- Source: GL_GroupRole, GL_ProjectRole
- Destination: GL_Group, GL_Project
The traversable GL_ManageMembers edge indicates that a role grants permission to add and remove members from the group or project. Owner role always has this permission; Maintainer role has it for projects.
graph LR
attacker("fa:fa-user GL_User attacker")
maintRole("fa:fa-user-tie GL_ProjectRole myproject/Maintainer")
project("fa:fa-diagram-project GL_Project myorg/backend")
attacker -->|GL_HasRole| maintRole
maintRole -->|GL_ManageMembers| project