# Multi-tenant graphs ## Overview This page describes how to configure and use multiple graphs within the same [Aerospike namespace](https://aerospike.com/docs/database/manage/namespace/). Multi-tenant graphs enable the creation and management of several logically isolated graphs within a shared namespace, allowing for distinct graphs to operate independently while sharing common infrastructure. This approach is ideal for applications requiring multi-tenancy, as it streamlines graph management while maintaining strong access controls across different graphs. For scenarios that require a higher level of isolation at the storage level, consider using single graphs per namespace instead. This provides a higher level of separation of data for applications with stricter multi-tenancy requirements. ## Configuration and usage To set up multi-tenant graphs when starting an Aerospike Graph Service (AGS) instance, use the [`aerospike.graph-service.graphs`](https://aerospike.com/docs/graph/reference/config#aerospikegraph-servicegraphs) configuration option to specify graph names. You can do this using an [environment variable](https://aerospike.com/docs/graph/2.5.0/install/docker#specify-ags-configurations-using-environment-variables) or with a [properties file](https://aerospike.com/docs/graph/2.5.0/install/docker#use-a-properties-file). **Specifying Graph Names and Traversal Names** Each individual graph has an associated graph name and a traversal name. You can specify the graph name and traversal name for each graph with the [`aerospike.graph-service.graphs`](https://aerospike.com/docs/graph/reference/config#aerospikegraph-servicegraphs) and [`.aerospike.graph.traversal`](https://aerospike.com/docs/graph/reference/config#option-nameaerospikegraphtraversal) configuration options. The traversal name is optional. If it is not specified, it defaults to `g`. For instance, a graph named `myGraph` has a default traversal name of `gmyGraph`. For single-graph AGS instances that do not utilize multi-tenancy, the traversal name defaults to `g`. The graph name is used to define configuration options specific to that graph, as demonstrated in the [example](#example-configuration). - The **graph name** is used to configure settings specific to that graph, as illustrated in the [example](#example-configuration). It is also used for [HTTP endpoints](https://aerospike.com/docs/graph/2.5.0/manage/endpoints) and in setting up [RBAC authentication](https://aerospike.com/docs/graph/2.5.0/manage/security/rbac-graph). **Graph name requirements** - Graph names must contain only letters, numbers, dashes, and underscores. No other special characters are supported. - Graph names must be no longer than 32 characters. - The graph name and its traversal name must be different. - Multi-tenant graphs must be configured when starting AGS. If you need to add or change graph names after the AGS instance has started, you must stop the [AGS instance](https://aerospike.com/docs/graph/2.5.0/install/docker), update the [configuration options](https://aerospike.com/docs/graph/reference/config), then start AGS again. - The **traversal name** is intended for client applications. Use the traversal name when connecting to AGS through a client application, such as when using the [Gremlin console](#connecting-to-a-multi-tenant-graph). ### Example configuration The following is an example configuration for an AGS instance with multi-tenancy: ```plaintext aerospike.client.host=172.17.0.1 aerospike.client.port=3000 aerospike.client.namespace=test # Specify names for named graphs aerospike.graph-service.graphs=myGraph,modern # Specify traversal name for myGraph myGraph.aerospike.graph.traversal=myGraph-traversal # If no user-supplied traversal name is given for graph modern, # it defaults to: # modern.aerospike.graph.traversal=gmodern # Other configuration options can be specified for each graph # as follows: myGraph.aerospike.client.policy.scan.totalTimeout=100 myGraph.aerospike.client.clientPolicy.minConnsPerNode=40 myGraph.aerospike.client.clientPolicy.maxConnsPerNode=60 modern.aerospike.client.policy.scan.totalTimeout=2000 modern.aerospike.client.clientPolicy.minConnsPerNode=400 modern.aerospike.client.clientPolicy.maxConnsPerNode=600 ``` ### Connecting to a multi-tenant graph To connect to a multi-tenant graph, use the graph traversal name as an argument in the connection command. The following example shows a connection to a graph from the Gremlin console with the traversal name `myGraph-traversal`: ```plaintext g = traversal().withRemote(DriverRemoteConnection.using("GREMLIN_SERVER_IP_ADDRESS", 8182, "myGraph-traversal")); ``` ::: note The `g` object in this context is used by the client application, while `myGraph-traversal` is within the scope of the Aerospike Graph Service (AGS). ::: ## RBAC support If RBAC is enabled for your AGS instance, you can create tokens to assign roles to different graphs. For more information, refer to the [RBAC guide](https://aerospike.com/docs/graph/2.5.0/manage/security/rbac-graph) for details on creating and managing JWT tokens for multi-tenant graphs.