API: Extract group level CI/CD variables

Problem to solve

I want to extract group level CI/CD variables and this isn’t possible without Owner permissions on the group level. I am using a personal access token with all permissions. I would expect that this is enough to query the group level CI/CD variables, but it fails when not having the owner permission with an HTTP code 403.

In the documentation the management of group level CI/CD variables is only possible with an owner permission, but I only want to read them.

Is that behaviour expected or am I missing something?



Steps to reproduce

Query variables via curl and a personal access token with all API permission, while having only Maintainer permissions on the group.

curl https://gitlab.REDACTED.com/api/v4/groups/GID/variables --header "Private-Token: REDACTED"
{"message":"403 Forbidden"}% 


  • Self-managed

  • GitLab.com SaaS

    GitLab: v16.10.0-ee
    GitLab Runner, if self-hosted: gitlab-runner 16.9.0