ONTOTEXT ANSWER:
As you are most likely well aware, GraphDB has support for RBAC. You can enable read and write permissions on the repository level. Besides this, you can also fine-tune permissions on different REST APIs.
However, before we go over “how”, let’s have quick look at “why”. GraphDB has security over all its endpoints by default. Our security is exclusive – this means that each endpoint that is not explicitly whitelisted will be inaccessible. There is usually no need to alter the security. A few cases when you might consider this is:
- When there is a security vulnerability on a given endpoint and you want to forbid it outright. If that is the case, you should also let us know about the vulnerability. We are devoted to securing GraphDB for any fresh issues and would happily release a patch that covers the vulnerabilities without impacting the database’s functionality.
- You want to alter how GraphDB operates. The only reason for doing this is that you want some very specific functionality such as, for example, your repository manager being able to edit the cluster. That’s an unusual course of action.
- You have extended the database (e.g., with a plugin) in a way that requires a new endpoint – at the moment, the open-source plugin API isn’t that flexible. However, if it is, at some point in the future, you may want to set up special permissions for your new plugin.
Now, on to “how” to edit our security module. GraphDB implements Spring Security. This means that hidden deep within our library files, there is a configuration XML that you can edit. By default, the file is located at lib/common/WEB-INF/classes/META-INF/spring. It contains all GraphDB security configurations.
Here’s an example:
This means that any authenticated user can fetch (GET) a saved visual graph. However, only users with full access can modify their own saved graphs. Maybe you want to edit this to hide the saved graphs. That is as easy as dropping the first rule. With Spring security, the most permissive filter takes precedence. So, a user who is both authenticated fully and has the ROLE_USER can alter their own saved graphs.
One useful tool which you can use when you want to disable an endpoint is the denyAll() method. This can be used when you want to remove some GraphDB capabilities.
One practical example. If someone wants to use anonymous access for GraphDB, but still prevent users from obtaining a database dump by using the “Export” button under “Explore” -> “Graphs Overview”, they can add the following line to their configuration.
Of course, since this file is located within our library directory, when you upgrade your GraphDB, you would have to reconfigure your security settings.
Article's content
GraphDB Users Ask: Where Can We Deploy GraphDB And What Are Some Best Practices?
In this blog, we answer questions from our GraphDB users. This question is about where can one deploy GraphDB and what are some best practices
GraphDB Users Ask: What Isolation Levels Does GraphDB Support?
In this blog, we answer questions from our GraphDB users. This question is about the the isolation levels GraphDB supports..
GraphDB Users Ask: What is the Most Important Hardware Attribute for Optimizing GraphDB Performance?
In this blog, we answer questions from our GraphDB users. This question is about the most important hardware attribute for optimizing GraphDB performance.
GraphDB Users Ask: What is the Best Way to Store the Triples’ History in the Database?
In this blog, we answer questions from our GraphDB users. This question is about the best way to store the triples’ history in the database
GraphDB Users Ask: Can I Use Nested Repositories to Introduce Logical Separation to GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about using nested repositories to introduce logical separation to GraphDB
GraphDB Users Ask: Can I Fine-tune Security on Some of the Endpoints in GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about fine-tuning securing on a GraphDB endpoint.
GraphDB Users Ask: What Are the Different Ways to Deploy GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about the different ways to deploy GraphDB.
GraphDB Users Ask: What is the best way to integrate JSON data in GraphDB?
In this blog, we answer questions from our GraphDB users. This question is about the best ways to integrate JSON data in GraphDB.
GraphDB Users Ask: How Does GraphDB’s Security Work, Especially for Automated APIs?
In this feature, we answer questions from our GraphDB users. This question is about how about GraphDB security workds, especially for Automated APIs
GraphDB Users Ask: Is Kafka Only Used for Exporting Data, or for Importing, or Can We Do Both?
