Cache Security
This page discusses security for the cache and cache-target resource types in Stardog’s security model.
Page Contents
Overview
Cache security lets you specify what users are allowed to perform administrative tasks around cache and cache target management.
The functions involving cache security are limited to creating and deleting caches and cache targets and do not apply to a users ability to query a cached graph.
A common scenario with administrave cache permissions would be a user that has rights to create and administer a cache target on a specific node and a second user or users that have been given rights for creating, deleting and refeshing the cached graphs on a target. Such a scenario would require one user to have cache-target resource permissions and another user to have cache resource permissions as described in the following two sections.
Managing Cache Targets
To manage graph targets, the user must be granted access to the cache-target resource type. Depending on the function the user may also require access to the underlying cache database.
| Function | Resources |
|---|---|
| Add cache target | CREATE on cache-targetCREATE on db |
| Orphan cache target | DELETE on cache-target |
| Remove cache target | DELETE on cache-target |
Managing Cached Graphs
To manage cached graphs, the user must be granted access to the cache resource type. Depending on the function the user may also require access to the data sources and virtual graphs being cached.
| Function | Resources |
|---|---|
| Create cache | CREATE on cacheREAD on cache-target |
| Drop cache | DELETE on cache |
| Refresh cache | EXECUTE on cacheREAD on cache |
| Get cache status | READ on cache |