Our stack

How Graph Security Turns Connected Data into Governed Context

As enterprises adopt graphs to model their data, processes, and decisions, they quickly encounter a structural problem...

Home
1
min read

As enterprises adopt graphs to model their data, processes, and decisions, they quickly encounter a structural problem:

Graphs do not respect traditional security boundaries.

A graph query does not stop at a table, a document, or even a domain. It traverses entities, properties, and relationships, often across organizational and functional lines. This makes graphs incredibly powerful but also risky if access control is not built at the same level of abstraction.

The Linked Data API and the Graph Security Layer exist to solve this exact problem. Together, they define a new boundary for enterprise systems: not at storage, but at context visibility.

Why Traditional Access Control Fails in Graph Systems

Most enterprise security systems evolved around hierarchical data:

  • Tables and rows
  • Files and folders
  • Services and endpoints

Permissions are typically applied:

  • Per system
  • Per dataset
  • Per role

Graphs break this model.

In a graph:

  • Meaning emerges from connections, not containers
  • A single relationship can reveal sensitive business structure
  • Inference is often more valuable than raw data

This challenge is well known to teams working with graph platforms like Neo4j, where the strength of connected data also amplifies the need for precise, intentional security controls.

Controlling access at the “data source” level is no longer sufficient. What needs to be governed is graph traversal itself.

This is the gap the Linked Data API is designed to close.

The Linked Data API as a Controlled Graph Gateway

The Linked Data API is not a thin API wrapper over a graph database.

It acts as a governed execution boundary for graph access.

Every graph-related request is treated as:

  • A traversal intent
  • A request for context, not just data

Before any result is returned, the system determines:

  • Which nodes are allowed to exist for the caller
  • Which properties of those nodes are visible
  • Which relationships may legally connect them

The API does not expose the graph “as-is.”

It exposes a filtered, policy-compliant graph projection.

The Graph Security Layer: Enforcing Visibility Rules

The Graph Security Layer is the enforcement engine behind the Linked Data API.

Its responsibility is precise:

  • Apply graph-specific access rules to every request
  • Filter nodes, properties, and relationships accordingly
  • Ensure nothing outside the defined visibility model escapes

This layer is always in the execution path.

Security is not optional, conditional, or UI-driven.

Graph Access Rules: Fine-Grained by Design

At the core of the Graph Security Layer are Graph Access Rules.

Each rule explicitly defines what a user (or system) is allowed to see across three dimensions:

1. Entities (Nodes)

Which types of nodes are visible.

If an entity type is not included in a rule, nodes of that type are completely invisible—even if they exist in the graph.

2. Properties

Which attributes of those entities can be accessed.

This allows:

  • Structural visibility without sensitive details
  • Controlled exposure of business-critical fields

3. Relationships

Which connections between entities are allowed.

A relationship is only visible if:

  • The relationship itself is permitted
  • Both connected entities are permitted

This prevents indirect leakage through graph structure.

Need-to-Know, Applied at Graph Level

Graph Access Rules follow a strict need-to-know principle:

  • No rule → no graph
  • Entity-only rules → structural awareness
  • Entity + property rules → controlled detail
  • Relationship rules → controlled meaning

This is critical in graph systems, where relationships often carry more intelligence than the data they connect.

In effect, each user sees their own version of the graph, derived from the same underlying data but governed by policy.

Identity Is Separate from Visibility

The system deliberately separates:

  • Identity (who is calling)
  • Visibility (what they are allowed to see)

Rules can be assigned to:

  • Individual users
  • Groups
  • Service or system identities

This makes it possible to:

  • Govern human access consistently
  • Apply the same model to applications and automation
  • Avoid hard-coded security logic in consuming systems

Identity providers - Keycloak determine who you are.

Graph Access Rules determine which graph reality you are allowed to observe.

Contextual Filtering with Property Conditions

Beyond static rules, the Graph Security Layer supports property-based conditions.

This allows visibility to depend on business context, such as:

  • Region
  • Classification
  • Scope of responsibility

Rather than duplicating data or maintaining separate graphs, conditions refine which nodes qualify for visibility within the same structure.

Key characteristics:

  • Conditions are declarative
  • Multiple conditions can be combined
  • All conditions must be satisfied for data to be visible

This keeps the security model expressive without becoming procedural or opaque.

How Rule Evaluation Works (Conceptually)

From a systems perspective, evaluation follows a clear sequence:

  1. Identify applicable access rules for the caller
  2. Filter allowed entities
  3. Reduce visible properties per entity
  4. Remove relationships that violate entity visibility
  5. Apply any property-based conditions

Anything that fails at any step is removed from the result set.

There is no partial exposure and no post-hoc cleanup.

Extending Security with External Controls

Enterprise environments often require additional checks:

  • Regulatory systems
  • Policy engines
  • External compliance services

The Graph Security Layer allows for external security workers to participate in filtering after internal rules are applied.

This enables:

  • Defense-in-depth
  • Integration with existing governance systems
  • Advanced, domain-specific filtering without modifying the core graph logic

The New Boundary: From Data Access to Context Control

The most important shift introduced by the Linked Data API is conceptual.

Security is no longer about:

  • Protecting databases
  • Hiding tables or fields

It is about:

  • Controlling context propagation
  • Governing graph meaning
  • Defining how far a traversal is allowed to go

The Linked Data API becomes the context boundary of the enterprise.

Closing Thought

Graphs give enterprises a more accurate model of reality but accuracy without governance is a liability.

The Linked Data API and the Graph Security Layer establish a new standard:

  • Security that understands graph structure
  • Access control that operates on meaning, not just data
  • Visibility that is intentional, explainable, and enforceable

In connected systems, the most important question is no longer “Can you access the data?”

It is “Which part of the graph are you allowed to understand?”

Blog
1
min read