Graph access control

diggy · April 10, 2020, 4:39pm

Moved from GitHub dgraph/5167

Experience Report

Note: Feature requests are judged based on user experience and modeled on Go Experience Reports. These reports should focus on the problems: they should not focus on and need not propose solutions.

What you wanted to do

I was considering to evaluate the Enterprise License as it includes ACL. I wanted to know if I can
limit a user seeing the projects of another user.

What you actually did

I went to the Enterprise Features section of the documentation to see how ACL is handled.

Why that wasn’t great, with examples

The documentation mentions an ACL implementation at predicate-level, maybe similar to an ABAC. It would have been enough if dGraph was not a graph dB. However, as far as I understand from the documentation, lateral movement is possible with queries and need to know principle cannot be enforced with this sort of ACL.

Any external references to support your case

A paper on the topic
neo4j 4.0 new security model

Topic		Replies	Views
Access control in DGraph Users	1	1184	November 28, 2017
Is custom access control only possible in enterprise? Dgraph kind:question , auth	3	637	December 6, 2021
How Access Control Works in Dgraph - Dgraph Blog Blog	5	1117	April 5, 2019
[ACL] API for users's access info Dgraph dgraph , kind:enhancement , status:accepted , area:commercial:acl	0	558	December 26, 2019
ACL implementation Users	4	548	January 6, 2020