I am looking for information about databases per instance in JanusGraph and couldn't find proper documentation for it. The main concern in the security boundary between the databases in one instance. Let's say there are 2 databases in one instance of JanusGraph. Is it possible to configure security such that user A only has access to Database1 and user B only has access to Database2? If so, how is this security handled.
Asked
Active
Viewed 402 times
1 Answers
3
In JanusGraph as it exists today, a "database" would be a separate Graph, each of which must be defined and instantiated at server start. JanusGraph adheres to the TinkerPop specifications, so it is run with the Gremlin server, which comes with its own authenticators: http://tinkerpop.apache.org/docs/current/reference/#_security_and_execution.
The out of the box authenticators only authenticate for server level access. However, with this PR being merged into TinkerPop: https://github.com/apache/tinkerpop/pull/583, you can write a custom authentication scheme that takes into account graph level access.
Also note that this PR: https://github.com/JanusGraph/janusgraph/pull/392 is currently open in the JanusGraph repo which will allow for the instantiation/creation of graphs, i.e. "databases", dynamically (post server start). Take a look at the GraphManager class there if you end up implementing a custom authentication scheme that takes into account graph level access, and if you do, you should commit your changes upstream into OSS.
David
- 486
- 2
- 9
-
http://tinkerpop.apache.org/docs/current/reference/#_security_and_execution is dead. – Gmosy Gnaq Feb 24 '21 at 07:10