Access Graph: Models & Applications
- Access graph is a domain-dependent graph formalism that encodes access, reachability, transition, and authorization relations for diverse application contexts.
- It is applied in scenarios ranging from emergency shelter transitions and public transport networks to cloud IAM logs and systems-level data access.
- Methodologies using access graphs enable empirical analysis, efficient resource management, and structured query processing across heterogeneous systems.
“Access graph” is a domain-dependent graph formalism used to represent some notion of access, reachability, transition, authorization, or co-access. In recent arXiv literature, the term refers variously to a time-dependent directed graph of shelter transitions, a thresholded reachability graph of public-transport stops, a dynamic heterogeneous graph of cloud identity-and-access events, an authorization graph augmenting property graphs with subjects and privileges, a rooted tree-shaped substrate for SPARQL access to heterogeneous data, a storage-level graph describing co-access among compressed adjacency blocks, and a bipartite user-resource factor graph in multiple-access communications (Messier, 2023, Šfiligoj et al., 11 Jul 2025, Madireddy, 11 Dec 2025, Mohamed et al., 2024, Asprino et al., 12 Feb 2026, Floros et al., 2024, Gui et al., 30 Jun 2026).
1. Terminological scope and formal variants
The label is not attached to a single canonical mathematical object. Instead, it denotes graph constructions in which edges encode an access relation specific to the application: movement between shelters, mutual reachability within a time budget, assignment and access events in IAM logs, permissions over graph elements, container-slot relations in data access, co-access of memory blocks, or user occupation of communication resources. These constructions differ in whether they are directed or undirected, weighted or unweighted, static or time-varying, homogeneous or heterogeneous, and whether “access” means permission, traversal, exposure to opportunities, or physical/logical reachability (Messier, 2023, Šfiligoj et al., 11 Jul 2025, Madireddy, 11 Dec 2025, Mohamed et al., 2024, Asprino et al., 12 Feb 2026, Floros et al., 2024, Gui et al., 30 Jun 2026).
| Setting | Formal object | Access semantics |
|---|---|---|
| Emergency shelters | Time-dependent directed graph | Person-level transitions between shelters and gateway states |
| Public transport | Threshold-dependent undirected graph | Mutual reachability within travel-time budget |
| Cloud IAM | Dynamic heterogeneous graph | User, role, resource, and access-event relations |
| Property-graph security | Augmented graph with rights relations | Permit/deny actions on vertices and edges |
| Façade-X | Rooted ordered acyclic tree mapped to RDF | Direct SPARQL access to structured data |
| Sparse-graph storage | Graph over contiguous index blocks | Which compressed blocks are accessed together |
| SCMA / IDMA | Bipartite or Tanner-style access graph | User-to-resource or bit-to-MAC incidence |
This diversity suggests that “access graph” functions less as a standardized graph-theoretic term than as a modeling pattern: access is externalized as explicit graph structure so that it can be counted, thresholded, optimized, embedded, or queried.
2. Accessibility, service flow, and equitable reachability
Messier’s analysis of Calgary emergency shelters models the shelter system as a time-dependent directed graph whose vertices comprise seven shelters plus four gateway nodes: Entry, Exit, Gap, and Multiple. A person’s trajectory is encoded as directed edges , and for an analysis period the transition weight is defined by
while the node stay-weight is
Records come from raw CHF data from 2018–2023, gaps of at least 30 days are labeled Gap, same-day multi-shelter visits collapse into Multiple, and no additional imputation or smoothing is applied. The data are sliced into pre-lockdown, lockdown, and post-lockdown eras, with descriptive statistics reported for tenure length, total stays, shelter-use percentage, number of unique shelters accessed, and number of transitions. Messier does not fit probability models or report formal hypothesis tests on graph metrics; interpretation remains at the level of empirical transition-rates and side-by-side descriptive summaries. The observed pattern is a strong pre/post “robust core” centered on the three large adult shelters and persistent Gap–shelter ties, whereas lockdown reduces most node- and edge-weights to roughly 50–60% of pre-lockdown and suppresses inter-shelter circulation more strongly than node visits (Messier, 2023).
In public-transport analysis, the access graph is defined over stops or stations. With and the generalized shortest travel time between stops and 0, the graph for time budget 1 is
2
with adjacency entries 3 if 4 and 5 otherwise. Because 6 and 7, 8 is undirected and contains no self-loops. Degree
9
counts the number of reachable stops within 0. The generalized travel time combines an L-space in-vehicle component and P-space waiting and transfer components; in the reported implementation,
1
Across 51 metro networks, the average degree 2 follows a logistic-like S-curve, modeled by
3
and the framework defines accessibility indicators such as 4, 5, 6, 7, and equity indicators via the Gini coefficient 8 of the degree distribution. Empirically, 9 typically lies between 25 min and 35 min for over 45 of the 51 networks, while 0 and 1 quantify stop-to-stop disparities in accessibility (Šfiligoj et al., 11 Jul 2025).
