Help centerErrorsAuth

Auth module errors

Errors

  1. “Couldn’t authenticate user '' because the role '' doesn’t exist.”
  2. “Couldn’t authenticate user '' because the password is not correct.”
  3. “Operation not permitted when using an authentication module.”
  4. “Using auth module, no role '' found.”
  5. Couldn’t authenticate user '' because the user doesn’t exist. For more details, visit: memgr.ph/auth.
  6. Couldn’t authenticate user ''. For more details, visit: memgr.ph/auth.
  7. You are not authorized to execute this query on database “memgraph”!
  8. In a multi-tenant environment, SHOW PRIVILEGES query requires database specification. Use ON MAIN, ON CURRENT or ON DATABASE db_name.

Couldn’t authenticate user

A user authentication can fail for many reasons. The user could be missing, the wrong password might be entered, the role defined by the auth module might be missing.

Operation not permitted when using auth module

Queries that modify a user’s authentication data are forbidden while using an auth module. Users are handled by the module and local users are disabled.

User doesn’t have access to the memgraph database

This error occurs in multi-tenant environments when a user attempts to execute authentication or authorization queries but doesn’t have access to the default “memgraph” database.

Solution

Grant access to the “memgraph” database to the user or their role:

-- Grant access to memgraph database for a user
GRANT DATABASE memgraph TO username;
 
-- Grant access to memgraph database for a role
GRANT DATABASE memgraph TO role_name;

Best practice

In multi-tenant environments, we recommend treating the “memgraph” database as an administrative/system database and restricting access to privileged users only. See the multi-tenancy documentation for recommended setup patterns.

Database context must be specified for SHOW PRIVILEGES in multi-tenant environment

This error occurs when attempting to use SHOW PRIVILEGES in a multi-tenant environment without specifying the database context.

Note: This error only occurs for SHOW PRIVILEGES FOR USER commands. The SHOW PRIVILEGES FOR ROLE command does not require database specification and will show all privileges for the role.

Solution

For SHOW PRIVILEGES FOR ROLE commands, you can use them without database specification:

-- Show all privileges for a role (works in all environments)
SHOW PRIVILEGES FOR role_name;

For SHOW PRIVILEGES FOR USER commands in multi-tenant environments, you must specify the database context:

-- Show privileges for the user's main database
SHOW PRIVILEGES FOR user_name ON MAIN;
 
-- Show privileges for the current database
SHOW PRIVILEGES FOR user_name ON CURRENT;
 
-- Show privileges for a specific database
SHOW PRIVILEGES FOR user_name ON DATABASE database_name;

When this occurs

This error typically occurs when:

  • Running SHOW PRIVILEGES FOR USER in a multi-tenant environment
  • The system detects multiple databases and requires explicit context specification for users
  • The user is connected to a multi-tenant Memgraph instance

Best practice

  • For roles: Use SHOW PRIVILEGES FOR role_name without database specification
  • For users: Always specify the database context when working in multi-tenant environments to ensure you’re viewing the correct privileges for the intended database
ErrorsConnection