Secure GraphDB

Security configurations in the GraphDB workbench are located under Setup -> Users and Access.

The Users and Access page allows you to create new users, edit the profiles, change their password and read/write permissions for each repository and delete them.

Note

As a security precaution, you cannot delete or rename the “admin” user.

Enable security

_images/users_and_access.png

By default, the security for the entire Workbench instance is disabled. This means that everyone has full access to the repositories and the admin functionality.

To enable security, click the Security slider on the top right. You will immediately be taken to the login screen.

Login and default credentials

_images/login.png

The default admin credentials are:

username: admin
password: root

Note

We recommend changing the default credentials for the admin account as soon as possible. Using the default password in production is not secure.

Free access

Once you have security turned on, you can turn on free access mode. If you click the slider associated with it, you will be show this pop-up box:

_images/Free_access_configuration.png

This gives you the ability to allow unrestricted access to a number of resources without the need for any authentication.

In the example given, all users will be able to read and write the repository called “news” and read the “wine” repository. They will also be able to create or delete connectors and toggle plugins for the “news” repository.

Application settings allow you to configure the default behaviour for the GraphDB workbench and are explained in more detail in their own section of the documentation.

Users and Roles

Create new user

This is the user creation screen.

_images/Create-new-user2.png

Any user can have three different roles:

  • User - a user who can save SPARQL queries, graph visualizations or user-specific server side settings. Can also be given specific repository permissions.
  • Repository manager - in addition to what a standard user can do, also has full read and write permission to all repositories, also can create, edit and delete them, can access monitoring and can configure whether the service reports anonymous usage statistics.
  • Admin - can perform any server operation.

In addition to this, regular users can be granted specific repository permissions. Granting a write permission to a user will also mean that they can read that repository.

If you want to allow a particular user global access to all repositories, you can do that by using the Any data repository checkbox.

Set password

_images/Edit_User.png

The screen which shows you user details and edit permissions only differs from the user creation screen by the fact that you cannot change the username. Here you can change the password by filling in a new password and confirm it by typing it again in the lower text box.