<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Label this issue](https://contributors.gitlab.com/manage-issue?action=label&projectId=278964&issueIid=599081) </details> <!--IssueSummary end--> ## Scope Enforce that consuming the cloud-hosted AR requires general access to the `Artifact Registry` feature. The AR is not a dedicated SKU or add-on; access is generally granted through the GitLab Credits "add-on". The actual eligibility check is not in-scope of this issue. The AR team will make this check available through a Declarative Policy check such as `can?(:access_artifact_registry_service)`, which internally performs the necessary checks. ## Systems - Rails - Transitively: CDot ## Dependencies - Declarative Policy implementation to guard "can issue AR token" in Rails ## References - [Direction issue #595148](https://gitlab.com/gitlab-org/gitlab/-/work_items/595148) - [AR Usage Billing ADR](https://gitlab.com/gitlab-org/architecture/usage-billing/design-doc/-/blob/8bcbe1bdd4df5a1d28271c321e6efe76d63b7de2/design/artifact_registry.md#resolve-endpoint-changes) Estimated weight: 1 (can solve together with https://gitlab.com/gitlab-org/gitlab/-/work_items/599086+)