Database managementEnabling Memgraph Enterprise

Enabling Memgraph Enterprise

The following Memgraph features are only available in Enterprise Edition:

CategoryFeatures
SecurityRole-based access control (RBAC)
Label-based access control (LBAC)
Auth system integrations (LDAP, SAML, OIDC)
Impersonate user
Hiding sensitive information
Logging & monitoringAudit log
Metrics tracking via HTTP server (Prometheus integration)
Database managementHigh availability with automatic failover
Multi-tenancy
CRON snapshot scheduling
QueryingDynamic graph algorithms
Time-to-live (TTL) for data expiration
Memgraph Lab featuresReal-time performance monitoring
Query sharing
Graph Style Script (GSS) sharing
Single Sign-On (SSO) support (OIDC, SAML)

If you’re interested in the Memgraph Enterprise Trial, you need to fill out the following form where one of the fields is the organization name.

Whether you bought Memgraph Enterprise or requested a trial, you will receive a file with the values you need to set the organization.name and the enterprise.license configuration values to.

If you want to enable the Enterprise Edition on startup, set the configuration flags or environment variables to the correct values.

If you are already running Memgraph Community Edition, these configuration flags can also be adjusted during runtime, or you can run the following queries to set the values:

SET DATABASE SETTING 'organization.name' TO 'Organization';
SET DATABASE SETTING 'enterprise.license' TO 'License';

To check the set values run:

SHOW DATABASE SETTING 'organization.name';
SHOW DATABASE SETTING 'enterprise.license';

or:

SHOW DATABASE SETTINGS;

To get all the information about the Memgraph Enterprise License that was injected into the system, run:

SHOW LICENSE INFO;

Upgrading or downgrading the license

Memgraph licenses are issued based on the maximum unique data stored. So, if you get a 1TB license, you can store 1TB of data. When you reach that capacity you will no longer be able to run write queries, only read and delete queries. That means it is possible to analyze the existing data but new data can no longer be added until you upgrade or free storage by deleting some of the data.

Upon upgrading the license by entering a new license key the write queries will be enabled.

To check the used storage, run SHOW STORAGE INFO;.

License key expiry

Once the license key expires, the enterprise features will be disabled, but the data stored in the database will remain intact. You will still be able to add more data, but any enterprise features that require specific actions will no longer function. For example, you will not be able to create any new databases.

Security features

Role-based access control

Most databases used in production have multiple users accessing and modifying data within the database, which might pose a serious security concern for system administrators wishing to grant only certain privileges to specific users. With role-based access controls, a set of users can have different privilege levels. For even more control, Memgraph has added label-based access control (LBAC) as a more fine-grained access control to enable authorization on node labels and relationship edge types. By applying authorization to graph’s first class citizens, a database administrator can now keep all the data in one database while keeping any private data secure from those who don’t have adequate permission.

Authentication system integrations

Memgraph supports authentication and authorization using external auth modules. It includes built-in support for basic (username and password) authentication via LDAP, as well as single sign-on over the SAML and OIDC protocols.

Impersonate user

The impersonate user feature lets authorized users run queries on behalf of another user. When using impersonation, the permitted user adopts the full permissions and context of the impersonated user. This means they can execute queries and perform actions exactly as the impersonated user, with all associated privileges. This feature provides a powerful tool for managing user permissions, debugging, and performing administrative tasks. By leveraging the ability to impersonate other users, you can ensure more efficient management of users and roles while maintaining robust security and access control within your graph database.

Hiding sensitive information

To enhance security, it’s crucial to ensure that sensitive information is not logged. With Memgraph Enterprise, users can mask passwords - all passwords are replaced with **** to prevent their exposure in the logs. This approach ensures that even if logs are accessed by unauthorized individuals, they won’t be able to retrieve the actual passwords.

Logging and monitoring

Audit log

Memgraph supports all query audit logging. When enabled, the audit log contains records of all queries executed on the database. Each executed query is one entry (one line) in the audit log. The audit log itself is a CSV file. By default, the log is rotated every day and a full year of entries is preserved.

Metrics tracking via HTTP server

In production systems, monitoring of applications is crucial, and that includes databases as well. Memgraph allows tracking information about transactions, query latencies, snapshot recovery latencies, triggers, bolt messages, indexes, streams, and many more using an HTTP server. That means you can integrate Memgraph with Prometheus, a time-series database that enables other databases and applications to monitor and react to performance changes in the system just in time.

Database management

High availability

High availability is a critical component for maintaining a resilient database system. Especially for enterprises that require uninterrupted data access and reliability. Memgraph’s Enterprise edition is the ideal solution for those who need a worry-free, highly available system with automatic failover. Built-in automatic failover ensures your system remains operational with minimal downtime and manual intervention.

Multi-tenancy

Multi-tenant support enables you to manage multiple isolated databases within a single instance. That is especially useful if you prefer having multiple clients in one database. Those isolated databases within Memgraph function as distinct single-database Memgraph instances. That means that queries executed on a specific database should operate as if it were the sole database in the system, preventing cross-database contamination.

CRON snapshot scheduling

Memgraph supports periodic snapshot creation in defined intervals. With Memgraph Enterprise, users can define these intervals as CRON expressions.

Querying

Dynamic graph algorithms

Dynamic graph algorithms allow you to perform real-time, scalable computations on changing data. These algorithms have been specifically developed to handle high-speed updates and large-scale graph changes without needing to restart the computation process.

Here’s a breakdown to help you compare the Community and Enterprise offering in terms of graph algorithms:

FeatureStatic algorithms (Community)Dynamic algorithms (Enterprise)
PerformanceHigh-performing at scaleReal-time performance at scale
Handling graph updatesRequires recomputationUpdates in real-time without recomputation
Use caseGreat for batch or periodic processingIdeal for real-time applications
LicensingFree (Community version)Part of Enterprise version

Time to live (TTL)

Time-to-live allows a user to tag vertices with an expiration time. Once a vertex has expired, the vertex and all associated edges will be deleted.

Memgraph Lab Enterprise features

Monitoring

Monitoring feature tracks resource usage, database size, query activity, transaction flow and active sessions, providing real-time insights into database performance.

Sharing features

Query sharing allows users to share selected queries from the query execution or previously run queries from the history. Graph Style Script (GSS) sharing allows users to share styling scripts among team members.

Single sign-on

Single sign-on (SSO) provides authorization and authentification to your database. It supports two types of SSO methods - OpenID Connect (OIDC + OAuth 2.0) and SAML- and two identity providers - Microsoft Azure (Entra ID) and Okta.