Skip to content

GL_ProjectRole.md

Latest commit

 

History

History
68 lines (59 loc) · 3.4 KB

GL_ProjectRole.md

File metadata and controls

68 lines (59 loc) · 3.4 KB

GL_ProjectRole

Represents a permission role within a specific GitLab project. One set of GL_ProjectRole nodes is created per project, covering the standard access levels: Minimal Access, Guest, Planner, Reporter, Developer, Maintainer, and Owner. Role nodes are connected via GL_HasBaseRole to form the permission hierarchy.

Most capability edges originate from GL_ProjectRole nodes — push/merge permissions on branches, CI/CD execution rights, and management operations on the project are all modeled as edges from the relevant project role to the target node.

Properties

Property Name Data Type Description
name string Fully-qualified role name (e.g., MyProject/Developer)
description string Description of the permissions this role grants
project_web_url string URL to the associated project's GitLab page

Standard Role Descriptions

Role Description
Minimal Access View limited project information; cannot access repository
Guest View and comment on issues; cannot push code
Planner Create and manage issues, epics, milestones, and iterations
Reporter View code, clone repository, create issues, generate reports
Developer Push code, create merge requests, run CI/CD pipelines
Maintainer Manage branches, merge requests, CI/CD variables, members, and runners
Owner Full control — archive, delete, transfer the project

Diagram

flowchart TD
    GL_ProjectAccessToken[fa:fa-key GL_ProjectAccessToken]
    GL_GroupRole[fa:fa-user-tie GL_GroupRole]
    GL_InstanceRole[fa:fa-user-tie GL_InstanceRole]
    GL_Project[fa:fa-diagram-project GL_Project]
    GL_Repository[fa:fa-box-archive GL_Repository]
    Secret[fa:fa-key Secret]
    GL_User[fa:fa-user GL_User]
    GL_ProjectRole[fa:fa-user-tie GL_ProjectRole]
    GL_Branch[fa:fa-code-branch GL_Branch]

    GL_User -->|GL_HasRole| GL_ProjectRole
    GL_ProjectAccessToken -->|GL_HasRole| GL_ProjectRole
    GL_GroupRole -->|GL_InheritRole| GL_ProjectRole
    GL_InstanceRole -->|GL_HasBaseRole| GL_ProjectRole
    GL_ProjectRole -->|GL_HasBaseRole| GL_ProjectRole
    GL_ProjectRole -->|GL_ManageMembers| GL_Project
    GL_ProjectRole -.->|GL_CanPull| GL_Repository
    GL_ProjectRole -->|GL_CanPush| GL_Branch
    GL_ProjectRole -->|GL_CanMerge| GL_Branch
    GL_ProjectRole -.->|GL_RunCICD| GL_Project
    GL_ProjectRole -.->|GL_DownloadJobArtifacts| GL_Project
    GL_ProjectRole -.->|GL_ViewJobLogs| GL_Project
    GL_ProjectRole -.->|GL_DownloadSecureFiles| GL_Project
    GL_ProjectRole -->|GL_CanReadSecret| Secret
    GL_ProjectRole -.->|GL_ManageRunners| GL_Project
    GL_ProjectRole -.->|GL_ManageSecureFiles| GL_Project
    GL_ProjectRole -.->|GL_ManageVariables| GL_Project
    GL_ProjectRole -.->|GL_ManageReleases| GL_Project
    GL_ProjectRole -.->|GL_ManageProjectAccessTokens| GL_Project
    GL_ProjectRole -.->|GL_ManageDeployKeys| GL_Project
    GL_ProjectRole -.->|GL_ManageWebHooks| GL_Project
    GL_ProjectRole -.->|GL_InviteGroups| GL_Project
    GL_ProjectRole -.->|GL_ManageProtectedBranches| GL_Repository
    GL_ProjectRole -.->|GL_ManageProtectedTags| GL_Repository
    GL_ProjectRole -.->|GL_ArchiveProject| GL_Project
    GL_ProjectRole -.->|GL_DeleteProject| GL_Project
    GL_ProjectRole -.->|GL_TransferProject| GL_Project
Loading