Merge branch 'tkuah-master-patch-41653' into 'master'

Clarify CI JOB TOKEN powers See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/169052 Merged-by: Marcel Amirault <mamirault@gitlab.com> Approved-by: Marcel Amirault <mamirault@gitlab.com> Reviewed-by: Marcel Amirault <mamirault@gitlab.com> Co-authored-by: Thong Kuah <tkuah@gitlab.com>

Merge branch 'tkuah-master-patch-41653' into 'master'
8fa7606b · Marcel Amirault · GitLab · d3503d57 · d4125a3f · 8fa7606b
Unverified Commit 8fa7606b authored 4 months ago by Marcel Amirault Committed by GitLab 4 months ago
--- a/doc/ci/jobs/ci_job_token.md
+++ b/doc/ci/jobs/ci_job_token.md
@@ -36,18 +36,17 @@ This access can also [be restricted](#limit-job-token-scope-for-public-or-intern
 | [Deployments API](../../api/deployments.md)                                                           | `GET` requests are public by default. |
 | [Environments API](../../api/environments.md)                                                         | `GET` requests are public by default. |
 | [Job artifacts API](../../api/job_artifacts.md#get-job-artifacts)                                     | `GET` requests are public by default. |
-| [Jobs API](../../api/jobs.md#get-job-tokens-job)                                                      | To get the job token's job. |
+| [API endpoint to get the job of a job token](../../api/jobs.md#get-job-tokens-job)                    | To get the job token's job. |
 | [Package registry](../../user/packages/package_registry/index.md#to-build-packages)                   |         |
 | [Packages API](../../api/packages.md)                                                                 | `GET` requests are public by default. |
 | [Pipeline triggers](../../api/pipeline_triggers.md)                                                   | Used with the `token=` parameter to [trigger a multi-project pipeline](../pipelines/downstream_pipelines.md#trigger-a-multi-project-pipeline-by-using-the-api). |
-| [Pipelines API](../../api/pipelines.md#update-pipeline-metadata)                                      | To update pipeline metadata. |
+| [Update pipeline metadata API endpoint](../../api/pipelines.md#update-pipeline-metadata)                           | To update pipeline metadata. |
 | [Release links API](../../api/releases/links.md)                                                      |         |
 | [Releases API](../../api/releases/index.md)                                                           | `GET` requests are public by default. |
 | [Secure files](../secure_files/index.md#use-secure-files-in-cicd-jobs)                                | The `download-secure-files` tool authenticates with a CI/CD job token by default. |
 | [Terraform plan](../../user/infrastructure/index.md)                                                  |         |
  
-A job token can access a project's resources without any configuration, but it might
-give extra permissions that aren't necessary. There is [a proposal](https://gitlab.com/groups/gitlab-org/-/epics/3559)
+Other API endpoints are not accessible using a job token. There is [a proposal](https://gitlab.com/groups/gitlab-org/-/epics/3559)
 to redesign the feature for more granular control of access permissions.
  
 ## GitLab CI/CD job token security