Represents a permission role within a specific GitLab group. One set of GL_GroupRole nodes is created per group, covering the standard access levels: Minimal Access, Guest, Planner, Reporter, Developer, Maintainer, and Owner.
Role nodes are connected via GL_HasBaseRole to form the permission hierarchy (Owner subsumes Maintainer subsumes Developer, etc.).
The instance-wide Administrator role is connected to the owner role of every top-level group.
Group role permissions are inherited down to their respective subgroup and project role via GL_InheritRole edges.
| Property Name | Data Type | Description |
|---|---|---|
| name | string | Fully-qualified role name (e.g., MyGroup/Owner) |
| description | string | Description of the permissions this role grants |
| group_web_url | string | URL to the associated group's GitLab page |
| Role | Description |
|---|---|
| Minimal Access | Can view the group and its projects in listings |
| Guest | Can view group projects, create issues |
| Planner | Can create and manage issues, epics, milestones, and iterations |
| Reporter | Can view and clone repositories, create issues, generate reports |
| Developer | Can push to repositories, manage issues and merge requests, run CI/CD |
| Maintainer | Can manage branches, merge requests, CI/CD, and members |
| Owner | Full administrative access to the group and its projects |
flowchart TD
GL_GroupRole[fa:fa-user-tie GL_GroupRole]
GL_Group[fa:fa-user-group GL_Group]
GL_User[fa:fa-user GL_User]
GL_GroupAccessToken[fa:fa-key GL_GroupAccessToken]
GL_ProjectRole[fa:fa-user-tie GL_ProjectRole]
GL_InstanceRole[fa:fa-user-tie GL_InstanceRole]
GL_GroupRole -->|GL_MemberOf| GL_Group
GL_User -->|GL_HasRole| GL_GroupRole
GL_GroupAccessToken -->|GL_HasRole| GL_GroupRole
GL_GroupRole -->|GL_InheritRole| GL_GroupRole
GL_GroupRole -->|GL_InheritRole| GL_ProjectRole
GL_InstanceRole -->|GL_HasBaseRole| GL_GroupRole
GL_GroupRole -->|GL_HasBaseRole| GL_GroupRole
GL_GroupRole -.->|GL_CanCreateGroup| GL_Group
GL_GroupRole -.->|GL_CanCreateProject| GL_Group
GL_GroupRole -->|GL_ManageMembers| GL_Group
GL_GroupRole -.->|GL_ManageVariables| GL_Group
GL_GroupRole -.->|GL_InviteGroups| GL_Group