This page discusses security for the cache and cache-target resource types in Stardog's security model.
Cache security lets you specify what users are allowed to perform administrative tasks around cache and cache target management.
The functions involving cache security are limited to creating and deleting caches and cache targets and do not apply to a users ability to query a cached graph.
A common scenario with administrave cache permissions would be a user that has rights to create and administer a cache target on a specific node and a second user or users that have been given rights for creating, deleting and refeshing the cached graphs on a target. Such a scenario would require one user to have cache-target resource permissions and another user to have cache resource permissions as described in the following two sections.
To manage graph targets, the user must be granted access to the cache-target resource type. Depending on the function the user may also require access to the underlying cache database.
| Function | Resources |
|---|---|
| Add cache target | CREATE on cache-target<br>CREATE on db |
| Orphan cache target | DELETE on cache-target |
| Remove cache target | DELETE on cache-target |
To manage cached graphs, the user must be granted access to the cache resource type. Depending on the function the user may also require access to the data sources and virtual graphs being cached.
| Function | Resources |
|---|---|
| Create cache | CREATE on cache<br>READ on cache-target |
| Drop cache | DELETE on cache |
| Refresh cache | EXECUTE on cache<br>READ on cache |
| Get cache status | READ on cache |