GitLab employee here. Just asked the Product Manager responsible. Project Access Tokens [0] will be available on Premium for GitLab.com and available on Free for self-hosted.

[0]: https://docs.gitlab.com/ee/user/project/settings/project_acc...

I thought you were going to make the layers easier to understand? :P

Different features at different levels between self-hosted and gitlab.com seem counterproductive in that regard.

Certain features are disabled on GitLab.com in order to prevent abuse, are difficult to scale or just make no sense. In the case of the Project Access Tokens, the feature is quite new and it is to prevent abuse. See also the (nephew/niece?) comment I made in the thread (one to the side from yours, one down)

But not in the CE?

Not working on the feature, but it seems to be available in CE. We disable it for GitLab.com because the feature has some potential to be abused:

- CE: https://gitlab.com/gitlab-org/gitlab/-/blob/d0b75f214f67345c...

- EE: https://gitlab.com/gitlab-org/gitlab/-/blob/d0b75f214f67345c...

(I think Project Access Tokens create bot users under the hood that are associated with the token. So if one were to create hundreds of tokens that means hundreds of users.)

Thanks!

> I cannot find if project-scoped access tokens (which was a Bronze+ feature) are available in the Free tier, or whether they require Silver.

The manual says "Bronze and above" for gitlab.com https://docs.gitlab.com/ce/user/project/settings/project_acc... but I tried the open-source "CE" docker container earlier this week and found that they worked there (maybe that's what "Core" means?)

So they give full access to all repos you have access to (I.e. organizational repos) or only the ones you own?

If so this would mean I would consider to moving to a platform where the repository owner can control the tokens.