Can we have different security settings for each graph, or are they all on server/db level? Such as *authentication (token and or user name/pass word)
*user level permissions (CRUD)

User object is at DB/Server level.
User object is separated from the fixed roles model of each graph.
https://docs.tigergraph.com/admin/admin-guide/user-access-management/user-privileges-and-authentication#roles-and-privileges

A user can be granted for Graph A’s role 1, and it can also be granted for Graph B’s role 2.
The CRUD of a graph is controlled by the fixed role model.