Label-Based Access Control in Memgraph - Securing First Class Graph Citizens

In the blog post, Josip Mrden discusses the implementation of label-based access control in Memgraph, a graph database, emphasizing the importance of identity and access management for securing data as companies grow and data volumes increase. The article explores the necessity of authorization in databases to prevent data leakage and describes various types and levels of authorization, highlighting the challenges faced in implementing these controls over specific nodes and relationships in graph databases. Mrden outlines Memgraph's approach to setting granular access permissions based on corporate hierarchies, detailing different permission levels such as READ, UPDATE, and CREATE_DELETE, and discusses the implementation considerations of these permissions within the database's query execution mechanisms. He explains how the operator tree in query languages can be leveraged for authorization, focusing on specific operators like ScanAll and Expand, which require explicit authorization, while others like Filter and Produce do not. The post concludes with reflections on the balance between security and usability when handling unauthorized access notifications, encouraging readers to explore further resources on label-based access control and managing user privileges.