In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security.
ONTOTEXT ANSWER:
Unfortunately, millions of customers on a single GraphDB deployment would usually be impossible. This is because each repository, when active, even at 0 triples, has to introduce some data structures and processing. We have estimated that this contributes to about 200 MB of heap usage. So, even though your database could be impossibly large, there would be a physical limit to how much you can grow. On the software side, though, GraphDB would not block you from making an arbitrary number of repositories.
Now, there’s a caveat to this. This memory usage is for active repositories. Those are repositories which are in use. However, there’s no way to deactivate a repository via the UI. The only surefire way to do it is a GraphDB restart, but calling repo.shtudown() with the RDF4J client would work as well for local repositories.
There’s something else to consider – activating a repository is very easy to do “by accident”. And accidents will happen with end-users. Any interaction with a repository, besides viewing its configuration, would activate it. So, a size check, or a health check would both activate the repository. And the workbench is not aware of a repository shutting down, so it would initiate a ping towards the currently “active” repository – where “active” is what is kept on the browser cache and not what is actually on the cluster – every 30 seconds. So, some user with a forgotten browser tab will keep their repository active in perpetuity.
To sum it up, while it is technically possible to have an astronomical number of repositories on GraphDB and function well, practically, there is a limit. Assume the worst case scenario, where all repositories are active all the time and budget your memory for that. You also need to take into consideration the total number of triples in your installation. If you want to run a setup for hundreds of users, we’d recommend a Kubernetes deployment which can scale dynamically. It is close to how we used to run the Ontotext Cognitive Cloud.
The repository per-customer is a fairly common situation, though we’ll put it, rather as a “repository per customer group”. This is because you rarely have a single person behind a given “customer”. And there is no trade-off here. You can have a super-user, the administrator, who has read/write access to all repositories and can perform a federated query across them all. Or a user who only has an access to a subset of repositories. For example, the “ReadOnly For Group1”, who can read repositories “Group1-1”, “Group1-2” and “Group1-3”.
Did this help you solve your issue? Your opinion is important not only to us but also to your peers.
Article's content
GraphDB Users Ask: Where Can We Deploy GraphDB And What Are Some Best Practices?
In this blog, we answer questions from our GraphDB users. This question is about where can one deploy GraphDB and what are some best practices
GraphDB Users Ask: What Isolation Levels Does GraphDB Support?
In this blog, we answer questions from our GraphDB users. This question is about the the isolation levels GraphDB supports..
GraphDB Users Ask: What is the Most Important Hardware Attribute for Optimizing GraphDB Performance?
In this blog, we answer questions from our GraphDB users. This question is about the most important hardware attribute for optimizing GraphDB performance.
GraphDB Users Ask: What is the Best Way to Store the Triples’ History in the Database?
In this blog, we answer questions from our GraphDB users. This question is about the best way to store the triples’ history in the database
GraphDB Users Ask: Can I Use Nested Repositories to Introduce Logical Separation to GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about using nested repositories to introduce logical separation to GraphDB
GraphDB Users Ask: Can I Fine-tune Security on Some of the Endpoints in GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about fine-tuning securing on a GraphDB endpoint.
GraphDB Users Ask: What Are the Different Ways to Deploy GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about the different ways to deploy GraphDB.
GraphDB Users Ask: What is the best way to integrate JSON data in GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about the best ways to integrate JSON data in GraphDB.
GraphDB Users Ask: How Does GraphDB’s Security Work, Especially for Automated APIs?
In this feature, we answer questions from our GraphDB users. This question is about how about GraphDB security workds, especially for Automated APIs
GraphDB Users Ask: Is Kafka Only Used for Exporting Data, or for Importing, or Can We Do Both?
In this feature, we answer questions from our GraphDB users. This question is about if Kafka is used only for exporting or importing data or we can use for both
GraphDB Users Ask: How Do I Change the Configuration of an Existing Connector?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to change the configuration of connector if you’ve made a mistake when creating it
GraphDB Users Ask: Are There Any Administration Differences to Operating a Cluster on GraphDB 10?
In this feature, we answer questions from our GraphDB users. Today’s question is about whether there are administration differences to operating a cluster in GraphDB 10
GraphDB Users Ask: Can I Scale GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can scale GraphDB.
GraphDB Users Ask: Can I Change My Inference At Runtime?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can change inference at runtime.
GraphDB Users Ask: How To Mark Statements In A Query As Explicit Or Implicit?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to mark statements in a query as explicit or implicit.
GraphDB Users Ask: Can I Use the Standard Ontop Configurations?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can use the standard Onotp configurations.
GraphDB Users Ask: Should I Use a SPARQL Repository or a HTTP Repository?
In this feature, we answer questions from our GraphDB users. Today’s question us whether to use a SPARQL Repository or a HTTP Repository.
GraphDB Users Ask: Do You Have Any Advice on the Log4j Vulnerability for Different Versions of GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is about the Log4j vulnerability for different versions of GraphDB.
GraphDB Users Ask 12 Very Short Questions
In this feature, we answer questions from our GraphDB users. Today, we answer 12 very short question from GraphDB users.
GraphDB Users Ask: Which of the GraphDB Logs Do I Need to Monitor for Problems?
In this feature, we answer questions from our GraphDB users. Today’s question is about GraphDB logs and how to monitor for problems.
GraphDB Users Ask: Can You Help Me Optimize My Queries?
In this feature, we answer questions from our GraphDB users. Today’s question is about how users can optimize their queries.
GraphDB Users Ask: What’s the Difference Between SPARQL and FedX Federation?
In this feature, we answer questions from our GraphDB users. Today’s question is about the difference between SPARQL and FedX federation.
GraphDB Users Ask: What Does The “Insufficient Free Heap Memory” Error Mean?
In this feature, we answer questions from our GraphDB users. Today’s question is about what the “Insufficient Free Heap memory” error means.
GraphDB Users Ask: How To Optimize My Inference?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to optimize inference.
GraphDB Users Ask: Is RDF-Star The Best Choice For Reification?
In this feature, we answer questions from our GraphDB users. Today’s question is about whether RDF-star is the best choice for reification.
GraphDB Users Ask: Can GraphDB Infer Data Based on Values From a Virtualized Repository?
In this feature, we answer questions from our GraphDB users. Today’s question is about if GraphDB’s inference works with virtualized repositories.
GraphDB Users Ask: How Does SHACL Work on GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is about how SHACL works on GraphDB.
GraphDB Users Ask: Does GraphDB Support ABAC?
In this feature, we answer questions from our GraphDB users. Today’s question is about if GraphDB supports ABAC.
GraphDB Users Ask: Why Do I Get Errors About GraphDB Being “Unable to Find Valid Certification Path to Requested Target”?
In this feature, we answer questions from our GraphDB users. Today’s question is about getting errors about GraphDB being “unable to find valid certification path to requested target”.
GraphDB Users Ask: How Can I Break Up My Data to Control Access To It?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security and access control.
GraphDB Users Ask: Why does My Import Start Really Fast But Then Starts Losing Speed After a While?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB import speed.
GraphDB Users Ask: Can You Help Me Understand The Built-in GraphDB Security?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security.
GraphDB Users Ask: How Many Repositories Can I Have in GraphDB and How Can I Unite the Disparate Data Between Them?
In this feature, we answer questions from our GraphDB users. Today’s question is about the number of repos in GraphDB and accessing the data.
