GitLab v2 Integration: Enable Admin Tokens to Discover Non-Owned Projects
N
Niels Van Zwieten
In
GitLab v2
, discovery calls now use a fixed setting of min_access_level=30
(Developer). Because of this, service or admin tokens cannot access projects unless they are added as members to each group or project. By contrast, In GitLab v1
, the filterOwnedProjects:false
flag made it possible to include projects where the token was not an owner or member, using admin or auditor tokens with built-in read permissions.For enterprises managing thousands of projects, this change is not scalable due to:
- Security and privacy concerns– service accounts would become visible across all groups.
- Operational overhead– maintaining explicit membership for thousands of projects is not feasible.
Proposed Solution
: - Re-introducing the filterOwnedProjects:falseflag (which bypasses min_access_level), OR.
- Allowing users to configure min_access_levelinstead of enforcing it at Developer.
This would enable users to use admin/auditor tokens without explicit project membership.