Is it possible to force Cosmos DB Graph APIs (germlin) and others to check for attributes on vertices and edges such that we can use it as an attribute based permissioning model?
Is it possible to force Cosmos DB Graph APIs (germlin) and others to check for attributes on vertices and edges such that we can use it as an attribute based permissioning model?
Hi @SharatKoya-7326 Thank you for posting your question. You mentioned above Is it possible to force Cosmos DB graph APIs and others. When you said "Others" what are referring to? Are you looking to grant users access to cosmos DB graph ?
Regards,
Oury
Hi, I guess could it be applied to all the multimodal components of cosmos db. Graph, SQL (table based attributes), Mongo, Cassandra and the table level.
Hi @SharatKoya-7326 Schema validation is not supported yet but you can use ChangeFeed to handle the validation as post facto (after the write).
Regards,
Oury
hi attribute based access control is not the same as schema validation.
Lets say a node or edge on the graph contains a property that states "superAccessOnly".
When a user logs in to any make a query via gremlin, if the user's AAD token/principle contains the value "superAccessOnly" then any nodes or edges with this property will return. Users without "superAccessOnly" will not see, be able to navigate or get to the properties of the nodes or edges. i.e. something on the gremlin server side filters them out so that the client application/gremlin API user will never see them. This is a common technique to limit access to data at a very fine grain level. I don't think Gremlin/CosmosDB has such a feature?
Hi @SharatKoya-7326 I was able to verify this with our product Group and this is not supported in Cosmos DB.
Regards,
Oury
5 people are following this question.