neo4j · JPryce-Aklundh · Mar 17, 2023 · Mar 7, 2023 · Mar 7, 2023 · Mar 7, 2023
diff --git a/modules/ROOT/pages/access-control/manage-privileges.adoc b/modules/ROOT/pages/access-control/manage-privileges.adoc
@@ -275,17 +275,53 @@ Other users' privileges cannot be listed when using a non-native auth provider.
 When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted.
 
 For an easy overview of the existing privileges, it is recommended to use the `AS COMMANDS` version of the `SHOW` command.
-This returns the privileges as the commands that are granted or denied.
+This returns the column `command` of type `STRING` containing the privileges as the commands that are granted or denied.
 
 When omitting the `AS COMMANDS` clause, results will include multiple columns describing privileges:
 
-* `access`: whether the privilege is granted or denied.
-* `action`: which type of privilege this is, for example traverse, read, index management or role management.
-* `resource`: what type of scope this privilege applies to, i.e. the entire DBMS, a specific database, a graph or sub-graph access.
-* `graph`: the specific database or graph this privilege applies to.
-* `segment`: when applicable, this privilege applies to labels, relationship types, procedures, functions or transactions.
-* `role`: the role a privilege is granted to.
-* `immutable`: whether or not the privilege is immutable.
+[options="header", width="100%", cols="4m,6a,2m"]
+|===
+| Column | Description | Type
+
+| access
+| Whether the privilege is granted or denied.
+| STRING
+
+| action
+| The type of the privilege.
+E.g., traverse, read, index management, or role management.
+| STRING
+
+| resource
+| The scope of the privilege. 
+E.g., the entire DBMS, a specific database, a graph, or sub-graph access.
+| STRING
+
+| graph
+| The specific database or graph the privilege applies to.
+| STRING
+
+| segment
+| The labels, relationship types, procedures, functions, transactions or settings the privilege applies to (if applicable).
+| STRING
+
+| role
+| The role the privilege is granted to.
+| STRING
+
+| immutable
+| Whether or not the privilege is immutable.
+
+This column is also available for the `AS COMMAND` variant using `YIELD`.
+| BOOLEAN
+
+| user
+| The user the privilege belongs to.
+
+Note that this is only returned for `SHOW USER [username] PRIVILEGES`.
+| STRING
+
+|===
 
 [[access-control-list-all-privileges]]
 === Examples for listing all privileges

diff --git a/modules/ROOT/pages/access-control/manage-roles.adoc b/modules/ROOT/pages/access-control/manage-roles.adoc
@@ -344,7 +344,9 @@ GRANT REMOVE ROLE
 [[access-control-list-roles]]
 == Listing roles
 
-Available roles can be seen using `SHOW ROLES`:
+
+Available roles can be seen using `SHOW ROLES`.
+This returns a single column `role` of type `STRING`, containing the role name.
 
 [source, cypher, role=noplay]
 ----
@@ -353,16 +355,6 @@ SHOW ROLES
 
 This is the same command as `SHOW ALL ROLES`.
 
-When first starting a Neo4j DBMS, there are a number of built-in roles:
-
-* `PUBLIC` - a role that all users have granted.
-By default it gives access to the home database and to execute privileges for procedures and functions.
-* `reader` - can perform traverse and read operations in all databases except `system`.
-* `editor` - can perform traverse, read, and write operations in all databases except `system`, but cannot create new labels or relationship types.
-* `publisher` - can do the same as `editor`, but also create new labels and relationship types.
-* `architect` - can do the same as `publisher` as well as create and manage indexes and constraints.
-* `admin` - can do the same as all the above, as well as manage databases, aliases, users, roles, and privileges.
-
 .Result
 [options="header,footer", width="100%", cols="m"]
 |===
@@ -378,12 +370,23 @@ By default it gives access to the home database and to execute privileges for pr
 1+a|Rows: 6
 |===
 
