- Source: GL_User, GL_Project, GL_Group
- Destination: GL_PersonalAccessToken, GL_ProjectAccessToken, GL_GroupAccessToken
The non-traversable GL_HasToken edge connects a principal to its access tokens. The source determines the token type:
- GL_User → GL_PersonalAccessToken — a user owns this personal access token
- GL_Project → GL_ProjectAccessToken — a project has this project access token
- GL_Group → GL_GroupAccessToken — a group has this group access token
Ther resulting permissions of the tokens are modelled with via GL_HasPrivilegeOf and GL_HasRole edges to the respective user or project/group role, respectively.
graph LR
user("fa:fa-user GL_User alice")
project("fa:fa-diagram-project GL_Project myorg/backend")
group("fa:fa-user-group GL_Group myorg")
pat("fa:fa-key GL_PersonalAccessToken alice-api")
projTok("fa:fa-key GL_ProjectAccessToken deploy-token")
groupTok("fa:fa-key GL_GroupAccessToken ci-token")
user -.->|GL_HasToken| pat
project -.->|GL_HasToken| projTok
group -.->|GL_HasToken| groupTok