read_user:Read the authenticated user's personal information
read_user:Read the authenticated user's personal information
read_repository:Allows read-access to the repository
read_repository:Allows read-only access to the repository
write_repository:Allows read-write access to the repository
read_registry:Grants permission to read container registry images
read_registry:Grants permission to read container registry images
openid:Authenticate using OpenID Connect
openid:Authenticate using OpenID Connect
sudo:Perform API actions as any user in the system
sudo:Perform API actions as any user in the system
...
@@ -73,6 +74,8 @@ en:
...
@@ -73,6 +74,8 @@ en:
Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
Grants read-only access to the authenticated user's profile through the /user API endpoint, which includes username, public email, and full name. Also grants access to read-only API endpoints under /users.
read_repository:
read_repository:
Grants read-only access to repositories on private projects using Git-over-HTTP (not using the API).
Grants read-only access to repositories on private projects using Git-over-HTTP (not using the API).
write_repository:
Grants read-write access to repositories on private projects using Git-over-HTTP (not using the API).
read_registry:
read_registry:
Grants read-only access to container registry images on private projects.
Grants read-only access to container registry images on private projects.
|`read_user` | Allows access to the read-only endpoints under `/users`. Essentially, any of the `GET` requests in the [Users API][users] are allowed ([introduced][ce-5951] in GitLab 8.15). |
|`read_user` | Allows access to the read-only endpoints under `/users`. Essentially, any of the `GET` requests in the [Users API][users] are allowed ([introduced][ce-5951] in GitLab 8.15). |
| `api` | Grants complete access to the API and Container Registry (read/write) ([introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5951) in GitLab 8.15). Required for accessing Git repositories over HTTP when 2FA is enabled. |
| `api` | Grants complete access to the API and Container Registry (read/write) ([introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/5951) in GitLab 8.15). |
| `read_registry` | Allows to read (pull) [container registry] images if a project is private and authorization is required ([introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845) in GitLab 9.3). |
| `read_registry` | Allows to read (pull) [container registry] images if a project is private and authorization is required ([introduced](https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/11845) in GitLab 9.3). |
| `sudo` | Allows performing API actions as any user in the system (if the authenticated user is an admin) ([introduced][ce-14838] in GitLab 10.2). |
| `sudo` | Allows performing API actions as any user in the system (if the authenticated user is an admin) ([introduced][ce-14838] in GitLab 10.2). |
| `read_repository` | Allows read-access (pull) to the repository through git clone. |
| `read_repository` | Allows read-only access (pull) to the repository through git clone. |
| `write_repository` | Allows read-write access (pull, push) to the repository through git clone. Required for accessing Git repositories over HTTP when 2FA is enabled. |