> ## Documentation Index
> Fetch the complete documentation index at: https://bloodhound.specterops.io/llms.txt
> Use this file to discover all available pages before exploring further.

# GH_HasPersonalAccessToken

> User owns this personal access token that has been granted access to the organization

<img noZoom src="https://mintcdn.com/specterops/tTIczgde9H07oLXf/assets/enterprise-AND-community-edition-pill-tag.svg?fit=max&auto=format&n=tTIczgde9H07oLXf&q=85&s=ad49a576589f4d2a8081df77d07fdf56" alt="Applies to BloodHound Enterprise and CE" width="482" height="45" data-path="assets/enterprise-AND-community-edition-pill-tag.svg" />

## Edge Schema

* Source: [GH\_User](/opengraph/extensions/github/nodes/gh_user)
* Destination: [GH\_PersonalAccessToken](/opengraph/extensions/github/nodes/gh_personalaccesstoken)
* Traversable: ❌

## General Information

The non-traversable GH\_HasPersonalAccessToken edge represents the relationship between a user and their fine-grained personal access tokens that have been granted access to the organization. This edge links each approved token back to the user who created it. Fine-grained personal access tokens are security-significant because they provide programmatic access to organization resources with specific scoped permissions. Tracking token ownership is essential for understanding which users have standing API access and for identifying tokens that may need revocation.

```mermaid theme={null}
graph LR
    node1("GH_User alice")
    node2("GH_PersonalAccessToken ci-deploy-token")
    node3("GH_PersonalAccessToken read-only-audit")
    node4("GH_User bob")
    node5("GH_PersonalAccessToken automation-token")
    node1 -- GH_HasPersonalAccessToken --> node2
    node1 -- GH_HasPersonalAccessToken --> node3
    node4 -- GH_HasPersonalAccessToken --> node5
```