From bb681b9323b3576ad73506311309f16669a36ba7 Mon Sep 17 00:00:00 2001 From: lidiazuin Date: Tue, 26 Jul 2022 12:43:22 +0200 Subject: [PATCH 01/11] merging editorial review and keeping the new formatting --- .../database-administration.adoc | 172 +++++++++--------- 1 file changed, 86 insertions(+), 86 deletions(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index 06a539b9e..78fc17b71 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -9,13 +9,14 @@ This section explains how to use Cypher to manage Neo4j database administrative privileges. -- -The administrators can use the following Cypher commands to manage Neo4j database administrative rights. +Administrators can use the following Cypher commands to manage Neo4j database administrative rights. + The components of the database privilege commands are: -* the command: +* _commands_: ** `GRANT` – gives privileges to roles. ** `DENY` – denies privileges to roles. -** `REVOKE` – removes granted or denied privilege from roles. +** `REVOKE` – removes granted or denied privileges from roles. * _database-privilege_ @@ -31,8 +32,8 @@ The components of the database privilege commands are: ** `SHOW CONSTRAINT` - allows constraints to be listed on the specified database. ** `CONSTRAINT [MANAGEMENT]` - allows constraints to be created, deleted, and listed on the specified database. ** `CREATE NEW [NODE] LABEL` - allows labels to be created so that future nodes can be assigned them. -** `CREATE NEW [RELATIONSHIP] TYPE` - allows relationship types to be created, so that future relationships can be created with these types. -** `CREATE NEW [PROPERTY] NAME` - allows property names to be created, so that nodes and relationships can have properties with these names assigned. +** `CREATE NEW [RELATIONSHIP] TYPE` - allows relationship types to be created, so that relationships can be assigned to them. +** `CREATE NEW [PROPERTY] NAME` - allows property names to be created, so that nodes and relationships can have properties assigned with these names. ** `NAME [MANAGEMENT]` - allows all of the name management capabilities: node labels, relationship types, and property names. ** `ALL [[DATABASE] PRIVILEGES]` - allows access, index, constraint, and name management for the specified database or remote database alias. ** `SHOW TRANSACTION` - allows listing transactions and queries for the specified users on the specified database. @@ -44,7 +45,7 @@ The components of the database privilege commands are: + [NOTE] ==== -If you delete a database and create a new one with the same name, the new one will NOT have the privileges assigned to the deleted database. +If you delete a database and create a new one with the same name, the new one will NOT have the same privileges previously assigned to the deleted one. ==== ** The _name_ component can be `+*+`, which means all databases. Databases created after this command execution will also be associated with these privileges. @@ -72,7 +73,7 @@ GRANT database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } ---- | Description -| Grant a privilege to one or multiple roles. +| Grants a privilege to one or multiple roles. |=== @@ -92,7 +93,7 @@ DENY database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } } ---- | Description -| Deny a privilege to one or multiple roles. +| Denies a privilege to one or multiple roles. |=== @@ -102,17 +103,17 @@ DENY database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } } |=== | Command -m| +REVOKE GRANT ... ON ... FROM ...+ +m| +REVOKE DENY ... ON ... FROM ...+ | Syntax a| [source, syntax, role="noheader", indent=0] ---- -REVOKE GRANT database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } } FROM role[, ...] +REVOKE DENY database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } } FROM role[, ...] ---- | Description -| Revoke a granted privilege from one or multiple roles. +| Revoke a denied privilege from one or multiple roles. |=== @@ -132,7 +133,7 @@ REVOKE DENY database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, . ---- | Description -| Revoke a denied privilege from one or multiple roles. +| Revokes a denied privilege from one or multiple roles. |=== @@ -152,14 +153,14 @@ REVOKE database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } ---- | Description -| Revoke a granted or denied privilege from one or multiple roles. +| Revokes a granted or denied