In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security.
ONTOTEXT ANSWER:
As with most serious matters, the question of security is not simple to answer. We even have to briefly touch upon inference to fully understand the answer. Luckily, we have provided a robust mechanism already. All you have to do is configure it.
Data in GraphDB is stored in repositories. You can think about them as you would think about separate databases. The repositories are completely separate, with their own inference rules, SHACL shapes and – of course – security roles. The security roles here are three:
- user – with read or write permissions;
- repository manager – can access all repositories, delete and create them, and has read and write access to all of them;
- administrator – can also manage the cluster and security.
You can use SPARQL federation to access data across repositories. But to do that, you have to have access to the other repositories as well. This security model can be supported by a wide range of infrastructure. We offer a default internal user database, but can also cover users coming from LDAP, OAuth, Kerberos, OpenID.
As GraphDB handles a knowledge graph, many users would like to have security access over graphs or even particular triples. Unfortunately, this is not covered by the database alone. Mainly because of our inference model, but also because of performance considerations. Remember that GraphDB uses materialization (you can check out our previous blog post for a quick explanation). So, when you are uploading data, can you use data in other graphs for inference? In our model, the answer is “yes”. If security covered the named graph or triple level, for each insert, the database would have to look up the security model of the entire database. Furthermore, when inferring new statements, where should they be stored? Do you have read access over that particular graph? How about write access? You see why this model would quickly become unsustainable.
Fortunately, we already have an answer to this problem. Ontotext Platform comes to the rescue.
The Platform offers a very powerful Role Based Access Control (RBAC) mechanism, which allows you fine grained control over your data at the object level. This is done by applying filters on the incoming GraphQL query, before turning it to SPARQL. So, you may have read access to all objects of the type Customer. Or, perhaps, only to objects of the type EuropeanCustomer. The granularity of operations is also greater. There’s read and update/create permissions, but also delete permissions. With this security model, you don’t need to use named graphs or awkward triple-based rules. The Platform allows you to handle security at the most logical level – directly to objects. That’s how data is usually modeled, allowing you to make as little changes to the knowledge graph as possible.
Did this help you solve your issue? Your opinion is important not only to us but also to your peers.
Article's content
GraphDB Users Ask: Where Can We Deploy GraphDB And What Are Some Best Practices?
In this blog, we answer questions from our GraphDB users. This question is about where can one deploy GraphDB and what are some best practices
GraphDB Users Ask: What Isolation Levels Does GraphDB Support?
In this blog, we answer questions from our GraphDB users. This question is about the the isolation levels GraphDB supports..
GraphDB Users Ask: What is the Most Important Hardware Attribute for Optimizing GraphDB Performance?
In this blog, we answer questions from our GraphDB users. This question is about the most important hardware attribute for optimizing GraphDB performance.
GraphDB Users Ask: What is the Best Way to Store the Triples’ History in the Database?
In this blog, we answer questions from our GraphDB users. This question is about the best way to store the triples’ history in the database
GraphDB Users Ask: Can I Use Nested Repositories to Introduce Logical Separation to GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about using nested repositories to introduce logical separation to GraphDB
GraphDB Users Ask: Can I Fine-tune Security on Some of the Endpoints in GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about fine-tuning securing on a GraphDB endpoint.
GraphDB Users Ask: What Are the Different Ways to Deploy GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about the different ways to deploy GraphDB.
GraphDB Users Ask: What is the best way to integrate JSON data in GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about the best ways to integrate JSON data in GraphDB.
GraphDB Users Ask: How Does GraphDB’s Security Work, Especially for Automated APIs?
In this feature, we answer questions from our GraphDB users. This question is about how about GraphDB security workds, especially for Automated APIs
GraphDB Users Ask: Is Kafka Only Used for Exporting Data, or for Importing, or Can We Do Both?
In this feature, we answer questions from our GraphDB users. This question is about if Kafka is used only for exporting or importing data or we can use for both
GraphDB Users Ask: How Do I Change the Configuration of an Existing Connector?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to change the configuration of connector if you’ve made a mistake when creating it
GraphDB Users Ask: Are There Any Administration Differences to Operating a Cluster on GraphDB 10?
In this feature, we answer questions from our GraphDB users. Today’s question is about whether there are administration differences to operating a cluster in GraphDB 10
GraphDB Users Ask: Can I Scale GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can scale GraphDB.
GraphDB Users Ask: Can I Change My Inference At Runtime?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can change inference at runtime.
GraphDB Users Ask: How To Mark Statements In A Query As Explicit Or Implicit?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to mark statements in a query as explicit or implicit.
GraphDB Users Ask: Can I Use the Standard Ontop Configurations?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can use the standard Onotp configurations.
GraphDB Users Ask: Should I Use a SPARQL Repository or a HTTP Repository?
In this feature, we answer questions from our GraphDB users. Today’s question us whether to use a SPARQL Repository or a HTTP Repository.
GraphDB Users Ask: Do You Have Any Advice on the Log4j Vulnerability for Different Versions of GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is about the Log4j vulnerability for different versions of GraphDB.
GraphDB Users Ask 12 Very Short Questions
In this feature, we answer questions from our GraphDB users. Today, we answer 12 very short question from GraphDB users.
GraphDB Users Ask: Which of the GraphDB Logs Do I Need to Monitor for Problems?
In this feature, we answer questions from our GraphDB users. Today’s question is about GraphDB logs and how to monitor for problems.
GraphDB Users Ask: Can You Help Me Optimize My Queries?
In this feature, we answer questions from our GraphDB users. Today’s question is about how users can optimize their queries.
GraphDB Users Ask: What’s the Difference Between SPARQL and FedX Federation?
In this feature, we answer questions from our GraphDB users. Today’s question is about the difference between SPARQL and FedX federation.
GraphDB Users Ask: What Does The “Insufficient Free Heap Memory” Error Mean?
In this feature, we answer questions from our GraphDB users. Today’s question is about what the “Insufficient Free Heap memory” error means.
GraphDB Users Ask: How To Optimize My Inference?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to optimize inference.
GraphDB Users Ask: Is RDF-Star The Best Choice For Reification?
In this feature, we answer questions from our GraphDB users. Today’s question is about whether RDF-star is the best choice for reification.
GraphDB Users Ask: Can GraphDB Infer Data Based on Values From a Virtualized Repository?
In this feature, we answer questions from our GraphDB users. Today’s question is about if GraphDB’s inference works with virtualized repositories.
GraphDB Users Ask: How Does SHACL Work on GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is about how SHACL works on GraphDB.
GraphDB Users Ask: Does GraphDB Support ABAC?
In this feature, we answer questions from our GraphDB users. Today’s question is about if GraphDB supports ABAC.
GraphDB Users Ask: Why Do I Get Errors About GraphDB Being “Unable to Find Valid Certification Path to Requested Target”?
In this feature, we answer questions from our GraphDB users. Today’s question is about getting errors about GraphDB being “unable to find valid certification path to requested target”.
GraphDB Users Ask: How Can I Break Up My Data to Control Access To It?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security and access control.
GraphDB Users Ask: Why does My Import Start Really Fast But Then Starts Losing Speed After a While?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB import speed.
GraphDB Users Ask: Can You Help Me Understand The Built-in GraphDB Security?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security.
GraphDB Users Ask: How Many Repositories Can I Have in GraphDB and How Can I Unite the Disparate Data Between Them?
In this feature, we answer questions from our GraphDB users. Today’s question is about the number of repos in GraphDB and accessing the data.
