Enabling Memgraph Enterprise
The following Memgraph features are only available in Enterprise Edition:
| Category | Features |
|---|---|
| Security | Role-based access control (RBAC) Label-based access control (LBAC) Multi-role users and multi-tenant roles Auth system integrations (LDAP, SAML, OIDC) Impersonate user Hiding sensitive information |
| Logging & monitoring | Audit log Metrics tracking via HTTP server (Prometheus integration) |
| Database management | High availability with automatic failover Multi-tenancy CRON snapshot scheduling |
| Querying | Dynamic graph algorithms Time-to-live (TTL) for data expiration |
| Memgraph Lab features | Real-time performance monitoring Query sharing Graph Style Script (GSS) sharing Single Sign-On (SSO) support (OIDC, SAML) |
If you’re interested in the Memgraph Enterprise Trial, you need to fill out the following form where one of the fields is the organization name.
Whether you bought Memgraph Enterprise or requested a trial, you will receive a
file with the values you need to set the organization.name and the
enterprise.license configuration values to.
If you want to enable the Enterprise Edition on startup, set the configuration flags or environment variables to the correct values.
If you are already running Memgraph Community Edition, these configuration flags can also be adjusted during runtime, or you can run the following queries to set the values:
SET DATABASE SETTING 'organization.name' TO 'Organization';
SET DATABASE SETTING 'enterprise.license' TO 'License';To check the set values run:
SHOW DATABASE SETTING 'organization.name';
SHOW DATABASE SETTING 'enterprise.license';or:
SHOW DATABASE SETTINGS;To get all the information about the Memgraph Enterprise License that was injected into the system, run:
SHOW LICENSE INFO;Upgrading or downgrading the license
Memgraph licenses are issued based on the maximum unique data stored. So, if you
get a 1TB license, you can store 1TB of data. When you reach that capacity you
will no longer be able to run write queries, only read and delete queries.
That means it is possible to analyze the existing data but new data can no
longer be added until you upgrade or free storage by deleting some of the data.
Upon upgrading the license by entering a new license key the write queries
will be enabled.
To check the used storage, run SHOW STORAGE INFO;.
License key expiry
Once the license key expires, the enterprise features will be disabled, but the data stored in the database will remain intact. You will still be able to add more data, but any enterprise features that require specific actions will no longer function. For example, you will not be able to create any new databases.
Security features
Role-based access control
Most databases used in production have multiple users accessing and modifying data within the database, which might pose a serious security concern for system administrators wishing to grant only certain privileges to specific users. With role-based access controls, a set of users can have different privilege levels. For even more control, Memgraph has added label-based access control (LBAC) as a more fine-grained access control to enable authorization on node labels and relationship edge types. By applying authorization to graph’s first class citizens, a database administrator can now keep all the data in one database while keeping any private data secure from those who don’t have adequate permission.
Multi-role users and multi-tenant roles
Multi-role users and multi-tenant roles enable advanced user management and tenant isolation in Memgraph Enterprise. This feature allows users to have multiple roles assigned simultaneously, with permissions combined from all roles according to specific rules.
Key capabilities:
- Multiple roles per user: Users can have multiple roles with combined permissions
- Database-specific role assignment: Roles can be assigned to specific databases using
SET ROLE ... ON databasesyntax - Tenant isolation: Users can have different roles for different databases, ensuring proper data isolation
- SSO integration: Support for external identity providers that return multiple roles
- Permission filtering: Automatic filtering of permissions based on the current database context
This feature is particularly valuable for multi-tenant environments where organizations need to manage users with different access levels across multiple isolated databases while maintaining strict security boundaries.
Authentication system integrations
Memgraph supports authentication and authorization using external auth modules. It includes built-in support for basic (username and password) authentication via LDAP, as well as single sign-on over the SAML and OIDC protocols.
Impersonate user
The impersonate user feature lets authorized users run queries on behalf of another user. When using impersonation, the permitted user adopts the full permissions and context of the impersonated user. This means they can execute queries and perform actions exactly as the impersonated user, with all associated privileges. This feature provides a powerful tool for managing user permissions, debugging, and performing administrative tasks. By leveraging the ability to impersonate other users, you can ensure more efficient management of users and roles while maintaining robust security and access control within your graph database.
Hiding sensitive information
To enhance security, it’s crucial to ensure that sensitive information is not logged. With Memgraph Enterprise, users can mask passwords - all passwords are replaced with **** to prevent their exposure in the logs. This approach ensures that even if logs are accessed by unauthorized individuals, they won’t be able to retrieve the actual passwords.
Logging and monitoring
Audit log
Memgraph supports all query audit logging. When enabled, the audit log contains records of all queries executed on the database. Each executed query is one entry (one line) in the audit log. The audit log itself is a CSV file. By default, the log is rotated every day and a full year of entries is preserved.
Metrics tracking via HTTP server
In production systems, monitoring of applications is crucial, and that includes databases as well. Memgraph allows tracking information about transactions, query latencies, snapshot recovery latencies, triggers, bolt messages, indexes, streams, and many more using an HTTP server. That means you can integrate Memgraph with Prometheus, a time-series database that enables other databases and applications to monitor and react to performance changes in the system just in time.
Database management
High availability
High availability is a critical component for maintaining a resilient database system. Especially for enterprises that require uninterrupted data access and reliability. Memgraph’s Enterprise edition is the ideal solution for those who need a worry-free, highly available system with automatic failover. Built-in automatic failover ensures your system remains operational with minimal downtime and manual intervention.
Multi-tenancy
Multi-tenant support enables you to manage multiple isolated databases within a single instance. That is especially useful if you prefer having multiple clients in one database. Those isolated databases within Memgraph function as distinct single-database Memgraph instances. That means that queries executed on a specific database should operate as if it were the sole database in the system, preventing cross-database contamination.
CRON snapshot scheduling
Memgraph supports periodic snapshot creation in defined intervals. With Memgraph Enterprise, users can define these intervals as CRON expressions.
Querying
Dynamic graph algorithms
Dynamic graph algorithms allow you to perform real-time, scalable computations on changing data. These algorithms have been specifically developed to handle high-speed updates and large-scale graph changes without needing to restart the computation process.
Here’s a breakdown to help you compare the Community and Enterprise offering in terms of graph algorithms:
| Feature | Static algorithms (Community) | Dynamic algorithms (Enterprise) |
|---|---|---|
| Performance | High-performing at scale | Real-time performance at scale |
| Handling graph updates | Requires recomputation | Updates in real-time without recomputation |
| Use case | Great for batch or periodic processing | Ideal for real-time applications |
| Licensing | Free (Community version) | Part of Enterprise version |
Time to live (TTL)
Time-to-live allows a user to tag vertices with an expiration time. Once a vertex has expired, the vertex and all associated edges will be deleted.
User profiles
User profiles allows administrators to monitor and limit resources used by specific users. You can set limits on the number of concurrent sessions and transaction memory usage to control resource consumption and prevent system abuse.
Memgraph Lab Enterprise features
Monitoring
Monitoring feature tracks resource usage, database size, query activity, transaction flow and active sessions, providing real-time insights into database performance.
Sharing features
Query sharing allows users to share selected queries from the query execution or previously run queries from the history. Graph Style Script (GSS) sharing allows users to share styling scripts among team members.
Single sign-on
Single sign-on (SSO) provides authorization and authentification to your database. It supports two types of SSO methods - OpenID Connect (OIDC + OAuth 2.0) and SAML- and two identity providers - Microsoft Azure (Entra ID) and Okta.