Represents a GitLab user account. User nodes are collected for all accounts on the instance, including administrators, regular members, external users, and bot/service accounts. Bots receive an additional GL_Bot kind. Users are linked to their instance role, group memberships, project memberships, personal access tokens, and pipeline schedules they own.
If a user is detected as a Renovate bot (by observing pushes to renovate/* branches), the renovate property is set to true and additional enrichment is performed.
| Property Name | Data Type | Description |
|---|---|---|
| username | string | GitLab username (login handle) |
| name | string | Full display name |
| string | Primary or public email address | |
| state | string | Account state: active, blocked, deactivated, or ldap_blocked |
| locked | bool | Whether the account is temporarily locked (e.g., after failed logins) |
| is_admin | bool | Whether the user has instance administrator privileges |
| two_factor_enabled | bool | Whether two-factor authentication is enabled for this account |
| external | bool | Whether this is an external user (limited access by default) |
| web_url | string | URL to the user's GitLab profile page |
| created_at | datetime | When the account was created |
| current_sign_in_at | datetime | Timestamp of the most recent sign-in |
| last_sign_in_at | datetime | Timestamp of the previous sign-in |
| last_activity_on | datetime | Date of last activity (API access, push, etc.) |
| identities | string[] | External identity bindings in "provider://externalUID" format (SAML, LDAP, OAuth, etc.) |
| renovate | bool | Whether this user was detected as a Renovate bot account |
flowchart TD
GL_ProjectRole[fa:fa-user-tie GL_ProjectRole]
GL_PersonalAccessToken[fa:fa-key GL_PersonalAccessToken]
AZUser[fa:fa-user AZUser]
GL_PipelineSchedule[fa:fa-clock-rotate-left GL_PipelineSchedule]
GL_Pipeline[fa:fa-angles-right GL_Pipeline]
GL_GroupRole[fa:fa-user-tie GL_GroupRole]
GL_Branch[fa:fa-code-branch GL_Branch]
User[fa:fa-user User]
GL_User[fa:fa-user GL_User]
GL_Project[fa:fa-diagram-project GL_Project]
GL_InstanceRole[fa:fa-user-tie GL_InstanceRole]
GL_User -.->|GL_HasProject| GL_Project
GL_User -->|GL_Owns| GL_PipelineSchedule
GL_User -.->|GL_Created| GL_User
GL_User -.->|GL_Created| GL_Project
GL_User -.->|GL_Created| GL_Pipeline
GL_User -->|GL_HasRole| GL_InstanceRole
GL_User -->|GL_HasRole| GL_GroupRole
GL_User -->|GL_HasRole| GL_ProjectRole
GL_User -.->|GL_PushedTo| GL_Branch
GL_User -.->|GL_Developed| GL_Project
GL_User -.->|GL_Contributed| GL_Project
GL_User -.->|GL_HasToken| GL_PersonalAccessToken
GL_PersonalAccessToken -->|GL_HasPrivilegeOf| GL_User
GL_InstanceRole -->|GL_RenovateInviteAndTakeover| GL_User
AZUser -->|GL_SyncedTo| GL_User
User -->|GL_SyncedTo| GL_User