white_check_mark: | | `counts.count_total_personal_access_token_created_legacy` | :white_check_mark: | :white_check_mark: | | Events | Description | |--------|-------------| | create_pat | User creates granular or legacy PAT | | category | Granular (Fine-grained PAT) or Legacy (Broad access token) | | user_id | User | | namespace_id | group or project | | plan | ultimate etc | | type | Token type: granular or legacy | | scope | Access granted to token: all personal projects, all projects, selected projects | | permission | Resource and permission | ### User journey to track <table> <tr> <th>Journey</th> <th>UI</th> <th>Metric</th> <th>Description</th> </tr> <tr> <td>Discovery</td> <td> ![Screenshot 2026-02-28 at 11.58.28 AM.png](/uploads/b231ff2ee47d199f5af03c415c8b25d4/Screenshot_2026-02-28_at_11.58.28_AM.png){width="900" height="542"} </td> <td></td> <td>Users who selects generate fine-grained token</td> </tr> <tr> <td>Complete form</td> <td> **Form completion:** ![Screenshot 2026-02-28 at 11.58.41 AM.png](/uploads/26f125f4f5c7c810d56137813aae6199/Screenshot_2026-02-28_at_11.58.41_AM.png){width=899 height=600} **Form abandonment:** ![Screenshot 2026-02-28 at 11.58.41 AM.png](/uploads/f2c26606851fc19c87128ccc1fd94c67/Screenshot_2026-02-28_at_11.58.41_AM.png){width="899" height="600"} </td> <td></td> <td> Users who completes form to generate a fine-grained token Users who abandons form </td> </tr> <tr> <td>Token use</td> <td></td> <td></td> <td> * Track user's fine-grained PAT use on endpoint * Track whether user received error * Track same endpoint for continued fine-grained PAT or switch over to legacy token use </td> </tr> </table> ### Filters | Filter | Values | |--------|--------| | Tier | Ultimate, Platinum | | Namespace | GitLab owned | | Fine-grained PATs Enforced | True/False |

issue