Delbert Ferry

Delbert Ferry

1623925190

GraphQL Access Control

A GraphQL schema defines types. Each type — except for scalar types like Int, Float or String — has fields which define the relationship between this type and other types (one to one, or one to many). If you think about your schema in terms of a graph, types are the nodes of your graph, and fields are edges. Scalar types have no fields, so they form the leaf nodes of your graph. A GraphQL query is just an instruction for traversing the graph in a specific way, resulting in a tree.

When traversing a tree, you would start at the root, but a graph has no root so there is no logical starting point! That’s why every GraphQL schema needs to have a root query type: it’s the entry point into the graph. The fields of the root query type are links to the actual queries that your GraphQL server supports. This may sound confusing at first, but don’t worry about it, you can start using GraphQL just fine without understanding this detail.

#graphql #control #access control

What is GEEK

Buddha Community

GraphQL Access Control
Delbert Ferry

Delbert Ferry

1623925190

GraphQL Access Control

A GraphQL schema defines types. Each type — except for scalar types like Int, Float or String — has fields which define the relationship between this type and other types (one to one, or one to many). If you think about your schema in terms of a graph, types are the nodes of your graph, and fields are edges. Scalar types have no fields, so they form the leaf nodes of your graph. A GraphQL query is just an instruction for traversing the graph in a specific way, resulting in a tree.

When traversing a tree, you would start at the root, but a graph has no root so there is no logical starting point! That’s why every GraphQL schema needs to have a root query type: it’s the entry point into the graph. The fields of the root query type are links to the actual queries that your GraphQL server supports. This may sound confusing at first, but don’t worry about it, you can start using GraphQL just fine without understanding this detail.

#graphql #control #access control

Delbert Ferry

Delbert Ferry

1622361057

Access Control in GraphQL

A GraphQL schema defines types. Each type — except for scalar types like Int, Float or String — has fields which define the relationship between this type and other types (one to one, or one to many). If you think about your schema in terms of a graph, types are the nodes of your graph, and fields are edges. Scalar types have no fields, so they form the leaf nodes of your graph.

A GraphQL query is just an instruction for traversing the graph in a specific way, resulting in a tree.

When traversing a tree, you would start at the root, but a graph has no root so there is no logical starting point!

#graphql #access control

Edison Stark

Edison Stark

1598982960

Access Control in Nebula Graph: Design, Code, and Operations

Access Control List (ACL) is not alien to database users and it is a significant part of data security. Like other database vendors, Nebula Graph takes data security seriously and now supports role-based access control.

In this article, we will detail user management with roles and privileges of Nebula Graph.

The Authentication Workflow

Nebula Graph is composed of three parts: the query engine, the storage layer and the meta service. The console, API and the web service are collectively referred to as Client API. See the figure below:

The account and role data will be stored in the meta engine. When query engine is started, the meta client through which the query engine communicates with the meta service will be initialized.

When users connect to query engine through the client API, the query engine will check the user information on the meta engine via the meta client, determining the existence of the requesting account and the correctness of the password. Once the verification is passed, the connection succeeds. Users can then perform data operations in this session.

Once a query is received, the query engine will parse it, which involves identifying the command type and verifying user’s authority based on the operation and the user’s role. If the authority is invalid, the command will be blocked in the query engine and an error is returned to the client API. In the entire permission check process, Nebula Graph caches the meta data. We will detail this in the next chapter.

The Access Control Logic

In general, access control is realized through roles and privileges granted to each role. However, in Nebula Graph, permissions are also granted at graph space level.

Nebula Graph supports creating multiple graph spaces in the database. The schema and graph data are managed in each space independently and the spaces are psychically isolated from each other. In addition, Nebula Graph also provides a set of advanced commands for managing the cluster globally.

Therefore, the ACL of Nebula Graph will be managed in three dimensions: graph spacesroles and operations.

Role Types

Nebula Graph provides five built-in roles: GOD, ADMIN, DBA, USER and GUEST. These roles have covered all the scenarios in data security. An account can have different roles in different spaces. But it can only have one role in the same space.

Descriptions for the roles:

  • GOD
  • The initial root user similar to the Root in Linux.
  • Has the highest management access to the cluster.
  • When a cluster is initialized, a GOD account named root is created by default.
  • ADMIN
  • Advanced administration at the graph space level.
  • Full management access to a specific graph space.
  • No management access to the cluster.
  • DBA
  • Database administration.
  • Access to its authorized graph space. For example, alter or query the schema and data.
  • Not able to assign roles to users compared to ADMIN.
  • USER
  • Read/write access to the graph data limited to its authorized space.
  • Read-only access to the schema limited to its authorized space.
  • GUEST
  • Read-only access to both the schema and graph data limited to its authorized space.

#database #graph database #access control #nebula graph #access control logic

Lia Haley

Lia Haley

1598876400

The World Needs Web Accessibility Now More Than Ever

A background with a top view of a laptop keyboard and text that reads, the web has become less accessible.

I attended a talk last year by Mike Gifford where he said, “the web has actually become LESS accessible since 2011.”

It’s cheap and easy for anyone to create a website these days, and hardly anyone considers accessibility. And why would you? If it’s not in your daily purview, it’s not going into your list of website requirements. Heck, most people don’t even think of the end user, Disabled or not, when creating a website. Especially not when they use a “drag and drop” style website creation platform. Nothing against those, just that those platforms often don’t have accessibility built in, and it’s very difficult to make them so, even if you had the desire.

The other aspect working against website accessibility is when you say the word, ‘accessibility’ not every even has a concept of what that means. I asked a website designer recently if he makes accessible websites, and he said, “yes…we add alt-tags to all our images.” Ummmm, OK. Great. But can a screen reader read your website?

So let’s dispel some myths and dive a bit into the world of what it means to implement web accessibility.

First off, it’s important to note that the USA actually has very clear legislation regarding accessibility. It’s called the Americans With Disabilities Act, and it includes websites. US-based companies should be aware that not having a minimally accessible business website can leave you open to a law suit and fines. I’m Canadian with a Canadian registered company, so I do not actually have to worry about getting sued for not having an accessible website, but bonus, I have one anyway! I’ll explain why it’s beneficial to have an accessible website even if you are not a US-based company.

#accessibility #web-accessibility #accessibility-design #accessibility-testing #amazon web services

Delbert Ferry

Delbert Ferry

1622105190

How to use GraphQL with Javascript – GraphQL.js tutorial

One of the fastest ways to get up and running with GraphQL is to install Apollo Server as middleware on your new or existing HTTP server.

In this short post, we demonstrate how to use Apollo Server to create a GraphQL server with Express.js using the [apollo-server-express] package. At the end, we’ll discuss the tradeoffs of this approach.

#graphql #javascript #graphql.js #graphql.js tutorial