Represents a GitLab group access token — an API token scoped to a specific group that authenticates as a bot user with a defined group role. Group access tokens provide programmatic access to all projects within the group and its subgroups at the token's access level, making them high-value targets as they grant broad access across the group hierarchy.
The token's effective permissions are modeled via a GL_HasRole edge to the corresponding GL_GroupRole node for the token's access level.
Each node carries GL_GroupAccessToken as its primary kind and GL_AccessToken as a base kind, allowing queries that target all token types generically.
| Property Name | Data Type | Description |
|---|---|---|
| name | string | Token name (user-defined label) |
| active | bool | Whether the token is currently active |
| revoked | bool | Whether the token has been explicitly revoked |
| scopes | string[] | API scopes granted to this token |
| access_level | string | Group role level: Guest, Reporter, Developer, Maintainer, or Owner |
| created_at | datetime | When the token was created |
| last_used | datetime | When the token was last used |
| expires_at | datetime | Token expiration date |
flowchart TD
GL_GroupAccessToken[fa:fa-key GL_GroupAccessToken]
GL_GroupRole[fa:fa-user-tie GL_GroupRole]
GL_Group[fa:fa-user-group GL_Group]
GL_GroupAccessToken -->|GL_HasRole| GL_GroupRole
GL_Group -.->|GL_HasToken| GL_GroupAccessToken