Custom claims query authorization, query subscriptions, and other needs (prospective customer)


I’m considering switching to TigerGraph from another cloud provider for an application database. One key feature that I’ve come to rely on for drastically simplifying app development, but TigerGraph doesn’t seem to cover, is custom-claims based authorization on individual vertices/attributes. I find that this feature virtually eliminates the need for a privileged backend or lambda hop to construct queries.

For instance, I use Firebase Auth and have a CustomerRole vertex connected to User vertex. I only want a query from the authenticated user whose firebaseId (delivered as JWT claim) matches the firebaseId attribute of a User vertex to access certain attributes of that vertex, including the connected CustomerRole. Thus, users only have access to their own PII in the system.

Is there any plan to implement this type of auth control in the future, is it a potential feature request, or does the architecture of TG preclude this kind of query delineation? It strikes me as a core feature for supporting modern, serverless client apps, but seems at first glance a far cry from the current tag/role-based access control system :slight_smile:

Other significant pain points that have come up in my tinkering:

  • No websockets/subscriptions
  • Can’t name reverse edge in graph studio

Hi! Hope this helps a little:

It is possible to name directed reverse edges using GSQL to load schema.

Hi @Kristine_Zheng Welcome to the community!

It is possible to name a directed reverse edge. In your example above you would change the following:

What it was originally

WITH REVERSE_EDGE="preceded_by"

Changing the directed reverse edge name

WITH REVERSE_EDGE="Your_Reverse_Edge_Name_Goes_Here"
1 Like