privilege from one or multiple roles. |=== [NOTE] ==== -`DENY` does NOT erase a granted privilege; they both exist. +`DENY` does NOT erase a granted privilege. Use `REVOKE` if you want to remove a privilege. ==== @@ -188,7 +189,7 @@ GRANT ACCESS | Description a| -Grant the specified roles the privilege to access: +Grants the specified roles the privilege to access: * The home database. * Specific database(s) or remote database alias(es). @@ -214,7 +215,7 @@ GRANT { START \| STOP } ---- | Description -| Grant the specified roles the privilege to start or stop the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to start or stop the home database, specific database(s), or all databases. |=== @@ -236,7 +237,7 @@ GRANT { CREATE \| DROP \| SHOW } INDEX[ES] ---- | Description -| Grant the specified roles the privilege to create, delete, or show indexes on the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to create, delete, or show indexes on the home database, specific database(s), or all databases. |=== @@ -258,7 +259,7 @@ GRANT INDEX[ES] [MANAGEMENT] ---- | Description -| Grant the specified roles the privilege to manage indexes on the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to manage indexes on the home database, specific database(s), or all databases. |=== @@ -280,7 +281,7 @@ GRANT { CREATE \| DROP \| SHOW } CONSTRAINT[S] ---- | Description -| Grant the specified roles the privilege to create, delete, or show constraints on the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to create, delete, or show constraints on the home database, specific database(s), or all databases. |=== @@ -302,7 +303,7 @@ GRANT CONSTRAINT[S] [MANAGEMENT] ---- | Description -| Grant the specified roles the privilege to manage constraints on the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to manage constraints on the home database, specific database(s), or all databases. |=== @@ -324,7 +325,7 @@ GRANT CREATE NEW [NODE] LABEL[S] ---- | Description -| Grant the specified roles the privilege to create new node labels in the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to create new node labels in the home database, specific database(s), or all databases. |=== @@ -346,7 +347,7 @@ GRANT CREATE NEW [RELATIONSHIP] TYPE[S] ---- | Description -| Grant the specified roles the privilege to create new relationship types in the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to create new relationship types in the home database, specific database(s), or all databases. |=== @@ -368,7 +369,7 @@ GRANT CREATE NEW [PROPERTY] NAME[S] ---- | Description -| Grant the specified roles the privilege to create new property names in the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to create new property names in the home database, specific database(s), or all databases. |=== @@ -390,7 +391,7 @@ GRANT NAME [MANAGEMENT] ---- | Description -| Grant the specified roles the privilege to manage new labels, relationship types, and property names in the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to manage new labels, relationship types, and property names in the home database, specific database(s), or all databases. |=== @@ -412,7 +413,7 @@ GRANT ALL [[DATABASE] PRIVILEGES] ---- | Description -| Grant the specified roles all privileges for the home, a specific, or all databases and remote database aliases. +| Grants the specified roles all privileges for the home, a specific, or all databases and remote database aliases. |=== @@ -434,7 +435,7 @@ GRANT { SHOW \| TERMINATE } TRANSACTION[S] [( { * \| user[, ...] } )] ---- | Description -| Grant the specified roles the privilege to list and end the transactions and queries of all users or a particular user(s) in the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to list and end the transactions and queries of all users or a particular user(s) in the home database, specific database(s), or all databases. |=== @@ -456,7 +457,7 @@ GRANT TRANSACTION [MANAGEMENT] [( { * \| user[, ...] } )] ---- | Description -| Grant the specified roles the privilege to manage the transactions and queries of all users or a particular user(s) in the home database, specific database(s), or all databases. +| Grants the specified roles the privilege to manage the transactions and queries of all users or a particular user(s) in the home database, specific database(s), or all