User Access Management
TigerGraph’s user access management features are based on the role-based access control (RBAC) model, on top of which there are additional features that give users finer-grain data access control. Particularly, users can use access control lists (ACL) to govern access to GSQL queries and even override RBAC.
|User authentication is not enabled by default. To secure your database and the underlying system, we strongly suggest that you enable authentication.|
Below is a list of the key features of TigerGraph’s user access management system:
A TigerGraph user is a database-level security principal on the TigerGraph platform. When user authentication is enabled, only clients who can provide credentials that identify themselves as a user can interact with the TigerGraph database.
The TigerGraph platform offers two options for credentials:
A username-password pair used to log in to GSQL and make HTTP requests.
A token - a unique 32-character string with an expiration date, used for REST++ requests.
An ACL password used to run commands to alter the ACL privileges of a query.