Back to Gitlabhq

Fine-grained PAT permissions generally available

doc/releases/19/gitlab-19-2-released/fine-grained-pats-ga-release-post.md

19.2.0863 B
Original Source

Fine-grained personal access tokens (PATs) are now generally available. Unlike legacy PATs, which grant access to every project and group you belong to, fine-grained PATs allow you to limit each token to specific resources and actions. This makes it easier to apply the principle of least privilege to automation and integrations, which helps reduce the potential impact of a leaked or compromised token.

To make setup easier, use the Add permissions with Duo feature to choose the correct permissions during token creation. Your existing legacy PATs continue to work as before. For new tokens, GitLab recommends fine-grained PATs so each token is scoped only to the resources and actions it needs.

With the GA release, fine-grained PATs now have complete coverage for REST API endpoints, and coverage for the most commonly used GraphQL types and mutations.