Dgraph Security Control

I like to use dgraph at work, and now I have some security issues, please support

  1. How to set the login password, we need to deploy a production environment, so we need a strong password

  2. How to create a read-only account. As you can see, any user can enter query and mute and modify the schema. I need to restrict ordinary users to only query

    I tried to change password as access-control but got an error

In addition, is the acl only available in the enterprise version?

yes, ACL is an enterprise feature. Either you will have to use Dgraph Cloud or get an Enterprise Support contract.

ok thanks.How about my question one.Can the open source version change the default login password

Options for the community version:

You can use TLS Configuration - Deploy - With TLS only those clients with the cert will be able to access.

You can also set a token

--security string            Security options
 token=; If set, all Admin requests to Dgraph will need to have this token. 
The token can be passed as follows: for HTTP requests, in the X-Dgraph-AuthToken header. 
For Grpc, in auth-token key in the context.

With this all clients have to pass that token(custom token, AKA Poor Man’s ACL)

You are trying to execute a GraphQL mutation in Ratel. Ratel does not support GraphQL. Hence the error. You should the Admin run query/mutation it via cURL or a GraphQL client.


Never expose your database in public. Always create an API and put it behind a firewall. Your back-end should be the one that controls the DB access.

No, ACL is EE.

If you are confused by the Login part in Ratel. Don’t worry, you don’t need to log in to the community version.

1 Like

Thanks, I have successfully configured tls. Later, if I need to strengthen authority control, I will consider purchasing the enterprise version