Hello
I want to understand what are the interaction in project access token between the role and the scope fields because I failed to understand while troubleshooting a permission issue on registry.
A kubernetes service account created with a token with scope read_registry and role guest received an error 401 from the gitlab registry with message.
pull access denied, repository does not exist or may require authorization:
server message: insufficient_scope: authorization failed
I choose role guest because the token did not have to interact with the project itself (like creating issues, …).
Viewing the message insufficient_scope, I create a new token with role set to reporter, after that, pulling was possible. But now I’m concerned about the security of the project.
I read Project access tokens | GitLab but I did not find explanation on role and the interaction with scope in the documentation page.
Can someone clarify this ?
Thanks
gitlab version: 15.7