Add latest changes from gitlab-org/gitlab@master

2 files changed, 27 insertions, 3 deletions

diff --git a/doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md b/doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md
index 3aca9f1e116..a493a1c4395 100644
--- a/doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md
+++ b/doc/architecture/blueprints/cells/impacted_features/personal-access-tokens.md
@@ -17,13 +17,37 @@ we can document the reasons for not choosing this approach.
 
 ## 1. Definition
 
-Personal Access Tokens associated with a User are a way for Users to interact with the API of GitLab to perform operations.
-Personal Access Tokens today are scoped to the User, and can access all Groups that a User has access to.
+Personal Access Tokens (PATs) associated with a User are a way for Users to interact with the API of GitLab to perform operations.
+PATs today are scoped to the User, and can access all Groups that a User has access to.
 
 ## 2. Data flow
 
 ## 3. Proposal
 
+### 3.1. Organization-scoped PATs
+
+Pros:
+
+- Can be managed entirely from Rails application.
+- Increased security. PAT is limited only to Organization.
+
+Cons:
+
+- Different PAT needed for different Organizations.
+- Cannot tell at a glance if PAT will apply to a certain Project/Namespace.
+
+### 3.2. Cluster-wide PATs
+
+Pros:
+
+- User does not have to worry about which scope the PAT applies to.
+
+Cons:
+
+- User has to worry about wide-ranging scope of PAT (e.g. separation of personal items versus work items).
+- Organization cannot limit scope of PAT to only their Organization.
+- Increases complexity. All cluster-wide data likely will be moved to a separate [data access layer](../../cells/index.md#1-data-access-layer).
+
 ## 4. Evaluation
 
 ## 4.1. Pros
diff --git a/doc/architecture/blueprints/cells/index.md b/doc/architecture/blueprints/cells/index.md
index 1366d308487..c9a03830a4a 100644
--- a/doc/architecture/blueprints/cells/index.md
+++ b/doc/architecture/blueprints/cells/index.md
@@ -338,6 +338,7 @@ Below is a list of known affected features with preliminary proposed solutions.
 - [Cells: Global Search](impacted_features/global-search.md)
 - [Cells: GraphQL](impacted_features/graphql.md)
 - [Cells: Organizations](impacted_features/organizations.md)
+- [Cells: Personal Access Tokens](impacted_features/personal-access-tokens.md)
 - [Cells: Personal Namespaces](impacted_features/personal-namespaces.md)
 - [Cells: Secrets](impacted_features/secrets.md)
 - [Cells: Snippets](impacted_features/snippets.md)
@@ -354,7 +355,6 @@ The following list of impacted features only represents placeholders that still
 - [Cells: Group Transfer](impacted_features/group-transfer.md)
 - [Cells: Issues](impacted_features/issues.md)
 - [Cells: Merge Requests](impacted_features/merge-requests.md)
-- [Cells: Personal Access Tokens](impacted_features/personal-access-tokens.md)
 - [Cells: Project Transfer](impacted_features/project-transfer.md)
 - [Cells: Router Endpoints Classification](impacted_features/router-endpoints-classification.md)
 - [Cells: Schema changes (Postgres and Elasticsearch migrations)](impacted_features/schema-changes.md)