databases. |=== @@ -468,41 +469,41 @@ image::privileges_grant_and_deny_syntax_database_privileges.png[title="Syntax of == The database `ACCESS` privilege The `ACCESS` privilege enables users to connect to a database or a remote database alias. -With `ACCESS` you can run calculations, for example, `+RETURN 2 * 5 AS answer+` or call functions `RETURN timestamp() AS time`. +With `ACCESS` you can run calculations, for example, `RETURN 2*5 AS answer` or call functions `RETURN timestamp() AS time`. -[source, syntax, role="noheader", indent=0] +[source, syntax, role="noheader"] ---- GRANT ACCESS - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- -For example, granting the ability to access the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to grant the role `regularUsers` the ability to access the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- GRANT ACCESS ON DATABASE neo4j TO regularUsers ---- -The `ACCESS` privilege can also be denied. +The `ACCESS` privilege can also be denied: -[source, syntax, role="noheader", indent=0] +[source, syntax, role="noheader"] ---- DENY ACCESS - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } - TO role[, ...] + ON {HOME DATABASE | DATABASE[S] {* | name[, ...]}} + TO role[, ...] ---- -For example, denying the ability to access to the remote database alias `remote-db` to the role `regularUsers` is done using the following query. +For example, to deny the role `regularUsers` the ability to access to the remote database alias `remote-db`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- DENY ACCESS ON DATABASE `remote-db` TO regularUsers ---- The privileges granted can be seen using the `SHOW PRIVILEGES` command: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- SHOW ROLE regularUsers PRIVILEGES AS COMMANDS ---- @@ -520,73 +521,73 @@ a|Rows: 2 [[access-control-database-administration-startstop]] == The database `START`/`STOP` privileges -The `START` privilege can be used to enable the ability to start a database. +The `START` privilege can be used to enable the ability to start a database: -[source, syntax, role="noheader", indent=0] +[source, syntax, role="noheader"] ---- GRANT START ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- -For example, granting the ability to start the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to grant the role `regularUsers` the ability to start the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- GRANT START ON DATABASE neo4j TO regularUsers ---- -The `START` privilege can also be denied. +The `START` privilege can also be denied: -[source, syntax, role="noheader", indent=0] +[source, syntax, role="noheader"] ---- DENY START - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } +ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- -For example, denying the ability to start to the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to deny the role `regularUsers` the ability to start to the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- DENY START ON DATABASE system TO regularUsers ---- -The `STOP` privilege can be used to enable the ability to stop a database. +The `STOP` privilege can be used to enable the ability to stop a database: -[source, syntax, role="noheader", indent=0] +[source, syntax, role="noheader"] ---- GRANT STOP - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- -For example, granting the ability to stop the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to grant the role `regularUsers` the ability to stop the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- GRANT STOP ON DATABASE neo4j TO regularUsers ---- -The `STOP` privilege can also be denied. +The `STOP` privilege can also be denied: -[source, syntax, role="noheader", indent=0] +[source, syntax, role="noheader"] ---- DENY STOP - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- -For example, denying the ability to stop to the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to deny the role `regularUsers` the ability to stop the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- DENY STOP ON DATABASE system TO regularUsers ---- The privileges granted can be seen using the `SHOW PRIVILEGES` command: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- SHOW ROLE regularUsers PRIVILEGES AS COMMANDS ---- @@ -594,7 +595,6 @@ SHOW ROLE regularUsers PRIVILEGES AS COMMANDS .Result [options="header,footer", width="100%", cols="m"] |=== - |command |"DENY ACCESS ON DATABASE `remote-db` TO `regularUsers`" |"DENY START ON DATABASE `system` TO `regularUsers`" @@ -603,7 +603,6 @@ SHOW ROLE regularUsers PRIVILEGES AS COMMANDS |"GRANT START ON DATABASE `neo4j` TO `regularUsers`" |"GRANT STOP ON DATABASE `neo4j` TO `regularUsers`" a|Rows: 6 - |=== [NOTE] @@ -620,6 +619,8 @@ The privilege to do this can be granted with `GRANT CREATE INDEX`, `GRANT DROP I The privilege to do all three can be granted with `GRANT INDEX MANAGEMENT` command. + + .Index management privilege syntax [cols="<15s,<85"] |=== @@ -637,7 +638,7 @@ GRANT { CREATE \| DROP \| SHOW } INDEX[ES] ---- | Description -| Enable the specified roles to create, delete, or show indexes in the home database, specific database(s), or all databases. +| Enables the specified roles to create, delete, or show indexes in the home database, specific database(s), or all databases. |=== @@ -660,14 +661,14 @@ GRANT INDEX[ES] [MANAGEMENT] ---- | Description -| Enable the specified roles to manage indexes in the home database, specific database(s), or all databases. +| Enables the specified roles to manage indexes in the home database, specific database(s), or all databases. |=== -For example, granting the ability to create indexes on the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to grant the role `regularUsers` the ability to create indexes on the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- GRANT CREATE INDEX ON DATABASE neo4j TO regularUsers ---- @@ -700,7 +701,7 @@ GRANT { CREATE \| DROP \| SHOW } CONSTRAINT[S] ---- | Description -| Enable the specified roles to create, delete, or show constraints on the home database, specific database(s), or all databases. +| Enables the specified roles to create, delete, or show constraints on the home database, specific database(s), or all databases. |=== @@ -727,9 +728,9 @@ GRANT CONSTRAINT[S] [MANAGEMENT] |=== -For example, granting the ability to create constraints on the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to grant the role `regularUsers` the ability to create constraints on the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- GRANT CREATE CONSTRAINT ON DATABASE neo4j TO regularUsers ---- @@ -761,7 +762,7 @@ GRANT CREATE NEW [NODE] LABEL[S] ---- | Description -| Enable the specified roles to create new node labels in the home database, specific database(s), or all databases. +| Enables the specified roles to create new node labels in the home database, specific database(s), or all databases. |=== @@ -783,7 +784,7 @@ GRANT CREATE NEW [RELATIONSHIP] TYPE[S] ---- | Description -| Enable the specified roles to create new relationship types in the home database, specific database(s), or all databases. +| Enables the specified roles to create new relationship types in the home database, specific database(s), or all databases. |=== @@ -805,7 +806,7 @@ GRANT CREATE NEW [PROPERTY] NAME[S] ---- | Description -| Enable the specified roles to create new property names in the home database, specific database(s), or all databases. +| Enables the specified roles to create new property names in the home database, specific database(s), or all databases. |=== @@ -827,14 +828,14 @@ GRANT NAME [MANAGEMENT] ---- | Description -| Enable the specified roles to create new labels, relationship types, and property names in the home database, specific database(s), or all databases. +| Enables the specified roles to create new labels, relationship types, and property names in the home database, specific database(s), or all databases. |=== -For example, granting the ability to create new properties on nodes or relationships in the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to grant the role `regularUsers` the ability to create new properties on nodes or relationships on the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- GRANT CREATE NEW PROPERTY NAME ON DATABASE neo4j TO regularUsers ---- @@ -845,11 +846,11 @@ GRANT CREATE NEW PROPERTY NAME ON DATABASE neo4j TO regularUsers The right to access a database, create and drop indexes and constraints and create new labels, relationship types or property names can be achieved with a single command: -[source, syntax, role="noheader", indent=0] +[source, syntax, role="noheader"] ---- GRANT ALL [[DATABASE] PRIVILEGES] - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } - TO role[, ...] + ON {HOME DATABASE | DATABASE[S] {* | name[, ...]