User Access Management

TigerGraph’s user access management features are based on the role-based access control (RBAC) model, on top of which there are additional features that give users finer-grain data access control. Particularly, users can use access control lists (ACL) to govern access to GSQL queries and even override RBAC.

User authentication is not enabled by default. To secure your database and the underlying system, we strongly suggest that you enable authentication.

Below is a list of the key features of TigerGraph’s user access management system:

Users and Credentials

A TigerGraph user is a database-level security principal on the TigerGraph platform. When user authentication is enabled, only clients who can provide credentials that identify themselves as a user can interact with the TigerGraph database.

The TigerGraph platform offers two options for credentials:

  • A username-password pair used to log in to GSQL and make HTTP requests.

  • A token - a unique 32-character string with an expiration date, used for REST++ requests.

  • An ACL password used to run commands to alter the ACL privileges of a query.