# Required permissions

## Account <a href="#account" id="account"></a>

To log in to your account, **GitProtect** requires the following permissions:

1. **Access the authenticated user’s API** — **GitProtect** needs **read** and **write** access to the **API**, including:
   1. All groups and projects.
   2. The container registry.
   3. The package registry.

***

## Personal Access Token (PAT)

The following permissions are the minimum needed to register the **GitProtect** application in your account and access repositories:

* [x] **read\_api**
* [x] **read\_repository**

{% hint style="danger" %}
With minimal privileges, some metadata (such as issues) may not be included in the backup. Select the necessary permissions based on the data you need to protect—if you grant only read permissions, backups can be performed, but restoring data will require a new token or password with write permissions.
{% endhint %}

By creating a **personal access token**, you can assign different types of permissions. The following permissions allow you to back up the repository metadata in your organization:

* **read\_api** — required to assign an organization to **GitLab**.
* **api** — grants full read/write access to the **API**, including all groups and projects.
* **read\_repository** — required to access the list of repositories and perform backups.
* **write\_repository** — required to restore a repository.
* **read\_registry** — grants read access to **Container Registry** images when a project is private and authorization is required.

{% hint style="info" %}
For more information about personal access tokens, visit [the official **GitLab** website](https://docs.gitlab.com/ee/user/profile/personal_access_tokens.html).
{% endhint %}