+When first starting a Neo4j DBMS, there are a number of built-in roles:
+
+* `PUBLIC` - a role that all users have granted.
+By default it gives access to the home database and to execute privileges for procedures and functions.
+* `reader` - can perform traverse and read operations in all databases except `system`.
+* `editor` - can perform traverse, read, and write operations in all databases except `system`, but cannot create new labels or relationship types.
+* `publisher` - can do the same as `editor`, but also create new labels and relationship types.
+* `architect` - can do the same as `publisher` as well as create and manage indexes and constraints.
+* `admin` - can do the same as all the above, as well as manage databases, aliases, users, roles, and privileges.
+
 More information about the built-in roles can be found in link:{neo4j-docs-base-uri}/operations-manual/{page-version}/authentication-authorization/built-in-roles[Operations Manual -> Built-in roles]
 
 There are multiple versions of this command, the default being `SHOW ALL ROLES`.
 To only show roles that are assigned to users, the command is `SHOW POPULATED ROLES`.
-To see which users are assigned to roles, `WITH USERS` can be added to the command.
-This will give a result with one row for each user, so if a role is assigned to two users, then it will show up twice.
+To see which users are assigned to which roles, `WITH USERS` can be added to the command.
+This will return an additional `STRING` column, `member`, containing the username.
+Since this gives a result with one row for each user, if a role is assigned to two users it will show up twice.
 
 [source, cypher, role=noplay]
 ----

diff --git a/modules/ROOT/pages/access-control/manage-servers.adoc b/modules/ROOT/pages/access-control/manage-servers.adoc
@@ -181,80 +181,95 @@ a| `GRANT SHOW SERVERS`
 
 The table of results shows information about the servers:
 
-[options="header", width="100%", cols="2a,4,1,1"]
+[options="header", width="100%", cols="2a,4,2m,1,1"]
 |===
 | Column
 | Description
+| Type
 | Default output
 | Full output
 
 | name
 | Name of the server.
+| STRING
 | {check-mark}
 | {check-mark}
 
 | serverId
 | Id of the server.
+| STRING
 |
 | {check-mark}
 
 | address
 | Bolt address of the server (if enabled).
+| STRING
 | {check-mark}
 | {check-mark}
 
 | httpAddress
 | Http address of the server (if enabled).
+| STRING
 |
 | {check-mark}
 
 | httpsAddress
 | Https address of the server (if enabled).
+| STRING
 |
 | {check-mark}
 
 | state
 | Information of the state of the server: `free`, `enabled`, `deallocating`, or `dropped`.
+| STRING
 | {check-mark}
 | {check-mark}
 
 | health
 | The availability of the server: `available` or `unavailable`.
+| STRING
 | {check-mark}
 | {check-mark}
 
 | hosting
 | A list of databases currently hosted on the server.
+| LIST OF STRING
 | {check-mark}
 | {check-mark}
 
 | requestedHosting
 | A list of databases that should be hosted on the server, decided by the allocator.
+| LIST OF STRING
 |
 | {check-mark}
 
 | tags
 | Tags are user provided strings that can be used while allocating databases.
+| LIST OF STRING
 |
 | {check-mark}
 
 | allowedDatabases
 | A list of databases allowed to be hosted on the server.
+| LIST OF STRING
 |
 | {check-mark}
 
 | deniedDatabases
 | A list of databases not allowed to be hosted on the server.
+| LIST OF STRING
 |
 | {check-mark}
 
 | modeConstraint
 | Constraint for the allocator to allocate only databases in this mode on the server.
+| STRING
 |
 | {check-mark}
 
 | version
 | Neo4j version the server is running.
+| STRING
 |
 | {check-mark}
 |===

diff --git a/modules/ROOT/pages/access-control/manage-users.adoc b/modules/ROOT/pages/access-control/manage-users.adoc
@@ -344,36 +344,48 @@ The `SHOW USER[S] PRIVILEGES` command is only available in Neo4j Enterprise Edit
 