}} + TO role[, ...] ---- [NOTE] @@ -860,14 +861,14 @@ These privileges are associated with administrators while other database privile For example, granting the abilities above on the database `neo4j` to the role `databaseAdminUsers` is done using the following query. -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- GRANT ALL DATABASE PRIVILEGES ON DATABASE neo4j TO databaseAdminUsers ---- The privileges granted can be seen using the `SHOW PRIVILEGES` command: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- SHOW ROLE databaseAdminUsers PRIVILEGES AS COMMANDS ---- @@ -884,7 +885,7 @@ a|Rows: 1 [[access-control-database-administration-transaction]] == Granting `TRANSACTION MANAGEMENT` privileges -The right to run the commands `SHOW TRANSACTIONS`, `TERMINATE TRANSACTIONS`, and the deprecated procedures `dbms.listTransactions`, `dbms.listQueries`,`dbms.killQuery`, `dbms.killQueries`, `dbms.killTransaction` and `dbms.killTransactions`, are managed through the `SHOW TRANSACTION` and `TERMINATE TRANSACTION` privileges. +The right to run the commands `SHOW TRANSACTIONS`, `TERMINATE TRANSACTIONS`, and the deprecated procedures `dbms.listTransactions`, `dbms.listQueries`, `dbms.killQuery`, `dbms.killQueries`, `dbms.killTransaction` and `dbms.killTransactions` is now managed through the `SHOW TRANSACTION` and `TERMINATE TRANSACTION` privileges. .Database privilege syntax @@ -904,7 +905,7 @@ GRANT SHOW TRANSACTION[S] [( { * \| user[, ...] } )] ---- | Description -| Enable the specified roles to list transactions and queries for user(s) or all users in the home database, specific database(s), or all databases. +| Enables the specified roles to list transactions and queries for user(s) or all users in the home database, specific database(s), or all databases. |=== @@ -926,7 +927,7 @@ GRANT TERMINATE TRANSACTION[S] [( { * \| user[, ...] } )] ---- | Description -| Enable the specified roles to end running transactions and queries for user(s) or all users in the home database, specific database(s), or all databases. +| Enables the specified roles to end running transactions and queries for user(s) or all users in the home database, specific database(s), or all databases. |=== @@ -948,7 +949,7 @@ GRANT TRANSACTION [MANAGEMENT] [( { * \| user[, ...] } )] ---- | Description -| Enable the specified roles to manage transactions and queries for user(s) or all users in the home database, specific database(s), or all databases. +| Enables the specified roles to manage transactions and queries for user(s) or all users in the home database, specific database(s), or all databases. |=== @@ -958,10 +959,9 @@ GRANT TRANSACTION [MANAGEMENT] [( { * \| user[, ...] } )] Note that the `TRANSACTION MANAGEMENT` privileges are not included in the xref::access-control/database-administration.adoc#access-control-database-administration-all[`ALL DATABASE PRIVILEGES`]. ==== -For example, granting the ability to list transactions for user `jake` in the database `neo4j` to the role `regularUsers` is done using the following query. +For example, to grant the role `regularUsers` the ability to list transactions for user `jake` on the database `neo4j`, use: -[source, cypher, role=noplay, indent=0] +[source, cypher, role=noplay] ---- GRANT SHOW TRANSACTION (jake) ON DATABASE neo4j TO regularUsers ---- - From 93efbe98e8df5576c17089ec9082d67571682d9b Mon Sep 17 00:00:00 2001 From: lidiazuin Date: Tue, 26 Jul 2022 12:49:22 +0200 Subject: [PATCH 02/11] fixing some remaining formatting changes --- .../pages/access-control/database-administration.adoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index 78fc17b71..cde79b182 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -469,7 +469,7 @@ image::privileges_grant_and_deny_syntax_database_privileges.png[title="Syntax of == The database `ACCESS` privilege The `ACCESS` privilege enables users to connect to a database or a remote database alias. -With `ACCESS` you can run calculations, for example, `RETURN 2*5 AS answer` or call functions `RETURN timestamp() AS time`. +With `ACCESS` you can run calculations, for example, `+RETURN 2 * 5 AS answer+` or call functions `RETURN timestamp() AS time`. [source, syntax, role="noheader"] ---- @@ -490,8 +490,8 @@ The `ACCESS` privilege can also be denied: [source, syntax, role="noheader"] ---- DENY ACCESS - ON {HOME DATABASE | DATABASE[S] {* | name[, ...]