Secure GraphDB

Security configurations in the GraphDB Workbench are located under Setup -> Users and Access.

The Users and Access page allows you to create new users, edit the profiles, change their password and read/write permissions for each repository, as well as delete them.


As a security precaution, you cannot delete or rename the admin user.

Enable security


By default, the security for the entire Workbench instance is disabled. This means that everyone has full access to the repositories and the admin functionality.

To enable security, click the Security slider on the top right. You are immediately taken to the login screen.

Login and default credentials


The default admin credentials are:

username: admin
password: root


We recommend changing the default credentials for the admin account as soon as possible. Using the default password in production is not secure.

Free access

Once you have enabled security, you can turn on free access mode. If you click the slider associated with it, you will be shown this pop-up box:


This gives you the ability to allow unrestricted access to a number of resources without the need of any authentication.

In the example above, all users will be able to read and write in the repository called “news”, and read the “wine” repository. They will also be able to create or delete connectors and toggle plugins for the “news” repository.

Application settings allow you to configure the default behavior for the GraphDB Workbench.

Users and Roles

Create new user

This is the user creation screen.


Any user can have three different roles:

  • User - can save SPARQL queries, graph visualizations or user-specific server side settings. Can also be given specific repository permissions.

  • Repository manager - in addition to what a standard user can do, also has full read and write permission to all repositories. Can create, edit, and delete them. Can also access monitoring and configure whether the service reports anonymous usage statistics.

  • Admin - can perform any server operation.

Regular users can be granted specific repository permissions. Granting a write permission to a user will mean that they can also read that repository.

If you want to allow a particular user global access to all repositories, you can do that by using the Any data repository checkbox.

Set password


The only difference between the Edit user and Create new user screens is that in Edit user, you cannot change the username.