In this feature, we answer questions from our GraphDB users. This question is about if Kafka is used only for exporting or importing data or we can use for both
GraphDB Users Ask: How Do I Change the Configuration of an Existing Connector?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to change the configuration of connector if you’ve made a mistake when creating it
GraphDB Users Ask: Are There Any Administration Differences to Operating a Cluster on GraphDB 10?
In this feature, we answer questions from our GraphDB users. Today’s question is about whether there are administration differences to operating a cluster in GraphDB 10
GraphDB Users Ask: Can I Scale GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can scale GraphDB.
GraphDB Users Ask: Can I Change My Inference At Runtime?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can change inference at runtime.
GraphDB Users Ask: How To Mark Statements In A Query As Explicit Or Implicit?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to mark statements in a query as explicit or implicit.
GraphDB Users Ask: Can I Use the Standard Ontop Configurations?
In this feature, we answer questions from our GraphDB users. Today’s question is if one can use the standard Onotp configurations.
GraphDB Users Ask: Should I Use a SPARQL Repository or a HTTP Repository?
In this feature, we answer questions from our GraphDB users. Today’s question us whether to use a SPARQL Repository or a HTTP Repository.
GraphDB Users Ask: Do You Have Any Advice on the Log4j Vulnerability for Different Versions of GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is about the Log4j vulnerability for different versions of GraphDB.
GraphDB Users Ask 12 Very Short Questions
In this feature, we answer questions from our GraphDB users. Today, we answer 12 very short question from GraphDB users.
GraphDB Users Ask: Which of the GraphDB Logs Do I Need to Monitor for Problems?
In this feature, we answer questions from our GraphDB users. Today’s question is about GraphDB logs and how to monitor for problems.
GraphDB Users Ask: Can You Help Me Optimize My Queries?
In this feature, we answer questions from our GraphDB users. Today’s question is about how users can optimize their queries.
GraphDB Users Ask: What’s the Difference Between SPARQL and FedX Federation?
In this feature, we answer questions from our GraphDB users. Today’s question is about the difference between SPARQL and FedX federation.
GraphDB Users Ask: What Does The “Insufficient Free Heap Memory” Error Mean?
In this feature, we answer questions from our GraphDB users. Today’s question is about what the “Insufficient Free Heap memory” error means.
GraphDB Users Ask: How To Optimize My Inference?
In this feature, we answer questions from our GraphDB users. Today’s question is about how to optimize inference.
GraphDB Users Ask: Is RDF-Star The Best Choice For Reification?
In this feature, we answer questions from our GraphDB users. Today’s question is about whether RDF-star is the best choice for reification.
GraphDB Users Ask: Can GraphDB Infer Data Based on Values From a Virtualized Repository?
In this feature, we answer questions from our GraphDB users. Today’s question is about if GraphDB’s inference works with virtualized repositories.
GraphDB Users Ask: How Does SHACL Work on GraphDB?
In this feature, we answer questions from our GraphDB users. Today’s question is about how SHACL works on GraphDB.
GraphDB Users Ask: Does GraphDB Support ABAC?
In this feature, we answer questions from our GraphDB users. Today’s question is about if GraphDB supports ABAC.
GraphDB Users Ask: Why Do I Get Errors About GraphDB Being “Unable to Find Valid Certification Path to Requested Target”?
In this feature, we answer questions from our GraphDB users. Today’s question is about getting errors about GraphDB being “unable to find valid certification path to requested target”.
GraphDB Users Ask: How Can I Break Up My Data to Control Access To It?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security and access control.
GraphDB Users Ask: Why does My Import Start Really Fast But Then Starts Losing Speed After a While?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB import speed.
GraphDB Users Ask: Can You Help Me Understand The Built-in GraphDB Security?
In this feature on our blog, we answer questions from our GraphDB users. Today’s question is about GraphDB security.
GraphDB Users Ask: How Many Repositories Can I Have in GraphDB and How Can I Unite the Disparate Data Between Them?
In this feature, we answer questions from our GraphDB users. Today’s question is about the number of repos in GraphDB and accessing the data.