GAEA formalizes equitable access on a directed, unweighted graph 2 with protected groups 3, reward nodes 4, and group-specific starting distributions 5. A group’s access score is based on inverse shortest-path distance,
6
with expected utility
7
Disparity is measured either by
8
or by the Gini index of 9. The optimization problem is to add up to 0 edges so as to maximize 1 while enforcing demographic parity. The paper proves NP-hardness and shows inapproximability within a factor 2 unless P3NP, then develops an MRP-based reinforcement-learning framework with Gumbel-sigmoid edge relaxations and an augmented-Lagrangian treatment of parity and budget constraints. On the Chicago bus-network case study, the reported values move from average utility 4 and Gini 5 initially to utility 6 and Gini 7 after the RL edits (Ramachandran et al., 2020).
3. Security telemetry and authorization graphs
Madireddy et al. construct an access graph for cloud IAM logs as a dynamic heterogeneous graph 8 rebuilt every window 9. The node set may contain users, roles, resources, and optionally sessions; user features include current-role embeddings, historical access entropy, session-duration statistics, and failed-login frequencies, while role and resource nodes carry privilege level, role category, resource type embeddings, and sensitivity or risk labels. Edge types include user-to-role assignment, role-to-resource access, and optionally user-to-resource direct access, with weights 0 and recency possibly defined by exponential decay. Embeddings are updated by attention-based neighborhood aggregation, anomaly scores are computed as 1, and periodic retraining uses weighted cross-entropy on a feedback buffer to handle concept drift and new node or edge types. Reported results on synthesized and real IAM datasets are Precision 2, Recall 3, F1 4, FPR 5, with latency under 6 ms even at 7 k events/sec and throughput 8 eps (Madireddy, 11 Dec 2025).
In property-graph security, an access graph is an authorization augmentation of the underlying graph. The survey “Comparison of Access Control Approaches for Graph-Structured Data” defines the object as a quintuple 9, where 0 and 1 are the property-graph nodes and edges, 2 is the subject set, 3 the set of atomic actions such as 4, and
5
is the access-right relation. Some approaches also define
6
for negative permissions. The surveyed systems differ by base model—AReBAC, XACML4G, GQRA, and ABAC for Neo4j—but all support fine-grained authorization over nodes and edges, and all enforce policies by query transformation or interception rather than by modifying the database engine. XACML4G uses closed semantics; AReBAC, GQRA, and ABAC for Neo4j use open semantics; XACML4G and ABAC for Neo4j support deny rules with deny-override conflict resolution (Mohamed et al., 2024).
Ahmadi and Small describe a unified graph-model implementation of ABAC in which the access graph is a directed, labeled graph 7 with primitive subject, object, and action nodes, attribute nodes, and policy nodes. Edge labels are 8, and a policy matches a request 9 when every required condition node linked to the policy is reachable from the corresponding primitive by a path of zero or more 0 edges up to a chosen maximum depth. The Neo4j realization uses node labels such as :Subject, :Object, :Action, :Attribute, and :Policy, Cypher variable-length traversals, and a combine step in which deny-overrides can be expressed directly (Ahmadi et al., 2019).
A common misconception is to conflate these security-oriented access graphs with simple ACL tables. The surveyed work instead treats access as graph structure: path conditions, attribute chains, policy subgraphs, or dynamic interaction graphs are first-class objects, and enforcement or detection proceeds by graph traversal, AST rewriting, or graph embedding rather than by flat lookup alone.
4. Data access, Façade-X, and satisfiability of graph patterns
Within Façade-X, the access graph is a finite, rooted, ordered, acyclic tree of containers and slots. The signature includes unary predicates Container, Slot, Type, and Value, and binary predicates hasContainer, hasSlot, hasValue, and hasType. The structure requires exactly one root, acyclicity, a single directed path from the root to any container, ordered slots via an index 1, and typed/value-bearing attachments. This meta-model abstracts relational tables, XML/JSON trees, CSV files, and nested structures. It is exposed to SPARQL via a bidirectional, lossless mapping
2
with six core rules using the prefixes fx: and xyz:. Corollary 1 establishes that the mapping is bijective and lossless, so Façade-X and its RDF view can be round-tripped without information loss. The resulting m-graph is connected, acyclic, and single-rooted, and these properties sharply constrain which SPARQL triple patterns are satisfiable. The paper then gives a bottom-up satisfiability procedure, SAT-FX(Q), that propagates candidate sets for variables until fixpoint; if any candidate set becomes empty the BGP is UNSAT, otherwise SAT. The worst-case time is 3. Experiments include 18 GTFS-Madrid-Bench queries and 449 real-world SPARQL-Anything queries harvested from GitHub; after discarding parse errors, 1430 BGPs remain, and the reported implementation checks satisfiability for over 99% of these BGPs in under 100 ms, with only one pathological pattern of 19 triples and 19 variables timing out at 5 s (Asprino et al., 12 Feb 2026).
