Authentication
GraphStudio follows the TigerGraph user authentication and role-based access control model as described in the document User Access Management.
Log On
If the GSQL tigergraph
superuser password hasn’t been changed from the default of tigergraph
, then no user login is needed for GraphStudio.
Otherwise, users must provide a username and password to log in to GraphStudio.
In addition, your system administrator can integrate TigerGraph with other user access management systems (e.g., LDAP, Active Directory, or SAML-based Single Sign On).
See the User Access Management guide for information on setting up LDAP or SSO.
Users with roles other than superuser or globaldesigner who do not have access to any graphs cannot enter GraphStudio and will see an error on the login page:
Once inside GraphStudio, log out by clicking the User icon and Log Out.
Role- and graph-based access control
TigerGraph uses role-based access control with several pre-defined roles. Each role is a logical collection of data access privileges, such as querywriter or admin. Each user is assigned one or more roles by a graph admin user or by a superuser. Roles are also graph-specific. For example, user Pat could be an admin on graph G1 but a querywriter on graph G2.
When a user logs in and/or selects a graph, GraphStudio will disable certain actions based on the user’s role on that graph. On each working panel, a warning note will alert the user to features which are disabled. For example, in the current version of GraphStudio, users with querywriter, queryreader, or observer role will see the following warnings on the Design Schema working panel:
The table below summarizes the built-in roles and of their key privileges on GraphStudio:
superuser | globaldesigner | admin | designer | querywriter | queryreader | observer | |
---|---|---|---|---|---|---|---|
Create a new graph schema |
YES |
YES |
|||||
Drop a graph |
YES |
Can only drop graphs created by herself |
|||||
Modify a graph schema |
YES |
YES |
YES |
YES |
|||
View a graph schema |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Create a data mapping |
YES |
YES |
YES |
YES |
|||
View a data mapping |
YES |
YES |
YES |
YES |
YES |
YES |
YES |
Load data |
YES |
YES |
YES |
YES |
YES |
YES |
|
Explore a graph |
YES |
YES |
YES |
YES |
YES |
YES |
|
Write a query |
YES |
YES |
YES |
YES |
YES |
||
Run a query |
YES |
YES |
YES |
YES |
YES |
YES |
GlobalView and Select A Graph
The TigerGraph system can support multiple graphs within one TigerGraph instance. Read more at MultiGraph - An Overview.
Superuser and globaldesigner users see the global view by default.
Click the card showing current graph and user roles, and a dropdown menu of graphs the current user can access will appear.
In addition, superuser or globaldesigner users can create and drop graphs.
Other users have no access to global view and cannot create or drop graphs.