Add latest changes from gitlab-org/gitlab@master

5 files changed, 34 insertions, 15 deletions

diff --git a/doc/user/admin_area/credentials_inventory.md b/doc/user/admin_area/credentials_inventory.md
index 02659276b53..3d8a3a7c8c7 100644
--- a/doc/user/admin_area/credentials_inventory.md
+++ b/doc/user/admin_area/credentials_inventory.md
@@ -31,7 +31,7 @@ The following is an example of the Credentials inventory page:
 
 If you see a **Revoke** button, you can revoke that user's PAT. Whether you see a **Revoke** button depends on the token state, and if an expiration date has been set. For more information, see the following table:
 
-| Token state | [Token expiry enforced?](settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry) | Show Revoke button? | Comments |
+| Token state | [Token expiration enforced?](settings/account_and_limit_settings.md#optional-non-enforcement-of-personal-access-token-expiration) | Show Revoke button? | Comments |
 |-------------|------------------------|--------------------|----------------------------------------------------------------------------|
 | Active      | Yes                    | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
 | Active      | No                     | Yes                | Allows administrators to revoke the PAT, such as for a compromised account |
diff --git a/doc/user/admin_area/index.md b/doc/user/admin_area/index.md
index 9111db9f3a4..46345d1440f 100644
--- a/doc/user/admin_area/index.md
+++ b/doc/user/admin_area/index.md
@@ -157,6 +157,22 @@ All impersonation activities are [captured with audit events](../../administrati
 
 ![user impersonation button](img/impersonate_user_button_v13_8.png)
 
+#### User Permission Export **(PREMIUM SELF)**
+
+> - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/1772) in GitLab 13.8.
+> - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/292436) in GitLab 13.9.
+
+An administrator can export user permissions for all users in the GitLab instance from the Admin Area's Users page.
+The export lists direct membership the users have in groups and projects.
+
+The following data is included in the export:
+
+- Username
+- Email
+- Type
+- Path
+- Access level ([Project](../permissions.md#project-members-permissions) and [Group](../permissions.md#group-members-permissions))
+
 #### Users statistics
 
 The **Users statistics** page provides an overview of user accounts by role. These statistics are
diff --git a/doc/user/admin_area/settings/account_and_limit_settings.md b/doc/user/admin_area/settings/account_and_limit_settings.md
index 70416c224c7..25ab4ec173c 100644
--- a/doc/user/admin_area/settings/account_and_limit_settings.md
+++ b/doc/user/admin_area/settings/account_and_limit_settings.md
@@ -180,24 +180,26 @@ Once a lifetime for personal access tokens is set, GitLab:
   allowed lifetime. Three hours is given to allow administrators to change the allowed lifetime,
   or remove it, before revocation takes place.
 
-## Enforcement of SSH key expiration **(ULTIMATE SELF)**
+## Optional enforcement of SSH key expiration **(ULTIMATE SELF)**
 
-GitLab administrators can choose to enforce the expiration of SSH keys after their expiration dates.
-If you enable this feature, this disables all _expired_ SSH keys.
+> [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/250480) in GitLab 13.9.
 
-To do this:
+By default, expired SSH keys **can still be used**.
+You can prevent the use of expired SSH keys with the following steps:
 
 1. Navigate to **Admin Area > Settings > General**.
 1. Expand the **Account and limit** section.
 1. Select the **Enforce SSH key expiration** checkbox.
 
-## Optional enforcement of Personal Access Token expiry **(ULTIMATE SELF)**
+For more information, see the following issue on [SSH key expiration](https://gitlab.com/gitlab-org/gitlab/-/issues/320970).
+
+## Optional non-enforcement of Personal Access Token expiration **(ULTIMATE SELF)**
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/214723) in GitLab Ultimate 13.1.
 > - [Feature flag removed](https://gitlab.com/gitlab-org/gitlab/-/issues/296881) in GitLab 13.9.
 
-GitLab administrators can choose to prevent personal access tokens from expiring
-automatically. The tokens are usable after the expiry date, unless they are revoked explicitly.
+By default, expired personal access tokens (PATs) cannot be used.
+You can allow the use of expired PATs with the following steps:
 
 To do this:
 
diff --git a/doc/user/profile/personal_access_tokens.md b/doc/user/profile/personal_access_tokens.md
index 99db0c4b898..d32971a7618 100644
--- a/doc/user/profile/personal_access_tokens.md
+++ b/doc/user/profile/personal_access_tokens.md
@@ -21,7 +21,7 @@ Personal access tokens expire on the date you define, at midnight UTC.
 - GitLab runs a check at 01:00 AM UTC every day to identify personal access tokens that expire in under seven days. The owners of these tokens are notified by email.
 - GitLab runs a check at 02:00 AM UTC every day to identify personal access tokens that expired on the current date. The owners of these tokens are notified by email.
 - In GitLab Ultimate, administrators may [limit the lifetime of personal access tokens](../admin_area/settings/account_and_limit_settings.md#limiting-lifetime-of-personal-access-tokens).
-- In GitLab Ultimate, administrators may [toggle enforcement of personal access token expiry](../admin_area/settings/account_and_limit_settings.md#optional-enforcement-of-personal-access-token-expiry).
+- In GitLab Ultimate, administrators may [toggle enforcement of personal access token expiration](../admin_area/settings/account_and_limit_settings.md#optional-non-enforcement-of-personal-access-token-expiration).
 
 For examples of how you can use a personal access token to authenticate with the API, see the following section from our [API Docs](../../api/README.md#personalproject-access-tokens).
 
diff --git a/doc/user/search/index.md b/doc/user/search/index.md
index ffd331248be..a5abcd05a91 100644
--- a/doc/user/search/index.md
+++ b/doc/user/search/index.md
@@ -306,26 +306,27 @@ Use advanced queries for more targeted search results.
 
 [Learn how to use the Advanced Search Syntax.](advanced_search_syntax.md)
 
-## Search project settings
+## Search settings
 
 > - [Introduced](https://gitlab.com/gitlab-org/gitlab/-/issues/292941) in GitLab 13.8.
+> - [Added to Group, Admin, and User settings](https://gitlab.com/groups/gitlab-org/-/epics/4842) in GitLab 13.9
 > - It's [deployed behind a feature flag](../feature_flags.md), disabled by default.
 > - It's disabled on GitLab.com.
 > - It's not recommended for production use.
-> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-search-project-settings). **(FREE SELF)**
+> - To use it in GitLab self-managed instances, ask a GitLab administrator to [enable it](#enable-or-disable-search-settings). **(FREE SELF)**
 
 WARNING:
 This feature might not be available to you. Check the **version history** note above for details.
 
-You can search inside the project’s settings sections by entering a search
-term in the search box located at the top of the page. The search results
+You can search inside a Project, Group, Admin, or User’s settings by entering
+a search term in the search box located at the top of the page. The search results
 appear highlighted in the sections that match the search term.
 
 ![Search project settings](img/project_search_general_settings_v13_8.png)
 
-### Enable or disable Search project settings **(FREE SELF)**
+### Enable or disable Search settings **(FREE SELF)**
 
-Search project settings is under development and not ready for production use. It is
+Search settings is under development and not ready for production use. It is
 deployed behind a feature flag that is **disabled by default**.
 [GitLab administrators with access to the GitLab Rails console](../../administration/feature_flags.md)
 can enable it.