- Tinkerpop supports multiple graphs using a single API and admin might want to restrict access to some of the graphs.
- Admin might want to restrict read/write access to certain users.
Add read/write access restrictions at graph level. We can extend it to executing scripts by adding execute privileges.
Add `authorizer` block similar to `authentication` block in yaml file
Authorization will be done only if authentication is enabled. Authentication is done at per session basis while authorization will be done for each and every request.
In `SaslAuthorizationHandler` or `HttpAuthorizationHandler` query will be parsed and depending on the step instructions, the query will be marked as of type read or write and then privilege evaluation will be done by calling `isAccessAllowed` method of `Authorizer`
Access policies can be defined in tools like `Apache Ranger`, sample policy: