# Release post GitLab 18.2 introduces new capabilities that enable organizations to maintain robust security governance while supporting critical automation workflows. The new **Service Account & Access Token Exceptions** feature allows designated service accounts and access tokens to bypass merge request approval policies when necessary, eliminating friction for legitimate automation while preserving security controls. **Key capabilities include:** * **Automated Workflow Support**: Configure specific service accounts, bot users, and access tokens (Instance/Group/Project tokens) to bypass approval requirements for CI/CD pipelines, pull mirroring, and automated version updates. Service accounts can push directly to protected branches using approved tokens while maintaining restrictions for human users. * **Emergency Access & Audit**: Enable break-glass scenarios for critical incidents with comprehensive audit trails. All bypass events generate detailed audit logs with context and reasoning, supporting compliance requirements while allowing rapid response during outages or security fixes. * **GitOps Integration**: Unblock common automation challenges including repository mirroring, external CI systems (Jenkins, CloudBees), automated changelog generation, and GitFlow release processes. Service accounts receive minimum required permissions with token-based access scoped to specific projects and branches. This enhancement balances strict security policies with modern DevOps automation needs, eliminating custom workarounds while preserving governance controls. # Related Issues This work is being tracked in https://gitlab.com/groups/gitlab-org/-/epics/14090, but is being released in multiple parts.