> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# GH_CanEditProtection

> [Repository - Computed] Repo role can modify or remove branch protection rules for the repository/branch (computed from GH_EditRepoProtections + GH_ProtectedBy)

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Edge Schema

* Source: [GH\_RepoRole](/opengraph/extensions/github/nodes/gh_reporole)
* Destination: [GH\_Repository](/opengraph/extensions/github/nodes/gh_repository), [GH\_Branch](/opengraph/extensions/github/nodes/gh_branch)
* Traversable: ✅

## General Information

The traversable GH\_CanEditProtection edge is a computed edge indicating that a role can modify or remove branch protection rules in a repository. This edge is emitted when the role has [GH\_EditRepoProtections](/opengraph/extensions/github/edges/gh_editrepoprotections) or [GH\_AdminTo](/opengraph/extensions/github/edges/gh_adminto) permissions and the repository contains at least one protected branch. Repo-targeted edges model the repo-wide security impact for attack path traversal; branch-targeted edges are also emitted as supporting evidence for each protected branch governed by those rules.

## Scenarios

### `admin` — Admin can edit protections

The admin role has [GH\_AdminTo](/opengraph/extensions/github/edges/gh_adminto) which implicitly grants the ability to modify or remove any branch protection rule.

```mermaid theme={null}
graph LR
    role("GH_RepoRole admin") -->|GH_AdminTo| repo("GH_Repository")
    repo -->|GH_HasBranch| branch("GH_Branch main")
    bpr("GH_BranchProtectionRule") -->|GH_ProtectedBy| branch
    role ==>|GH_CanEditProtection| repo
    role ==>|GH_CanEditProtection| branch
```

### `edit_repo_protections` — Explicit edit permission

A custom or standard role with the [GH\_EditRepoProtections](/opengraph/extensions/github/edges/gh_editrepoprotections) permission can modify or remove branch protection rules.

```mermaid theme={null}
graph LR
    role("GH_RepoRole custom") -->|GH_EditRepoProtections| repo("GH_Repository")
    repo -->|GH_HasBranch| branch("GH_Branch main")
    bpr("GH_BranchProtectionRule") -->|GH_ProtectedBy| branch
    role ==>|GH_CanEditProtection| repo
    role ==>|GH_CanEditProtection| branch
```