Enabling User Authentication
Enabling user authentication on TigerGraph enforces access control, requiring users to identify themselves and ensuring that users can only perform actions allowed by their roles.
When the TigerGraph platform is first installed, user authentication is disabled. The installation process creates a gsql superuser who has the name tigergraph and password tigergraph. As long as this user's password is tigergraph, GSQL authentication remains disabled.
Because there are two ways to access the TigerGraph system, either through the GSQL shell or through REST++ requests, there are two steps needed to secure your system with authentication enabled for both points of entry:

Enable GSQL authentication

To enable user authentication for GSQL, change the password of the default user whose username tigergraph to something other than tigergraph.

Procedure

  1. 1.
    Log in to the GSQL shell as the default user tigergraph. Since authentication is not enabled, entering gsql into the Linux terminal under the TigerGraph Linux user will log you in as user tigergraph automatically.
  2. 2.
    Run the following command to change the password, and enter the new password as prompted:
    1
    GSQL > ALTER PASSWORD
    Copied!
  3. 3.
    User authentication has been enabled. Exit the GSQL shell and try to reenter, and confirm that GSQL will now prompt for your password.
    1
    $ gsql
    2
    Password for tigergraph : ********
    Copied!
  4. 4.
    To log in as a different user, use the -u option when you enter the GSQL shell. You can also supply the password in the same command with the -p option.
    1
    $ gsql -u newuser -p mypassword
    Copied!

Enable RESTPP authentication

To enable RESTPP authentication, set the RESTPP.Factory.EnableAuth parameter to true.

Procedure

  1. 1.
    As the TigerGraph Linux user, run the following command:
    Enabling REST++ OAuth Authentication
    1
    $ gadmin config set RESTPP.Factory.EnableAuth true
    Copied!
  2. 2.
    Run the following commands to save the configuration and restart system services:
    Enabling REST++ OAuth Authentication
    1
    $ gadmin config apply
    2
    $ gadmin restart restpp nginx gui gsql -y
    Copied!
Last modified 1mo ago