Enabling User Authentication
Enabling user authentication on TigerGraph enforces access control, requiring users to identify themselves and ensuring that users can only perform actions allowed by their roles.
When the TigerGraph platform is first installed, user authentication is disabled. The installation process creates a gsql superuser who has the name tigergraph
and password tigergraph
.
As long as this user’s password is tigergraph
, GSQL authentication remains disabled.
It is strongly suggested that you at least change the default user password to enable GSQL user authentication. Not enabling GSQL authentication has the potential to give unauthorized users broad control over your database and the underlying system. |
Because there are two ways to access the TigerGraph system, either through the GSQL shell or through REST++ requests, there are two steps needed to secure your system with authentication enabled for both points of entry:
Enable GSQL authentication
To enable user authentication for GSQL, change the password of the default user whose username tigergraph
to something other than tigergraph
.
Procedure
-
Log in to the GSQL shell as the default user
tigergraph
.Since authentication is not enabled, enteringgsql
into the Linux terminal under the TigerGraph Linux user will log you in as usertigergraph
automatically. -
Run the following command to change the password, and enter the new password as prompted:
GSQL > ALTER PASSWORD
-
User authentication has been enabled.Exit the GSQL shell and try to reenter, and confirm that GSQL will now prompt for your password.
$ gsql Password for tigergraph : ********
-
To log in as a different user, use the
-u
option when you enter the GSQL shell.You can also supply the password in the same command with the-p
option.$ gsql -u newuser -p mypassword
Enable RESTPP authentication
To enable RESTPP authentication, set the RESTPP.Factory.EnableAuth
parameter to true
.
Procedure
-
As the TigerGraph Linux user, run the following command:
Enabling REST++ OAuth Authentication$ gadmin config set RESTPP.Factory.EnableAuth true
-
Run the following commands to save the configuration and restart system services:
Enabling REST++ OAuth Authentication$ gadmin config apply $ gadmin restart restpp nginx gui gsql -y
After enabling user authentication, the /requesttoken
endpoint becomes available for you to generate tokens used to authenticate your REST requests to the REST++ server.