1 files changed, 15 insertions, 1 deletions

diff --git a/app/graphql/types/user_interface.rb b/app/graphql/types/user_interface.rb
index 8c67275eb73..7cc201b6df4 100644
--- a/app/graphql/types/user_interface.rb
+++ b/app/graphql/types/user_interface.rb
@@ -29,7 +29,10 @@ module Types
     field :name,
           type: GraphQL::Types::String,
           null: false,
-          description: 'Human-readable name of the user.'
+          resolver_method: :redacted_name,
+          description: 'Human-readable name of the user. ' \
+          'Will return `****` if the user is a project bot and the requester does not have permission to read resource access tokens.'
+
     field :state,
           type: Types::UserStateEnum,
           null: false,
@@ -121,5 +124,16 @@ module Types
         ::Types::UserType
       end
     end
+
+    def redacted_name
+      return object.name unless object.project_bot?
+
+      return object.name if context[:current_user]&.can?(:read_resource_access_tokens, object.projects.first)
+
+      # If the requester does not have permission to read the project bot name,
+      # the API returns an arbitrary string. UI changes will be addressed in a follow up issue:
+      # https://gitlab.com/gitlab-org/gitlab/-/issues/346058
+      '****'
+    end
   end
 end