This use of “access graph” differs sharply from the accessibility and security literatures. Here the graph is neither a network of opportunities nor a permission structure, but a constrained representational substrate over which SPARQL Basic Graph Patterns can be answered directly. A plausible implication is that the term “access” in this context refers primarily to queryable access to heterogeneous data sources without materializing intermediate formats.
5. Access locality, compression, and systems-level access structure
In sparse-graph systems research, the term is used at the storage-layout level. “Algebraic Vertex Ordering of a Sparse Graph for Adjacency Access Locality and Graph Compression” defines an induced access graph whose vertices are blocks of contiguous indices under a vertex ordering 4, and whose edges indicate which blocks must be accessed together when scanning a neighbor list. The objective is adjacency access locality (AAL): neighbors should lie close under 5 so that compressed adjacency lists require few fetched blocks. Two core measures are
6
and
7
with
8
The proposed viFPS ordering combines Pareto-conditioned hub separation, Fiedler-vector cuts, recursive assembly, and AMD as a base case, with cost 9 under balanced splits. The paper states extremal bounds such as 0 for a biclique under appropriate ordering, and reports that viFPS yields the lowest bits/link in 15 of 18 cases, improves compression by 10–30% over AMD and by up to 1 over SlashBurn, and reduces APS citation-graph subspace-iteration time from 2 s under AMD to 3 s under viFPS (Floros et al., 2024).
Related systems work studies fast access without always naming an “access graph” explicitly. EMOGI addresses out-of-memory GPU graph traversal by pinning CSR edge lists in host memory, mapping them into GPU page tables as zero-copy regions, and relying on direct cacheline-sized PCIe accesses. Its analytical model emphasizes cache-line size CL, header overhead H, peak PCIe bandwidth 4, round-trip latency RTT, and the condition
5
for saturating PCIe. Warp-level merging and 128 B alignment reduce TLP count and nearly fully utilize PCIe bandwidth; the reported result is a 6 average speedup over optimized UVM implementations, with I/O amplification 7–8 for EMOGI versus 9–0 for UVM (Min et al., 2020). In web-graph compression, BV, LM, k²-partitioned, 2D, and 2D-stripes balance bits per edge against random-access latency; representative EU-2005 values range from about 1 bits/link for 2D at 2 with about 3 ns/edge access to about 4 bits/link for BV with about 5 ns/edge access (Proborszcz, 2013).
These systems papers show that “access” may refer not to semantic permissions or mobility, but to the physical act of retrieving adjacency information efficiently. The access graph in this setting is therefore an organizational graph over memory or compressed blocks rather than over the original application entities.
6. Multiple-access communication and spectral graph design
In unsourced random access, the sparse multi-access graph of Sparse IDMA is seeded by a compressive-sensing front end. Preamble recovery produces detected users and fading estimates, after which a sparse joint Tanner graph is built with variable nodes 6, check nodes 7, and MAC nodes 8. LDPC edges follow the parity-check matrix, while multi-access edges arise because each LDPC bit is repeated 9 times and interleaved into time slots according to the user-specific interleaver 00. The joint incidence structure is written as
01
and decoding proceeds by belief propagation with variable-to-check, check-to-variable, variable-to-MAC, and MAC-to-variable log-likelihood-ratio updates. The paper gives asymptotic density-evolution expressions and reports, for 02 bits and 03, an 04 requirement of 05 dB at 06 rising to 07 dB at 08, with superiority over prior ALOHA-based and CS-tree schemes in that regime (Pradhan et al., 2019).
In SCMA, the access graph is explicitly bipartite:
09
where 10 are user nodes, 11 are resource nodes, and 12 iff 13 in the sparse factor matrix 14. The overloading factor is 15. Spatial coupling replaces block-diagonal repetition by a band-diagonal coupled factor matrix, producing a single connected graph across blocks and increasing the effective signal-space dimension. For a user-set error event 16, the Effective Access Dimensionality is
17
and the paper derives
18
Letting 19 and 20 for the two largest eigenvalues of the bipartite adjacency, the adjacency-spectral gap is
21
and the paper establishes a lower bound on 22 in terms of 23. Reported simulations show that coupling level 24 raises 25 from 26 to approximately 27, increases MED from 28 to 29 for a 30 Huawei benchmark codebook, and yields BER gains in both AWGN and 3GPP TDL-C/TDL-D fading settings (Gui et al., 30 Jun 2026).
Across these communication models, the access graph is not a post hoc descriptive visualization but part of the code or detector itself. This suggests a broader unifying principle: once access is encoded as sparse incidence, graph structure can regulate interference, decoding complexity, and error probability just as it regulates reachability, authorization, or data access in other domains.