Add latest changes from gitlab-org/gitlab@16-6-stable-eev16.6.0-rc42

1 files changed, 9 insertions, 3 deletions

diff --git a/doc/api/users.md b/doc/api/users.md
index 118008848f3..cb9951a1c45 100644
--- a/doc/api/users.md
+++ b/doc/api/users.md
@@ -2142,9 +2142,14 @@ Example response:
 > [Introduced](https://gitlab.com/gitlab-org/gitlab/-/merge_requests/131923) in GitLab 16.5.
 
 Use this API to create a new personal access token for the currently authenticated user.
-For security purposes, the scopes are limited to only `k8s_proxy` and by default the token will expire by
-the end of the day it was created at.
-Token values are returned once so, make sure you save it as you can't access it again.
+For security purposes, the token:
+
+- Is limited to the [`k8s_proxy` scope](../user/profile/personal_access_tokens.md#personal-access-token-scopes).
+  This scope grants permission to perform Kubernetes API calls using the agent for Kubernetes.
+- By default, expires at the end of the day it was created on.
+
+Token values are returned once, so make sure you save the token as you cannot access
+it again.
 
 ```plaintext
 POST /user/personal_access_tokens
@@ -2331,6 +2336,7 @@ Prerequisites:
 
 - You must be an administrator or have the Owner role of the target namespace or project.
 - For `instance_type`, you must be an administrator of the GitLab instance.
+- For `group_type` or `project_type` with an Owner role, an administrator must not have enabled [restrict runner registration](../administration/settings/continuous_integration.md#restrict-runner-registration-by-all-users-in-an-instance).
 - An access token with the `create_runner` scope.
 
 Be sure to copy or save the `token` in the response, the value cannot be retrieved again.