The graph_sharing_option parameter in the pgx.conf file determines if and how a graph can be shared.

It mainly depends on whether or not the graph source is known. The graph server (PGX) supports sharing of graphs within sessions of a single user (through the publish API) or across sessions of different users (through the publish and grant permission APIs).

The graph server (PGX) defines the following three levels of graph traceability:

• Fully Traceable Graph: All providers of the graph are traceable. For example, loading data from a set of database tables is a traceable source. Therefore, graphs loaded using session.readGrapbByName() are considered traceable.
• Partially Traceable Graph: The graph contains mixed providers, that is, few traceable and few non-traceable providers.
• Non-Traceable Graph: All providers of the graph are not traceable. Graphs created as a result of mutation (through graph alteration APIs) on a loaded graph instance are considered not traceable.

In addition, the graph server (PGX) will perform periodic checks on all partially traceable and fully traceable graphs to make sure that the user holding a reference to a traceable graph has all the permissions to access the source graph data in the database. If the permission check fails (for example, the user privileges on the original data source have been revoked), then the user session will be destroyed and all sessions of the same user accessing the graph data will be released from memory. The permission_checks_interval field in the pgx.conf file can be used to control the frequency at which the graph server must check the graph permissions.

The following table shows the three graph_sharing_option modes that are supported by the graph server (PGX).

For instance, consider the following example in which the graph_sharing_option is set as ALLOW_TRACEABLE_DATA_SHARING_WITHIN_SAME_USER and the permission_checks_interval parameter defaults to 60 seconds in the pgx.conf file. Assume that a graph user's permission to an underlying source table is revoked after the user publishes the graph. If the user attempts to access the graph data, in the current or in another session, the graph gets invalidated and the respective sessions are destroyed.

The following code shows the graph invalidation scenario in the current user session:

opg4j> var graph = session.readGraphByName("HR", "EMP_GRAPH", GraphSource.PG_PGQL)
graph ==> PgxGraph[name=EMP_GRAPH,N=134,E=11,created=1696308375704]
opg4j> session.getGraph("EMP_GRAPH")
$2 ==> graph ==> PgxGraph[name=EMP_GRAPH,N=134,E=11,created=1696402820966]
opg4j> graph.publish()
// Source table permission revoked for the user
opg4j> session.getGraph("EMP_GRAPH") //throws exception and the current session is explicitly destroyed

PgxGraph graph = session.readGraphByName("HR", "EMP_GRAPH", GraphSource.PG_PGQL);
session.getGraph("EMP_GRAPH");
graph.publish();
// Source table permission revoked for the user
session.getGraph("EMP_GRAPH"); //throws exception and the current session is explicitly destroyed

>>> graph = session.read_graph_by_name("EMP_GRAPH", "pg_pgql", schema="HR")
>>> session.get_graph("EMP_GRAPH")
PgxGraph(name: EMP_GRAPH, v: 134, e: 11, directed: True, memory(Mb): 0)
>>> graph.publish()
>>> # Source table permission revoked for the user
>>> session.get_graph("EMP_GRAPH") #throws exception and the current session is explicitly destroyed

opg4j> //throws exception in another session and the session gets explicitly destroyed
opg4j> graph.queryPgql("SELECT n.* from MATCH (n:employees) LIMIT 5").print()

//throws exception in another session and the session gets explicitly destroyed
graph.queryPgql("SELECT n.* from MATCH (n:employees) LIMIT 5").print();

>>> #throws exception in another session and the session gets explicitly destroyed
>>> graph.query_pgql("SELECT n.* from MATCH (n:employees) LIMIT 5").print()