I want to assign permission to a user just to pull gitlab's registry container and can't download raw project while even guests on gitlab can download project and pull container both, any solution?
CodePudding user response:
You cannot assign/revoke granular permissions for users. User access it determined by their assigned (or inherited) role in the project and the project visibility settings.
If your project has internal or public visibility, any logged in user will be able to download the project files. To prevent users from seeing the project, you must make it private and revoke membership.
You can, however, create a project access token and assign it the read_registry
scope only. Then, that token can only be used to download images from the container registry and does not provide any other access.