You may enable or disable project access token creation for all projects in a group in **Group > Settings > General > Permissions, LFS, 2FA > Allow project access token creation**.
You may enable or disable project access token creation for all projects in a group in **Group > Settings > General > Permissions, LFS, 2FA > Allow project access token creation**.
Even when creation is disabled, you can still use and revoke existing project access tokens.
Even when creation is disabled, you can still use and revoke existing project access tokens.
This setting is available only on top-level groups.
This setting is available only on top-level groups.
## Group access token workaround **(FREE SELF)**
NOTE:
This section describes a workaround and is subject to change.
Group access tokens let you use a single token to:
- Perform actions at the group level.
- Manage the projects within the group.
We don't support group access tokens in the GitLab UI, though GitLab self-managed
administrators can create them using the [Rails console](../../../administration/operations/rails_console.md).
<divclass="video-fallback">
For a demo of the group access token workaround, see <ahref="https://www.youtube.com/watch?v=W2fg1P1xmU0">Demo: Group Level Access Tokens</a>.
To create a group access token, run the following in a Rails console:
```ruby
admin=User.find(1)# group admin
group=Group.find(109)# the group you want to create a token for
bot=Users::CreateService.new(admin,{name: 'group_token',username: "group_#{group.id}_bot",email: "group_#{group.id}_bot@example.com",user_type: :project_bot}).execute# create the group bot user
# for further group access tokens, the username should be group_#{group.id}_bot#{bot_count}, e.g. group_109_bot2, and their email should be group_109_bot2@example.com
bot.confirm# confirm the bot
group.add_user(bot,:maintainer)# add the bot to the group at the desired access level
token=bot.personal_access_tokens.create(scopes:[:api,:write_repository],name: 'group_token')# give it a PAT
gtoken=token.token# get the token value
```
### Revoke a group access token
To revoke a group access token, run the following in a Rails console:
```ruby
bot=User.find_by(username: 'group_109_bot')# the owner of the token you want to revoke
token=bot.personal_access_tokens.last# the token you want to revoke