User authentication

Hello good day,

I am exploring dgraph, but after browsing the docs, I cant find how to manage users for the database.

I tried to install it, and I can access the database without a user/password.

I felt dumb, I want to ask, where I can find the docs about managing users for the database?

Thanks.

There’s currently no mechanism for user/password based authentication. You could set up TLS for now (which doesn’t totally give you what you want). We do have plans to add TLS support this year.

You mean user/password based authentication?

Right. Sorry for the typo. We have plans to add user/pwd based auth.

1 Like

Hi, can ask you some questions?

Do you intend to use this feature to manage user control of the database or your client (application/auth) users?

For the second option generally we create an isolated API. So inside that I API you will construct your model of users/auth logic. So in that case only that API can access Dgraph.

The first one I don’t see hurry to implement. But as most of all database has it. It’s good to has too.

Cheers.

Hi,
I 'm also interested in the access control feature.
Just like other databases, you can create user, grant or revoke user privileges for resource access.
I want a feature of query control.
if I grant an access privileges to user bob for some URI like
“bob:/function/has”, ## this means bob can use has function in query
“bob:/hasUser/user/createdTime”,
then bob can write query like this:

{
 q(func: has(hasUser)){
          user{
                  createdTime
          }
  }
}

However, if bob write a query like this,

{
 q(func: has(hasUser)){
          user{
                  name
          }
  }
}

an access deny response should be given.
for he didn’t have access privilages for “bob:/hasUser/user/name”

by the way, “bob:/" means bob can access any resources.
"bob:/
/name/*” means bob can access all “name” predicates

PS. Or maybe I’m just confusing everything. Zer09 said “managing users for the database”. For me he is talking about DB access and not application level.

Well, for end users I do not see much relation to this authentication control feature (But Dgraph is working on it) with the Dgraph instance access control. I think this could be something like “security” matters and not user management.

@BlankRain Today you can do what you wanna do, just mount your bussines logic facing this. You can use specific kinds for group of Nodes (this is fully free, up to you). You can create something like “has (protected)”, “has (top.secret)”, “has (pin.to.access)” and several possibilities to add to your nodes. Hence you will determine in your API how to handle it. Your API will determine who has access or not.

Taking GraphQL as an example, it does not have this feature by default. The GraphQL team neither gives a specific recommendation, leaving it totally free for developers to choose the best approach. In Dgraph you already have something plausible as I exemplify above.

And I don’t know if there is some DB with user management alredy ready to go. It does exist?

your idea is great. thank you very much :grinning::grinning::grinning:

1 Like