We’re overhauling Dgraph’s docs to make them clearer and more approachable. If you notice any issues during this transition or have suggestions, please let us know.
Access Control Lists (ACL) are a typical mechanism to list who can access what, specifying either users or roles and what they can access. ACLs help determine who is “authorized” to access what. Dgraph Access Control Lists (ACLs) are sets of permissions for which Relationships a user may access. Recall that Dgraph is “predicate based” so all data is stored in and is implicit in relationships. This allows relationship-based controls to be very powerful in restricting a graph based on roles, known as Relationship-Based Access Control (RBAC). Note that the Dgraph multi-tenancy feature relies on ACLs to ensure each tenant can only see their own data in one server. Using ACLs requires a client to authenticate (log in) differently and specify credentials that drive which relationships are visible in their view of the graph database.