Hi there,
Some of my users in a self-hosted gitlab are creating project access tokens for AWS Sagemaker to access their projects, this is fine, we want to allow this. However these are showing up as Users in the admin panel, with ‘Regular’ level permissions.
This is a problem for two reasons.
Firstly security, as it would appear these access tokens are granting access to all internal projects as per Regular User privileges, as well as group/project creation within the server.
Secondly, if we upgrade to a paid version of gitlab, are we going to have to pay for these users automatically created by a project access token?
I’m hoping that someone from gitlab might be able to fix this…
Thanks in advance
Hi,
project access tokens generate project bot users which do not count as licensed seats. Their default role is maintainer access to the repository.
You can limit the scopes of a project access token, e.g. only to read a repository.
Note that service accounts such as personal access token bot users are not the same as user accounts, e.g. you cannot use them to log into GitLab.
Cheers,
Michael
1 Like
Thanks @dnsmichi .
This bit from the documentation I’ve just found does make it sound like the bots would count as licenced seats though Licensing and subscription FAQ | GitLab
Yep, that doc could mention this more clearly and probably could use an update, but as it is written on the project bot user page and also visible in GitLab instance, they do not count.
1 Like