Secure GraphDB¶

What’s in this document?

Security configurations in the GraphDB Workbench are located under Setup ‣ Users and Access.

The Users and Access page allows you to create new users, edit the profiles, change their password and read/write permissions for each repository, as well as delete them.

Note

As a security precaution, you cannot delete or rename the admin user.

Enable security¶

By default, the security for the entire Workbench instance is disabled. This means that everyone has full access to the repositories and the admin functionality.

To enable security, click the Security slider on the top right. You are immediately taken to the login screen.

Note

We recommend changing the default credentials for the admin account as soon as possible. Using the default password in production is not secure.

Free access¶

Once you have enabled security, you can turn on free access mode. If you click the slider associated with it, you will be shown this pop-up box:

This gives you the ability to allow unrestricted access to a number of resources without the need of any authentication.

In the example above, all users will be able to read and write in the repository called “news”, and read the “wine” repository. They will also be able to create or delete connectors and toggle plugins for the “news” repository.

Application settings allow you to configure the default behavior for the GraphDB Workbench. Here, you can enable or disable the following:

• Default sameAs value - This is the default value for the Expand results over owl:sameAs option in the SPARQL editor. It is taken each time a new tab is created. Note that once you toggle the value in the editor, the changed value is saved in your browser, so the default is used only for new tabs. The setting is also reflected in the Graph settings panel of the Visual graph.

• Default Inference - Same as above, but for the Include inferred data in results option in the SPARQL editor. The setting is also reflected in the Graph settings panel of the Visual graph.

• Count all SPARQL results - For each query without limit sent through the SPARQL editor, an additional query is sent to determine the total number of results. This value is needed both for your information and for results pagination. In some cases, you do not want this additional query to be executed, because for example the evaluation may be too slow for your data set. Set this option to false in this case.

Users and Roles¶

Create new user¶

This is the user creation screen.

Any user can have three different roles:

• User - can save SPARQL queries, graph visualizations or user-specific server side settings. Can also be given specific repository permissions.

• Repository manager - in addition to what a standard user can do, also has full read and write permission to all repositories. Can create, edit, and delete them. Can also access monitoring and configure whether the service reports anonymous usage statistics.

• Admin - can perform any server operation.

Regular users can be granted specific repository permissions. Granting a write permission to a user will mean that they can also read that repository.

If you want to allow a particular user global access to all repositories, you can do that by using the Any data repository checkbox.