User Access Management

User Access Management

GraphStudio follows TigerGraph user authentication and role-based access control model. Read more in the document Managing User Privileges and Authentication.

Log On

If GSQL tigergraph superuser password hasn't been changed (default password is tigergraph), then no user login is needed for GraphStudio. Otherwise, users must provide credentials (e.g., username and password) to log in GraphStudio. In addition, your system administrator can integrate TigerGraph with other user access management systems (e.g., LDAP, Active Directory, or SAML-based Single Sign On). See the User Access Management for how to set up LDAP or SSO.
After login, the user is assigned to one of the graphs for which he has access to.
For users other than superuser or globaldesigner, if users do not have access to any graphs, they cannot enter GraphStudio. Hints will show in login page:
After login, the user is assigned to one of the graphs for which he has access to.
To log out, click the User icon
and then the Sign Out icon.

Role- and Graph- Based Access Control

TigerGraph uses role-based access control with several pre-defined roles. Each role is a logical collection of data access privileges, such as querywriter or admin. Each user is assigned one or more roles by a graph admin user or by a superuser. Roles are also graph-specific. For example, user Pat could be an admin on graph G1 but a querywriter on graph G2.
New feature available
In v3.0, Admin Portal supports user management. Read more at Admin Portal UI Guide.
When a user logs in and/or selects a graph, GraphStudio will disable certain actions based on the user's role on that graph. On each working panel, a warning note will alert the user to features which are disabled. For example, in the current version of GraphStudio, users with querywriter, queryreader, or observer role will see the following warnings on the Design Schema working panel:
The table below summarizes the built-in roles and of their key privileges on GraphStudio:
superuser
globaldesigner
admin
designer
querywriter
queryreader
observer
Create a new graph schema
YES
YES
Drop a graph
YES
Can only drop graphs created by herself
Modify a graph schema
YES
YES
YES
YES
View a graph schema
YES
YES
YES
YES
YES
YES
YES
Create a data mapping
YES
YES
YES
YES
View a data mapping
YES
YES
YES
YES
YES
YES
YES
Load data
YES
YES
YES
YES
YES
YES
Explore a graph
YES
YES
YES
YES
YES
YES
Write a query
YES
YES
YES
YES
YES
Run a query
YES
YES
YES
YES
YES
YES

Global View and Select A Graph

Beginning with Version 1.2, the TigerGraph system can support multiple graphs within one TigerGraph instance. Read more at MultiGraph - An Overview.
For superuser and globaldesigner users, by default they will be in global view.
Click the card showing current graph and user roles, and a dropdown menu of graphs the current user can access will appear. In addition, superuser or globaldesigner users can create and drop graphs.
For other users, there is no access to global view, and you cannot create or drop graphs.
Click the graph name to switch to another graph.
A graph superuser grants each user access to particular graphs in User Management page at Admin Portal. In addition, users with either superuser and admin role can grant other users access to particular graphs using GSQL commands.
Last modified 1yr ago