ONTOTEXT ANSWER:
Security requirements in enterprises can get very stringent. Beyond simple RBAC user management, which GraphDB fully supports, you may need to make sure users have some specific permissions. Or, there may even be a requirement that your data is compartmentalized so one attack only compromises some of your data.
You can achieve logical and physical separation, but you should do this without nested repositories. Nested repositories were an experimental feature in the GraphDB line before GraphDB 10. As a feature, it was somewhat complex to configure and manage. Therefore, in more recent versions, we deprecated this feature and removed it from the documentation. If you are still using this feature, let us know, it’s interesting to hear from you. The requirements that drive nested repositories can be achieved without them.
Logical separation – GraphDB (or any graph database, really) has a way to achieve this, using named graphs – also known as contexts. Named graphs would allow you to split your data up for ingestion and query purposes while still keeping it within the same repository to allow inference, secondary indexing and plugin logic to operate on the whole dataset transparently. If you have a few named graphs, you should enable the context index for faster processing.
At the present time, we don’t have security controls at this level of separation in SPARQL. There is some logic that would control security at this level in our GraphQL plugin. We aim to introduce context-level security in a later GraphDB release.
Physical separation, first degree – GraphDB has a repository concept. That roughly maps to a table/database concept from SQL. You can have multiple repositories, each with its specific read and write permissions. Then you can make cross-repository requests using standard SPARQL or FedX federation. When using federation, the individual permissions of the user would be respected. This applies to repositories in a cluster as well.
When it comes to physical separation of this degree, the index files for one GraphDB instance are on the same filesystem. Each repository has its own directory, under the same data directory parent. You can use third party solutions to encrypt your data, but if one repository is compromised, all of them would be.
Physical separation, second degree – if you want to be certain that the data is separated, it is possible to use multiple GraphDB installations. There’s no built-in capabilities for this in GraphDB, but cross-instance communication can be handled via the federation procedures established earlier.
Article's content
GraphDB Users Ask: Where Can We Deploy GraphDB And What Are Some Best Practices?
In this blog, we answer questions from our GraphDB users. This question is about where can one deploy GraphDB and what are some best practices
GraphDB Users Ask: What Isolation Levels Does GraphDB Support?
In this blog, we answer questions from our GraphDB users. This question is about the the isolation levels GraphDB supports..
GraphDB Users Ask: What is the Most Important Hardware Attribute for Optimizing GraphDB Performance?
In this blog, we answer questions from our GraphDB users. This question is about the most important hardware attribute for optimizing GraphDB performance.
GraphDB Users Ask: What is the Best Way to Store the Triples’ History in the Database?
In this blog, we answer questions from our GraphDB users. This question is about the best way to store the triples’ history in the database
GraphDB Users Ask: Can I Use Nested Repositories to Introduce Logical Separation to GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about using nested repositories to introduce logical separation to GraphDB
GraphDB Users Ask: Can I Fine-tune Security on Some of the Endpoints in GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about fine-tuning securing on a GraphDB endpoint.
GraphDB Users Ask: What Are the Different Ways to Deploy GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about the different ways to deploy GraphDB.
GraphDB Users Ask: What is the best way to integrate JSON data in GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about the best ways to integrate JSON data in GraphDB.
GraphDB Users Ask: How Does GraphDB’s Security Work, Especially for Automated APIs?
In this feature, we answer questions from our GraphDB users. This question is about how about GraphDB security workds, especially for Automated APIs
GraphDB Users Ask: Is Kafka Only Used for Exporting Data, or for Importing, or Can We Do Both?
In this feature, we answer questions from our GraphDB users. This question is about if Kafka is used only for exporting or importing data or we can use for both
GraphDB Users Ask: How Do I Change the Configuration of an Existing Connector?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to change the configuration of connector if you’ve made a mistake when creating it
GraphDB Users Ask: Are There Any Administration Differences to Operating a Cluster on GraphDB 10?
In this feature, we answer questions from our GraphDB users. Today’s question is about whether there are administration differences to operating a cluster in GraphDB 10
GraphDB Users Ask: Can I Scale GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can scale GraphDB.
GraphDB Users Ask: Can I Change My Inference At Runtime?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can change inference at runtime.
GraphDB Users Ask: How To Mark Statements In A Query As Explicit Or Implicit?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to mark statements in a query as explicit or implicit.
GraphDB Users Ask: Can I Use the Standard Ontop Configurations?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can use the standard Onotp configurations.
GraphDB Users Ask: Should I Use a SPARQL Repository or a HTTP Repository?
In this feature, we answer questions from our GraphDB users. Today’s question us whether to use a SPARQL Repository or a HTTP Repository.
GraphDB Users Ask: Do You Have Any Advice on the Log4j Vulnerability for Different Versions of GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is about the Log4j vulnerability for different versions of GraphDB.
GraphDB Users Ask 12 Very Short Questions
In this feature, we answer questions from our GraphDB users. Today, we answer 12 very short question from GraphDB users.
GraphDB Users Ask: Which of the GraphDB Logs Do I Need to Monitor for Problems?
In this feature, we answer questions from our GraphDB users. Today’s question is about GraphDB logs and how to monitor for problems.
GraphDB Users Ask: Can You Help Me Optimize My Queries?
In this feature, we answer questions from our GraphDB users. Today’s question is about how users can optimize their queries.
GraphDB Users Ask: What’s the Difference Between SPARQL and FedX Federation?
In this feature, we answer questions from our GraphDB users. Today’s question is about the difference between SPARQL and FedX federation.
GraphDB Users Ask: What Does The “Insufficient Free Heap Memory” Error Mean?
In this feature, we answer questions from our GraphDB users. Today’s question is about what the “Insufficient Free Heap memory” error means.
GraphDB Users Ask: How To Optimize My Inference?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to optimize inference.
GraphDB Users Ask: Is RDF-Star The Best Choice For Reification?
In this feature, we answer questions from our GraphDB users. Today’s question is about whether RDF-star is the best choice for reification.
GraphDB Users Ask: Can GraphDB Infer Data Based on Values From a Virtualized Repository?
In this feature, we answer questions from our GraphDB users. Today’s question is about if GraphDB’s inference works with virtualized repositories.
GraphDB Users Ask: How Does SHACL Work on GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is about how SHACL works on GraphDB.
GraphDB Users Ask: Does GraphDB Support ABAC?
In this feature, we answer questions from our GraphDB users. Today’s question is about if GraphDB supports ABAC.
GraphDB Users Ask: Why Do I Get Errors About GraphDB Being “Unable to Find Valid Certification Path to Requested Target”?
In this feature, we answer questions from our GraphDB users. Today’s question is about getting errors about GraphDB being “unable to find valid certification path to requested target”.
GraphDB Users Ask: How Can I Break Up My Data to Control Access To It?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security and access control.
GraphDB Users Ask: Why does My Import Start Really Fast But Then Starts Losing Speed After a While?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB import speed.
GraphDB Users Ask: Can You Help Me Understand The Built-in GraphDB Security?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security.
GraphDB Users Ask: How Many Repositories Can I Have in GraphDB and How Can I Unite the Disparate Data Between Them?
In this feature, we answer questions from our GraphDB users. Today’s question is about the number of repos in GraphDB and accessing the data.
