The graph portal comes with an authentication and a role-based authorization. Authentication and authorization are not enabled by default.
It is very easy to enable the security. When the you assign a security permission to a service, that service becomes secured. Only a user who has the same permission can access the service. User can get permission either directly assigned to them or by virtue of the roles assigned to them.
Service are not assigned any permissions by default.
We recommend to use SSL encryption for secured deployment.
The security maintenance page URL for Graph Portal is: http://host:port/context/sec-admin.html#/home
The out-of-box deployment comes with the following users.
- graphadmin (default password: graphadmin1)
- graphuser (default password: graphuser1) *
For production deployment, we recommend to remove the default users or change passwords to a secure, hard to guess password.
Security user can create roles through the security admin page. Roles get assigned to users. Permissions get assigned to Roles. A user can have multiple roles. User's permission is sum of all permissions from all roles they are assigned to them. Security admin can also assign permission directly to the user.
Users having "admin" permission can execute security services.
There are a list of predefined permissions in graph portal. A user gets access to a service if the permission assigned to the service is in the granted permission list of the user.
See Appendix: Permission Names for list of all permissions.
There are a list of predefined services in Graph Portal. Security admin can add permissions to services, to make them secure.
See Appendix: Service Names for list of all services.