Added more information regarding CI_JOB_TOKEN

Clarifies what "user that executes the job" previously implied

Added more information regarding CI_JOB_TOKEN
Clarifies what "user that executes the job" previously implied
9ecff6b3 · Ulises Fierro · Marcel Amirault · a2aa5348 · 9ecff6b3
Commit 9ecff6b3 authored Jan 07, 2022 by Ulises Fierro Committed by Marcel Amirault Jan 07, 2022
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 1 deletion

doc/ci/jobs/ci_job_token.md doc/ci/jobs/ci_job_token.md +4 -1

No files found.
--- a/doc/ci/jobs/ci_job_token.md
+++ b/doc/ci/jobs/ci_job_token.md
@@ -24,7 +24,10 @@ You can use a GitLab CI/CD job token to authenticate with specific API endpoints
 - [Terraform plan](../../user/infrastructure/index.md).

 The token has the same permissions to access the API as the user that executes the
-job. Therefore, this user must be assigned to [a role that has the required privileges](../../user/permissions.md#gitlab-cicd-permissions).
+The token has the same permissions to access the API as the user that caused the
+job to run. A user can cause a job to run by pushing a commit, triggering a manual job,
+being the owner of a scheduled pipeline, and so on. Therefore, this user must be assigned to
+[a role that has the required privileges](../../user/permissions.md#gitlab-cicd-permissions).

 The token is valid only while the pipeline job runs. After the job finishes, you can't
 use the token anymore.