}} - TO role[, ...] +ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + TO role[, ...] ---- For example, to deny the role `regularUsers` the ability to access to the remote database alias `remote-db`, use: @@ -849,8 +849,8 @@ The right to access a database, create and drop indexes and constraints and crea [source, syntax, role="noheader"] ---- GRANT ALL [[DATABASE] PRIVILEGES] - ON {HOME DATABASE | DATABASE[S] {* | name[, ...]}} - TO role[, ...] +ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + TO role[, ...] ---- [NOTE] From fa5a0aea206aadfd79e33cfcdb9e1e2bab67f2d4 Mon Sep 17 00:00:00 2001 From: lidiazuin Date: Tue, 26 Jul 2022 12:52:07 +0200 Subject: [PATCH 03/11] fixing spacing --- .../pages/access-control/database-administration.adoc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index cde79b182..b78f3b6ef 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -13,7 +13,7 @@ Administrators can use the following Cypher commands to manage Neo4j database ad The components of the database privilege commands are: -* _commands_: +* _command_: ** `GRANT` – gives privileges to roles. ** `DENY` – denies privileges to roles. ** `REVOKE` – removes granted or denied privileges from roles. @@ -474,7 +474,7 @@ With `ACCESS` you can run calculations, for example, `+RETURN 2 * 5 AS answer+` [source, syntax, role="noheader"] ---- GRANT ACCESS - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- @@ -490,7 +490,7 @@ The `ACCESS` privilege can also be denied: [source, syntax, role="noheader"] ---- DENY ACCESS -ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- @@ -849,7 +849,7 @@ The right to access a database, create and drop indexes and constraints and crea [source, syntax, role="noheader"] ---- GRANT ALL [[DATABASE] PRIVILEGES] -ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- From 27dff15e001670252502d5f15094433ac1996935 Mon Sep 17 00:00:00 2001 From: lidiazuin Date: Wed, 27 Jul 2022 10:00:37 +0200 Subject: [PATCH 04/11] fixing after comments --- .../ROOT/pages/access-control/database-administration.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index b78f3b6ef..51334d0db 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -109,11 +109,11 @@ m| +REVOKE DENY ... ON ... FROM ...+ a| [source, syntax, role="noheader", indent=0] ---- -REVOKE DENY database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } } FROM role[, ...] +REVOKE GRANT database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } } FROM role[, ...] ---- | Description -| Revoke a denied privilege from one or multiple roles. +| Revoke a granted privilege from one or multiple roles. |=== From 7f9244110004eb0b18e1424e1b28e9451e1bb1ee Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 27 Jul 2022 15:43:24 +0200 Subject: [PATCH 05/11] Update modules/ROOT/pages/access-control/database-administration.adoc Co-authored-by: Martin --- modules/ROOT/pages/access-control/database-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index 51334d0db..f4030565e 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -103,7 +103,7 @@ DENY database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } } |=== | Command -m| +REVOKE DENY ... ON ... FROM ...+ +m| +REVOKE GRANT ... ON ... FROM ...+ | Syntax a| From 5687c3bd80fccb2748651af7ce7233233955e0bd Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 27 Jul 2022 15:43:42 +0200 Subject: [PATCH 06/11] Update modules/ROOT/pages/access-control/database-administration.adoc Co-authored-by: Martin --- modules/ROOT/pages/access-control/database-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index f4030565e..d83093a1c 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -160,7 +160,7 @@ REVOKE database-privilege ON { HOME DATABASE \| DATABASE[S] { * \| name[, ...] } [NOTE] ==== -`DENY` does NOT erase a granted privilege. +`DENY` does *not* erase a granted privilege. Use `REVOKE` if you want to remove a privilege. ==== From 4aa5ea1fbff7d03cb82d2e11e1f3d061da2d3bab Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 27 Jul 2022 15:44:05 +0200 Subject: [PATCH 07/11] Update modules/ROOT/pages/access-control/database-administration.adoc Co-authored-by: Martin --- modules/ROOT/pages/access-control/database-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index d83093a1c..0fc1abcd5 