Good afternoon,
I opened a support ticket because we get an error 500 when trying to change PATs that we did not generate. After looking at it for a couple months, they were able to confirm that the PATCH personal-access-tokens restricts full admins to only changing their own PATs.
From both a security (over-permissioned) and a tech support perspective (under or improperly permissioned), it would make sense for admins to be able to manage other users’ tokens, at a bare minimum to be able to alter the “scopes” array.
Can we confirm this is intentional and not a bug? (REF: case CS0298425, idea GOV-I-3838)
Thanks for the redirect - this other topic didn’t come up when I initially searched.
This seems like a shortcoming if it’s intentional. I don’t understand the logic - if it’s a “don’t touch another user’s existing PATs even though you’re the top admin” thing, I’d think deleting a PAT would be MUCH worse than altering it… that’s guaranteed breakage and a lost key vs controlled burn in-place.
guess I’ll try and pursue on the idea page instead