RBAC Row Policy Overview

Role-Based Access Control (RBAC) row policy is used to control access to specific rows (or for vertex level access control) of data in TigerGraph based on user roles and attribute values.

RBAC Row Policy is currently a Preview Feature. Preview Features give users an early look at future production-level features.

Preview Features should not be used for production deployments.

User Guide

The row policy user guide has two parts:

RBAC: Row Policy Key Concepts - Learn the key concpets and features that make up row policy.
Setup Row Policy - Learn how to setup a basic row policy using an example dataset.

Object-Based Privilege Tables

Here you can find the Object-Based privilege tables for reference.

Row Policy EBNF

Here you can find the row policy EBNF examples for reference.

Row Policy Limitations

Because exception statements are not supported for INTERPRET mode, if a query is affected by a row policy, ensure to always install it before running it.
Currently, we only support row policy on vertices, not on edges.
A global vertex can only hold one global row policy and cannot apply a local row policy on a global vertex in a graph.
LOADACCUM will be blocked if the vertex type to be loaded has a row policy.
SelectVertex should always have a vSet assignment, if there are any row policies in the graph.
Statistics data will not be affected by row policies:
- Blueprint function outdegree()
- Commands that are related to built-in functions on graph, such as:
  - select count(*) from vertexType
  - Built-in Endpoints.