Secure GraphDB

Security configurations in the GraphDB Workbench are located under Setup ‣ Users and Access.

The Users and Access page allows you to create new users, edit the profiles, change their password and read/write permissions for each repository, as well as delete them.

Note

As a security precaution, you cannot delete or rename the admin user.

Enable security

_images/users_and_access.png

By default, the security for the entire Workbench instance is disabled. This means that everyone has full access to the repositories and the admin functionality.

To enable security, click the Security slider on the top right. You are immediately taken to the login screen.

Login and default credentials

_images/login.png

The default admin credentials are:

username: admin
password: root

Note

We recommend changing the default credentials for the admin account as soon as possible. Using the default password in production is not secure.

Free access

Once you have enabled security, you can turn on free access mode. If you click the slider associated with it, you will be shown this pop-up box:

_images/Free_access_configuration.png

This gives you the ability to allow unrestricted access to a number of resources without the need of any authentication.

In the example above, all users will be able to read and write in the repository called “my_repo”, and read the “remote_repo” repository. They will also be able to create or delete connectors and toggle plugins for the “my_repo” repository.

Application settings allow you to configure the default behavior for the GraphDB Workbench. Here, you can enable or disable the following:

  • Default sameAs value - This is the default value for the Expand results over owl:sameAs option in the SPARQL editor. It is taken each time a new tab is created. Note that once you toggle the value in the editor, the changed value is saved in your browser, so the default is used only for new tabs. The setting is also reflected in the Graph settings panel of the Visual graph.

  • Default Inference - Same as above, but for the Include inferred data in results option in the SPARQL editor. The setting is also reflected in the Graph settings panel of the Visual graph.

  • Count all SPARQL results - For each query without limit sent through the SPARQL editor, an additional query is sent to determine the total number of results. This value is needed both for your information and for results pagination. In some cases, you do not want this additional query to be executed, because for example the evaluation may be too slow for your data set. Set this option to false in this case.

Users and Roles

Create new user

This is the user creation screen.

_images/Create-new-user2.png

Any user can have three different roles:

  • User - can save SPARQL queries, graph visualizations or user-specific server side settings. Can also be given specific repository permissions.

  • Repository manager - in addition to what a standard user can do, also has full read and write permission to all repositories. Can create, edit, and delete them. Can also access monitoring and configure whether the service reports anonymous usage statistics.

  • Admin - can perform any server operation.

Regular users can be granted specific repository permissions. Granting a write permission to a user will mean that they can also read that repository.

If you want to allow a particular user global access to all repositories, you can do that by using the Any data repository checkbox.

Set password

The edit icon under Actions next to each user in the list will take you to the following screen:

_images/Edit_User.png

The only difference between the Edit user and Create new user screens is that in Edit user, you cannot change the username.