I’m considering switching to TigerGraph from another cloud provider for an application database. One key feature that I’ve come to rely on for drastically simplifying app development, but TigerGraph doesn’t seem to cover, is custom-claims based authorization on individual vertices/attributes. I find that this feature virtually eliminates the need for a privileged backend or lambda hop to construct queries.
For instance, I use Firebase Auth and have a CustomerRole vertex connected to User vertex. I only want a query from the authenticated user whose firebaseId (delivered as JWT claim) matches the firebaseId attribute of a User vertex to access certain attributes of that vertex, including the connected CustomerRole. Thus, users only have access to their own PII in the system.
Is there any plan to implement this type of auth control in the future, is it a potential feature request, or does the architecture of TG preclude this kind of query delineation? It strikes me as a core feature for supporting modern, serverless client apps, but seems at first glance a far cry from the current tag/role-based access control system
Other significant pain points that have come up in my tinkering:
- No websockets/subscriptions
- Can’t name reverse edge in graph studio