gitlab-org/gitlab
User
The most central record in GitLab. Models real people, bots (project/group access tokens), service users, ghost users, and migration placeholders.
Source
app/models/user.rb (very large — thousands of lines), with extensions in ee/app/models/ee/user.rb and roughly 30 concerns under app/models/concerns/users/ and app/models/users/.
User types
A User row has a user_type enum:
:human— real person.:project_bot— bot tied to a project access token.:group_bot— bot tied to a group access token.:service_user— instance-level bot (admin tokens, internal users).:ghost— placeholder for deleted users.:alert_bot,:support_bot,:visual_review_bot,:migration_bot,:security_bot,:llm_bot,:placeholder— many specialized bots.
Key associations
| Association | What it's for |
|---|---|
personal_access_tokens |
Tokens issued by this user |
members |
Project/group memberships |
namespaces, groups |
Owned or member-of groups |
projects |
Projects with direct access |
keys |
SSH keys |
gpg_keys |
GPG keys |
identities |
OmniAuth identities (GitHub, LDAP DN, SAML NameID) |
notification_settings |
Per-resource notification overrides |
todos |
Pending todos |
awards |
Emoji reactions left by the user |
events |
Activity stream events |
assigned_issues, assigned_merge_requests |
Assignments |
reviewer_merge_requests |
MR reviewer queues |
issue_email_participants |
Mailbox-style issue participation |
audit_events |
Audit trail |
ci_pipelines, ci_builds |
CI activity |
Identity
Users can have multiple identities (one per OmniAuth provider). The default Identity row stores extern_uid and provider. SSO group sync (EE) reconciles SAML group claims to GitLab group memberships.
Avatar
User#avatar is a CarrierWave-mounted attachment. If unset, GitLab falls back to Gravatar (configurable).
Authentication
- Password via Devise, optional WebAuthn / TOTP 2FA.
- API access via PATs, OAuth tokens, or SSO sessions.
- See Authentication.
Privacy and deletion
User deletion is a long-running operation:
- Soft delete sets
state = 'deleted'and schedulesUsers::DeletionWorker. - Owned resources (projects, comments, MRs) are reassigned to a "ghost" or "placeholder" user depending on the cleanup mode.
- A "delayed deletion" period gives admins time to recover.
EE adds:
- Compliance retention policies.
- Custom user deletion via SCIM.
Audit and authentication events
AuthenticationEvent records every login attempt. EE adds AuditEvent rows for sensitive actions.
Related
- Member — links a user to a group/project.
- Namespace — every user has a personal namespace.
- Authentication.
Built by Factory AutoWiki from public repository content. It is a generated preview for codebase exploration, not source-maintained documentation.