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -542,7 +542,7 @@ The `START` privilege can also be denied: [source, syntax, role="noheader"] ---- DENY START -ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- From 841b2dab74f336d005f2a77dde49f658fc0be3fa Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 27 Jul 2022 15:44:35 +0200 Subject: [PATCH 08/11] Update modules/ROOT/pages/access-control/database-administration.adoc Co-authored-by: Martin --- modules/ROOT/pages/access-control/database-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index 0fc1abcd5..14d87546d 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -558,7 +558,7 @@ The `STOP` privilege can be used to enable the ability to stop a database: [source, syntax, role="noheader"] ---- GRANT STOP - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- From 2ba087128b20b407300ea3a4d733cd202d7370df Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Wed, 27 Jul 2022 15:44:45 +0200 Subject: [PATCH 09/11] Update modules/ROOT/pages/access-control/database-administration.adoc Co-authored-by: Martin --- modules/ROOT/pages/access-control/database-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index 14d87546d..41b670bbf 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -574,7 +574,7 @@ The `STOP` privilege can also be denied: [source, syntax, role="noheader"] ---- DENY STOP - ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } + ON { HOME DATABASE | DATABASE[S] { * | name[, ...] } } TO role[, ...] ---- From 6e130d0e1ecb336a5f8b4573907863efce06ed3a Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 28 Jul 2022 11:34:06 +0200 Subject: [PATCH 10/11] Update modules/ROOT/pages/access-control/database-administration.adoc Co-authored-by: Martin --- modules/ROOT/pages/access-control/database-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index 41b670bbf..4a2ff3d70 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -31,7 +31,7 @@ The components of the database privilege commands are: ** `DROP CONSTRAINT` - allows constraints to be deleted on the specified database. ** `SHOW CONSTRAINT` - allows constraints to be listed on the specified database. ** `CONSTRAINT [MANAGEMENT]` - allows constraints to be created, deleted, and listed on the specified database. -** `CREATE NEW [NODE] LABEL` - allows labels to be created so that future nodes can be assigned them. +** `CREATE NEW [NODE] LABEL` - allows new node labels to be created. ** `CREATE NEW [RELATIONSHIP] TYPE` - allows relationship types to be created, so that relationships can be assigned to them. ** `CREATE NEW [PROPERTY] NAME` - allows property names to be created, so that nodes and relationships can have properties assigned with these names. ** `NAME [MANAGEMENT]` - allows all of the name management capabilities: node labels, relationship types, and property names. From 16934150cd76fb4fd6cadab9da22675a63df560e Mon Sep 17 00:00:00 2001 From: lidiazuin <102308961+lidiazuin@users.noreply.github.com> Date: Thu, 28 Jul 2022 11:34:21 +0200 Subject: [PATCH 11/11] Update modules/ROOT/pages/access-control/database-administration.adoc Co-authored-by: Martin --- modules/ROOT/pages/access-control/database-administration.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/access-control/database-administration.adoc index 4a2ff3d70..4c11dd512 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/access-control/database-administration.adoc @@ -32,7 +32,7 @@ The components of the database privilege commands are: ** `SHOW CONSTRAINT` - allows constraints to be listed on the specified database. ** `CONSTRAINT [MANAGEMENT]` - allows constraints to be created, deleted, and listed on the specified database. ** `CREATE NEW [NODE] LABEL` - allows new node labels to be created. -** `CREATE NEW [RELATIONSHIP] TYPE` - allows relationship types to be created, so that relationships can be assigned to them. +** `CREATE NEW [RELATIONSHIP] TYPE` - allows new relationship types to be created. ** `CREATE NEW [PROPERTY] NAME` - allows property names to be created, so that nodes and relationships can have properties assigned with these names. ** `NAME [MANAGEMENT]` - allows all of the name management capabilities: node labels, relationship types, and property names. ** `ALL [[DATABASE] PRIVILEGES]` - allows access, index, constraint, and name management for the specified database or remote database alias.