diff options
Diffstat (limited to 'doc/user')
-rw-r--r-- | doc/user/discussions/index.md | 4 | ||||
-rw-r--r-- | doc/user/group/saml_sso/group_sync.md | 2 | ||||
-rw-r--r-- | doc/user/packages/container_registry/troubleshoot_container_registry.md | 11 | ||||
-rw-r--r-- | doc/user/packages/dependency_proxy/index.md | 2 |
4 files changed, 9 insertions, 10 deletions
diff --git a/doc/user/discussions/index.md b/doc/user/discussions/index.md index 50f2eca8d05..a3ed888ed53 100644 --- a/doc/user/discussions/index.md +++ b/doc/user/discussions/index.md @@ -156,12 +156,12 @@ Prerequisite: To lock an issue or merge request: -1. On the right sidebar, next to **Lock issue** or **Lock merge request**, select **Edit**. +1. On the right sidebar, next to **Lock discussion**, select **Edit**. 1. On the confirmation dialog, select **Lock**. Notes are added to the page details. -If an issue or merge request is locked and closed, you cannot reopen it. +If an issue or merge request is closed with a locked discussion, then you cannot reopen it until the discussion is unlocked. <!-- Delete when the `moved_mr_sidebar` feature flag is removed --> If you don't see this action on the right sidebar, your project or instance might have [moved sidebar actions](../project/merge_requests/index.md#move-sidebar-actions) enabled. diff --git a/doc/user/group/saml_sso/group_sync.md b/doc/user/group/saml_sso/group_sync.md index c18ccaf9c20..7b10da016b9 100644 --- a/doc/user/group/saml_sso/group_sync.md +++ b/doc/user/group/saml_sso/group_sync.md @@ -81,6 +81,8 @@ When SAML is enabled, users with the Maintainer or Owner role see a new menu item in group **Settings > SAML Group Links**. You can configure one or more **SAML Group Links** to map a SAML identity provider group name to a GitLab role. This can be done for a top-level group or any subgroup. +SAML Group Sync only manages a group if that group has one or more SAML group links. If a SAML group link is created then removed, the user remains in the group until they are removed from the group in the identity provider. + To link the SAML groups: 1. In **SAML Group Name**, enter the value of the relevant `saml:AttributeValue`. The value entered here must exactly match the value sent in the SAML response. For some IdPs, this may be a group ID or object ID (Azure AD) instead of a friendly group name. diff --git a/doc/user/packages/container_registry/troubleshoot_container_registry.md b/doc/user/packages/container_registry/troubleshoot_container_registry.md index cb0bcf3f35b..3fb2754eb9c 100644 --- a/doc/user/packages/container_registry/troubleshoot_container_registry.md +++ b/doc/user/packages/container_registry/troubleshoot_container_registry.md @@ -128,14 +128,11 @@ time is set to 15 minutes. If you are using self-managed GitLab, an administrator can [increase the token duration](../../../administration/packages/container_registry.md#increase-token-duration). -## `insufficient_scope: authorization failed` when pulling an image +## `Failed to pull image` messages -GitLab CI/CD jobs that set [`image`](../../../ci/yaml/index.md#image) to pull an image -from a project's container registry automatically authenticate with a [CI/CD job token](../../../ci/jobs/ci_job_token.md). - -All projects with CI/CD jobs that fetch images from the container registry must be listed -in the registry project's [job token allowlist](../../../ci/jobs/ci_job_token.md#allow-access-to-your-project-with-a-job-token). -Otherwise, the job fails with an `insufficient_scope: authorization failed` error. +You might receive a [`Failed to pull image'](../../../ci/debugging.md#failed-to-pull-image-messages) +error message when a CI/CD job is unable to pull a container image from a project with a limited +[CI/CD job token scope](../../../ci/jobs/ci_job_token.md#limit-job-token-scope-for-public-or-internal-projects). ## Slow uploads when using `kaniko` to push large images diff --git a/doc/user/packages/dependency_proxy/index.md b/doc/user/packages/dependency_proxy/index.md index 7bd5a09d8e3..02810bcb922 100644 --- a/doc/user/packages/dependency_proxy/index.md +++ b/doc/user/packages/dependency_proxy/index.md @@ -88,7 +88,7 @@ You can authenticate using: - Your GitLab username and password. - A [personal access token](../../../user/profile/personal_access_tokens.md) with the scope set to `read_registry` and `write_registry`. - A [group deploy token](../../../user/project/deploy_tokens/index.md) with the scope set to `read_registry` and `write_registry`. -- A [group access token](../../../user/group/settings/group_access_tokens.md) for the group with the scope set to `read_registry` and `write_registry`. +- A [group access token](../../../user/group/settings/group_access_tokens.md) for the group, with the scope set to `read_registry` and `write_registry`. Users accessing the Dependency Proxy with a personal access token or username and password must have at least the Guest role for the group they pull images from. |