 The currently logged-in user can be seen using `SHOW CURRENT USER`, which will produce a table with the following columns:
 
-[options="header", width="100%", cols="2a,4,^.^,^.^"]
+[options="header", width="100%", cols="2a,4,2m,^.^,^.^"]
 |===
 | Column
 | Description
+| Type
 | Community Edition
 | Enterprise Edition
 
 | user
 | User name
+| STRING
 | {check-mark}
 | {check-mark}
 
 | roles
 | Roles granted to the user.
+
+Will return `null` in community edition.
+| LIST OF STRING
 | {cross-mark}
 | {check-mark}
 
 | passwordChangeRequired
 | If `true`, the user must change their password at the next login.
+| BOOLEAN
 | {check-mark}
 | {check-mark}
 
 | suspended
 | If `true`, the user is currently suspended (cannot log in).
+
+Will return `null` in community edition.
+| BOOLEAN
 | {cross-mark}
 | {check-mark}
 
 | home
 | The home database configured by the user, or `null` if no home database has been configured.
 If this database is unavailable and the user does not specify a database to use, they will not be able to log in.
+
+Will return `null` in community edition.
+| STRING
 | {cross-mark}
 | {check-mark}
 |===
@@ -412,37 +424,49 @@ This command is only supported for a logged-in user and will return an empty res
 
 Available users can be seen using `SHOW USERS`, which will produce a table of users with the following columns:
 
-[options="header", width="100%", cols="2a,4,^.^,^.^"]
+[options="header", width="100%", cols="2a,4,2m,^.^,^.^"]
 |===
 | Column
 | Description
+| Type
 | Community Edition
 | Enterprise Edition
 
 | user
 | User name
+| STRING
 | {check-mark}
 | {check-mark}
 
 | roles
 | Roles granted to the user.
+
+Will return `null` in community edition.
+| LIST OF STRING
 | {cross-mark}
 | {check-mark}
 
 | passwordChangeRequired
 | If `true`, the user must change their password at the next login.
+| BOOLEAN
 | {check-mark}
 | {check-mark}
 
 | suspended
 | If `true`, the user is currently suspended (cannot log in).
+
+Will return `null` in community edition.
+| BOOLEAN
 | {cross-mark}
 | {check-mark}
 
 | home
 | The home database configured by the user, or `null` if no home database has been configured.
 A home database will be resolved if it is either pointing to a database or a database alias.
 If this database is unavailable and the user does not specify a database to use, they will not be able to log in.
+
+Will return `null` in community edition.
+| STRING
 | {cross-mark}
 | {check-mark}
 |===

diff --git a/modules/ROOT/pages/aliases.adoc b/modules/ROOT/pages/aliases.adoc
@@ -273,32 +273,39 @@ The required privileges are described xref::access-control/dbms-administration.a
 
 `SHOW ALIASES FOR DATABASE` will produce a table of database aliases with the following columns:
 
-[options="header" cols="2m,4a"]
+[options="header" cols="2m,4a,2m"]
 |===
-| Column | Description
+| Column | Description | Type
 
 | name
 | The fully qualified name of the database alias. label:default-output[]
+| STRING
 
 | database
 | The name of the target database. label:default-output[]
+| STRING
 
 | location
 | The location of the database, either `local` or `remote`. label:default-output[]
+| STRING
 
 | url
 | Target location or `null` if the target is local. label:default-output[]
+| STRING
 
 | user
 | User connecting to the remote database or `null` if the target database is local. label:default-output[]
+| STRING
 
 | driver
 |
 The driver options for connection to the remote database or `null` if the target database is local or if no driver settings are added.
 List of xref::aliases.adoc#remote-alias-driver-settings[driver settings] allowed for remote database aliases.
+| MAP
 
 | properties
 | Any properties set on the database alias.
+| MAP
 
 |===