AWS dtconsole documentation change
Summary
Added 'admin_mode' scope requirement for GitLab personal access tokens
Security assessment
Documents expanded permissions requirements for secure API access. While related to access control, there's no evidence this change addresses a specific security vulnerability.
Diff
diff --git a/dtconsole/latest/userguide/connections-create-gitlab-managed.md b/dtconsole/latest/userguide/connections-create-gitlab-managed.md index ab3651878..b277b8987 100644 --- a//dtconsole/latest/userguide/connections-create-gitlab-managed.md +++ b//dtconsole/latest/userguide/connections-create-gitlab-managed.md @@ -33 +33 @@ You can create connections to a repository where you have the **Owner** role in - * You must have already created a GitLab personal access token (PAT) with the following scoped-down permission only: api. For more information, see [https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html). You must be an administrator to create and use the PAT. + * You must have already created a GitLab personal access token (PAT) with the following scoped-down permission only: `api`, `admin_mode`. For more information, see [https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html). You must be an administrator to create and use the PAT.