2.3
Introduction and Overview
System Administration
Web UI
Developer's Guides
User Access Management
User Access Management
GraphStudio follows TigerGraph user authentication and role-based access control model. Read more in the document Managing User Privileges and Authentication.
Log On
If user authentication is not enabled, i.e., GSQL tigergraph superuser password hasn't been changed, then no user login is needed for GraphStudio. If user authentication has been enabled, then users must provide credentials (e.g., username and password) to enter GraphStudio. In addition, your system administrator can integrate TigerGraph with other user access management systems (e.g., LDAP, Active Directory, or SAML-based Single Sign On). See the User Access Management for how to set up LDAP or SSO.
After login, the user is assigned to one of the graphs for which he has access to.
To logout, click the User icon
and then the Sign Out icon.
​
Role- and Graph- Based Access Control
TigerGraph uses role-based access control with several pre-defined roles. Each role is a logical collection of data access privileges, such as querywriter or admin. Each user is assigned one or more roles by a graph admin user or by a superuser. Roles are also graph-specific. For example, user Pat could be an admin on graph G1 but a querywriter on graph G2.
Current Limitation
Currently, role assignments can only be made in the GSQL shell. In the future Admin Portal will support user management functionality.
When a user logs in and/or selects a graph, GraphStudio will disable certain actions based on the user's role on that graph. On each working panel, a warning note will alert the user to features which are disabled. For example, in the current version of GraphStudio, users with querywriter, queryreader, or observer role will see the following warnings on the Design Schema working panel:
The table below summarizes the built-in roles and of their key privileges on GraphStudio:
​
superuser
admin
designer
querywriter
queryreader
observer
Create a new graph schema
YES
​
​
​
​
​
Modify a graph schema
YES
GSQL - yes;
GraphStudio - not yet supported
GSQL - yes;
GraphStudio - not yet supported
​
​
​
View a graph schema
YES
YES
YES
YES
YES
YES
Create a data mapping
YES
YES
YES
​
​
​
View a data mapping
YES
YES
YES
YES
YES
YES
Load data
YES
YES
YES
YES
YES
​
Explore a graph
YES
YES
YES
YES
YES
​
Write a query
YES
YES
YES
YES
​
​
Run a query
YES
YES
YES
YES
YES
​
Select A Graph
Beginning with Version 1.2, the TigerGraph system can support multiple graphs within one TigerGraph instance. Read more at MultiGraph - An Overview. If you have access to more than one graph, at the top of the Menu Bar an arrow will appear. Click the arrow to expand the graph list and select a graph.
​
Current Limitations
Currently, not all of the TigerGraph capabilities for creating and using multiple graphs are available through GraphStudio; some operations can only be performed from the GSQL shell. Below is the list of current MultiGraph-related limitations.
Creating a New Graph Schema:
- 1.A superuser can create a graph schema only if no graphs currently exist.
- 2.Admin and designer users cannot create a graph schema in GraphStudio.
Modifying a Graph Schema:
- 1.A superuser can modify a graph schema if and only if exactly one graph exists.
- 2.Admin and designer users cannot modify a graph schema in GraphStudio.
- 3.Only superusers can modify visual styling of schemas – color , vertex icons, and layout. Visual styling is supported even when there are multiple graphs.
A graph admin user or superuser grants each user access to particular graphs. Currently, granting and revoking privileges must be done as GSQL commands; user roles cannot be managed in GraphStudio yet.
Last modified 3yr ago
Export as PDF
Copy link