Scope permissions for gitlab access token

Hello!

We are using SonarQube (Enterprise Edition) version 10.6.0 and it is deployed with Helm to GKE

Following the documentation to get PR (MR) decorations in our Gitlab, we have an access token created as per the documentation, reporter permissions and read_api scope (GitLab integration)

I can see in the following error that it looks to suggest it needs the api and read_api scopes, is this the case or should this be working with just read_api? Ideally we want the least permissions

Error:

2024.07.09 15:11:49 ERROR ce[044af8f5-5290-4819-9e09-2be982a09348][o.s.a.c.g.GitlabApplicationClient] Gitlab API call to [https://gitlab.com/api/v4/projects/<<REDACTED>>/merge_requests/47/notes] failed with 403 http code. gitlab response content : [{"error":"insufficient_scope","error_description":"The request requires higher privileges than provided by the access token.","scope":"api read_api"}]
2024.07.09 15:11:49 DEBUG ce[044af8f5-5290-4819-9e09-2be982a09348][c.s.b.D.D.D] post for gitlab merge request decoration has finished after 137 ms
2024.07.09 15:11:49 ERROR ce[044af8f5-5290-4819-9e09-2be982a09348][c.s.b.D.D.F] An exception was thrown during Merge Request decoration : Your GitLab token has insufficient scope
2024.07.09 15:11:49 ERROR ce[044af8f5-5290-4819-9e09-2be982a09348][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Execution of task class com.sonarsource.b.D.C failed
org.sonar.alm.client.gitlab.GitlabServerException: Your GitLab token has insufficient scope
      at org.sonar.alm.client.gitlab.GitlabApplicationClient.checkResponseIsSuccessful(GitlabApplicationClient.java:188)
      at org.sonar.alm.client.gitlab.GitlabApplicationClient.checkResponseIsSuccessful(GitlabApplicationClient.java:176)
      at com.sonarsource.b.D.D.D.postNote(Unknown Source)
      at com.sonarsource.b.D.D.F.路(Unknown Source)
      at com.sonarsource.b.D.r.路(Unknown Source)
      at java.base/java.util.Spliterators$ArraySpliterator.forEachRemaining(Unknown Source)
      at java.base/java.util.stream.ReferencePipeline$Head.forEach(Unknown Source)
      at com.sonarsource.b.D.r.路(Unknown Source)
      at com.sonarsource.b.D.C.路(Unknown Source)
      at java.base/java.util.Optional.ifPresent(Unknown Source)
      at com.sonarsource.b.D.C.路(Unknown Source)
      at com.sonarsource.b.D.C.좫(Unknown Source)
      at org.sonar.ce.async.SynchronousAsyncExecution.addToQueue(SynchronousAsyncExecution.java:27)
      at com.sonarsource.b.D.C.路(Unknown Source)
      at java.base/java.util.Optional.ifPresent(Unknown Source)
      at com.sonarsource.b.D.C.finished(Unknown Source)
      at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.executeTask(PostProjectAnalysisTasksExecutor.java:101)
      at org.sonar.ce.task.projectanalysis.api.posttask.PostProjectAnalysisTasksExecutor.finished(PostProjectAnalysisTasksExecutor.java:92)
      at org.sonar.ce.task.step.ComputationStepExecutor.executeListener(ComputationStepExecutor.java:89)
      at org.sonar.ce.task.step.ComputationStepExecutor.execute(ComputationStepExecutor.java:61)
      at org.sonar.ce.task.projectanalysis.taskprocessor.ReportTaskProcessor.process(ReportTaskProcessor.java:75)
      at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.executeTask(CeWorkerImpl.java:212)
      at org.sonar.ce.taskprocessor.CeWorkerImpl$ExecuteTask.run(CeWorkerImpl.java:194)
      at org.sonar.ce.taskprocessor.CeWorkerImpl.findAndProcessTask(CeWorkerImpl.java:160)
      at org.sonar.ce.taskprocessor.CeWorkerImpl$TrackRunningState.get(CeWorkerImpl.java:135)
      at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:87)
      at org.sonar.ce.taskprocessor.CeWorkerImpl.call(CeWorkerImpl.java:53)
      at com.google.common.util.concurrent.TrustedListenableFutureTask$TrustedFutureInterruptibleTask.runInterruptibly(TrustedListenableFutureTask.java:131)
      at com.google.common.util.concurrent.InterruptibleTask.run(InterruptibleTask.java:76)
      at com.google.common.util.concurrent.TrustedListenableFutureTask.run(TrustedListenableFutureTask.java:82)
      at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
      at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
      at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(Unknown Source)
      at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      at java.base/java.lang.Thread.run(Unknown Source)
2024.07.09 15:11:49 INFO  ce[044af8f5-5290-4819-9e09-2be982a09348][o.s.c.t.p.a.p.PostProjectAnalysisTasksExecutor] Pull Request decoration | status=FAILED | time=1069ms

Many thanks,

Kieran C