### Proposal The current documentation for [Delete package assets](https://docs.gitlab.com/18.9/user/packages/package_registry/reduce_package_registry_storage/#delete-package-assets) states: > You must have at least the Developer role. (similar for the general deletion of a package). This was proposed within https://gitlab.com/gitlab-org/gitlab/-/work_items/32107#proposal. However, when using a user with only the Developer role they are not able to delete packages. This is crucial for us, since in test deployments we first push to the package registry and then pull the packages from there. Since it can occur that packages are built multiple times we make sure to delete a package first. This pipeline always fails if it was started by users which are only Developers. Gitlab support suggested to use a project access token (PAT) with Maintainer role to circumvent that. However, this might become a security problem, since members of the project could create a pipeline using the PAT and send requests to the API e.g. giving their own user more rights. Support used the Rails console: ``` # Find any project and a user with Developer role on it project = Project.find_by_full_path('test/test') # Find a member with Developer role (access_level 30) developer = project.members.find_by(access_level: 30)&.user maintainer = project.members.find_by(access_level: 40)&.user puts "Developer: #{developer&.username}" puts "Maintainer: #{maintainer&.username}" # Check all package abilities - no packages need to exist %i[read_package create_package destroy_package admin_package].each do |ability| puts "Developer - #{ability}: #{Ability.allowed?(developer, ability, project)}" puts "Maintainer - #{ability}: #{Ability.allowed?(maintainer, ability, project)}" end ``` They obtained: ``` Developer - read_package: true Maintainer - read_package: true Developer - create_package: true Maintainer - create_package: true Developer - destroy_package: false Maintainer - destroy_package: true Developer - admin_package: false Maintainer - admin_package: true ``` Where we believe the output should be: ``` Developer - read_package: true Maintainer - read_package: true Developer - create_package: true Maintainer - create_package: true Developer - destroy_package: true Maintainer - destroy_package: true Developer - admin_package: true Maintainer - admin_package: true ``` [Support issue](https://support.gitlab.com/hc/en-us/requests/698503)