We would like to allow users with query-reader privilege to execute our custom queries through dynamic endpoints, but we would like to restrict access explicitly to that. That is, we would like to deny the ability of these users to execute queries at the built-in endpoints (e.g. GET/DELETE vertices/edges, path-finding algorithms, etc.). Do these query-reader users have access to these endpoints by default, and if so is it possible to disable that allowance?
You can add REST authentication to ALL endpoints. This would DENY all access to those endpoints unless an authorized user had the appropriate authentication token.
The GraphStudio is using these REST endpoints to serve up all interactions so turning them off would also disable your ability to use other parts of the TigerGraph products.
To enable REST auth you must have access to the server where TigerGraph is installed.
gadmin config set RESTPP.Factory.EnableAuth true gadmin config apply gadmin restart restpp nginx gui -y
@shivashriganesh Does this help?
@Jon_Herke That does help, but to expand on it would it be possible to sort of define custom user groups with different permissions to query endpoints? Like group 1 could execute queries at some endpoints which group 2 couldn’t and vice versa.
@Jon_Herke I suppose a better word would be custom roles, for which access to endpoints and restrictions on running certain queries are also customizable. Is this possible?
@shivashriganesh If you are in an enterprise, you might be using LDAP. If so, you can tie your LDAP groups to your database groups that allow users to only have certain roles.
Or, you can manually set this up in the database. I’ve provided all the links below which has sample examples.