Hello
I want to understand what are the interaction in project access token between the role
and the scope
fields because I failed to understand while troubleshooting a permission issue on registry.
A kubernetes service account created with a token with scope read_registry
and role guest
received an error 401 from the gitlab registry with message.
pull access denied, repository does not exist or may require authorization:
server message: insufficient_scope: authorization failed
I choose role guest
because the token did not have to interact with the project itself (like creating issues, …).
Viewing the message insufficient_scope
, I create a new token with role set to reporter
, after that, pulling was possible. But now I’m concerned about the security of the project.
I read Project access tokens | GitLab but I did not find explanation on role and the interaction with scope in the documentation page.
Can someone clarify this ?
Thanks
gitlab version: 15.7