Each graph is a security boundary.
Named graphs aren't just an organisational tool — they're the natural unit of access control. Put each tenant, project or user in their own graph, then express policy as: agent A may read graphs G1,G2 and write G2.
Most triple stores support this directly (Stardog, GraphDB, Virtuoso). Solid expresses it as Web Access Control documents next to each resource.
Per-tenant data lives in its own named graph; a query may only GRAPH over graphs the caller is authorised for.
Operationally, the access decision sits in one place: the layer that binds ?tenantGraph from the authenticated session. If that binding is correct, the SPARQL engine itself does the enforcement — there's no clever query a caller can write that escapes the GRAPH block, because they never get to choose which graph IRI goes in.
Reading in progress · 0 of 3 activities done