I want to understand what are the interaction in project access token between the
role and the
scope fields because I failed to understand while troubleshooting a permission issue on registry.
A kubernetes service account created with a token with scope
read_registry and role
guest received an error 401 from the gitlab registry with message.
pull access denied, repository does not exist or may require authorization: server message: insufficient_scope: authorization failed
I choose role
guest because the token did not have to interact with the project itself (like creating issues, …).
Viewing the message
insufficient_scope, I create a new token with role set to
reporter, after that, pulling was possible. But now I’m concerned about the security of the project.
I read Project access tokens | GitLab but I did not find explanation on role and the interaction with scope in the documentation page.
Can someone clarify this ?
gitlab version: 15.7