editorial review of access control #28
Conversation
✅ Deploy Preview for neo4j-docs-cypher ready!
To edit notification comments on pull requests, go to your Netlify site settings. |
martin-neotech
left a comment
martin-neotech
left a comment
There was a problem hiding this comment.
Just change the spelling and nothing else.
These changes also then need to be cherry-picked to the dev (5.0) branch. So dont create more huge PRs that is just improving the content before we have properly moved away from the old repository or we will never catch up.
| @@ -1,5 +1,3 @@ | |||
| :description: The default privileges of the built-in roles in Neo4j and how to recreate them if needed. | |||
There was a problem hiding this comment.
Dont remove the :description: attribute. This is being used on the html output in the meta tag.
In the old repository the :abstract: text is extracted and creates a :description: attribute automagically, we dont want to enforce having an abstract on each page so this is why.
| All of the commands described in this chapter require that the user executing the commands has the rights to do so. | ||
| The privileges listed in the following sections are the default set of privileges for each built-in role: | ||
|
|
||
| * xref::access-control/built-in-roles.adoc#access-control-built-in-roles-public[The `PUBLIC` role] |
There was a problem hiding this comment.
In the old repository there is automagic that finds links and create xref links.
We want to have xref links so we know exactly what it is referring to.
Dont overwrite any links.
Also the documents have been structured so that if there is no need for a nested folder there is no need for an index file so it is much simpler and easier to find the files.
| [[access-control-built-in-roles-public-list]] | ||
| === Listing `PUBLIC` role privileges | ||
|
|
||
| [source, cypher, role=noplay, indent=0] |
There was a problem hiding this comment.
This is fine.
There is much to do to cleanup so there is a consistent style for the different code blocks. But lets do that after there is an easier workflow for this content.
| [[access-control-built-in-roles-publisher]] | ||
| == The `publisher` role | ||
|
|
||
| The `publisher` role can do the same as xref::access-control/built-in-roles.adoc#access-control-built-in-roles-editor[`editor`], but can also create new labels, property keys and relationship types. |
There was a problem hiding this comment.
Dont overwrite any links.
| | Description | ||
| | Revoke a denied privilege from one or multiple roles. | ||
|
|
||
| .General database privilege command syntax |
There was a problem hiding this comment.
There is new formatting for this content dont change it.
The old style is difficult to read and the structure is not nice when there is more content being added.
| With `ACCESS` you can run calculations, for example, `RETURN 2*5 AS answer` or call functions `RETURN timestamp() AS time`. | ||
|
|
||
| [source, syntax, role="noheader", indent=0] | ||
| [source, cypher, role=noplay] |
There was a problem hiding this comment.
Don't change the syntax tag, there is Cypher but it is syntax and not run-able Cypher.
And the syntax should not have a header for aesthetics and it is easier to read.
There was a problem hiding this comment.
I have looked at it again. There is just way to much format/structural changes.
If you think this work is to huge take one page at a time and create a PR for that page.
Just have editorial/spelling changes.
I only looked to the database-administration page etc. because this PR is so huge.
| .General database privilege command syntax | ||
| [options="header", width="100%", cols="3a,2"] | ||
| |=== | ||
| | Command | Description | ||
|
|
||
| | [source, cypher, role=noplay] | ||
| GRANT database-privilege ON {HOME DATABASE \| DATABASE[S] {* \| name[, ...]}} TO role[, ...] | ||
| | Grants a privilege to one or multiple roles. | ||
|
|
||
| .General revoke +ON DATABASE+ privilege syntax | ||
| [cols="<15s,<85"] | ||
| |=== | ||
|
|
||
| | Command | ||
| m| +REVOKE ... ON ... FROM ...+ | ||
| | [source, cypher, role=noplay] | ||
| DENY database-privilege ON {HOME DATABASE \| DATABASE[S] {* \| name[, ...]}} TO role[, ...] | ||
| | Denies a privilege to one or multiple roles. | ||
|
|
||
| | Syntax | ||
| a| | ||
| [source, syntax, role="noheader", indent=0] | ||
| ---- | ||
| REVOKE database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } } FROM role[, ...] | ||
| ---- | ||
| | [source, cypher, role=noplay] | ||
| REVOKE GRANT database-privilege ON {HOME DATABASE \| DATABASE[S] {* \| name[, ...]}} FROM role[, ...] | ||
| | Revokes a granted privilege from one or multiple roles. | ||
|
|
||
| | Description | ||
| | Revoke a granted or denied privilege from one or multiple roles. | ||
| | [source, cypher, role=noplay] | ||
| REVOKE DENY database-privilege ON {HOME DATABASE \| DATABASE[S] {* \| name[, ...]}} FROM role[, ...] | ||
| | Revokes a denied privilege from one or multiple roles. | ||
|
|
||
| | [source, cypher, role=noplay] | ||
| REVOKE database-privilege ON {HOME DATABASE \| DATABASE[S] {* \| name[, ...]}} FROM role[, ...] | ||
| | Revokes a granted or denied privilege from one or multiple roles. | ||
| |=== |
There was a problem hiding this comment.
Note: dont change the format. There are now a table for each syntax.
| The components of the database privilege commands are: | ||
|
|
||
| * the command: | ||
| * the commands: |
There was a problem hiding this comment.
| * the commands: | |
| * Commands: |
components of the database privilege commands
Co-authored-by: Martin <martin.bendsoe@neotechnology.com>
Related to this https://github.com/neo-technology/neo4j-manual-modeling/pull/2880