diff --git a/modules/ROOT/pages/access-control/manage-privileges.adoc b/modules/ROOT/pages/access-control/manage-privileges.adoc index dd0fab545..1b867d74d 100644 --- a/modules/ROOT/pages/access-control/manage-privileges.adoc +++ b/modules/ROOT/pages/access-control/manage-privileges.adoc @@ -275,17 +275,53 @@ Other users' privileges cannot be listed when using a non-native auth provider. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. For an easy overview of the existing privileges, it is recommended to use the `AS COMMANDS` version of the `SHOW` command. -This returns the privileges as the commands that are granted or denied. +This returns the column `command` of type `STRING` containing the privileges as the commands that are granted or denied. When omitting the `AS COMMANDS` clause, results will include multiple columns describing privileges: -* `access`: whether the privilege is granted or denied. -* `action`: which type of privilege this is, for example traverse, read, index management or role management. -* `resource`: what type of scope this privilege applies to, i.e. the entire DBMS, a specific database, a graph or sub-graph access. -* `graph`: the specific database or graph this privilege applies to. -* `segment`: when applicable, this privilege applies to labels, relationship types, procedures, functions or transactions. -* `role`: the role a privilege is granted to. -* `immutable`: whether or not the privilege is immutable. +[options="header", width="100%", cols="4m,6a,2m"] +|=== +| Column | Description | Type + +| access +| Whether the privilege is granted or denied. +| STRING + +| action +| The type of the privilege. +E.g., traverse, read, index management, or role management. +| STRING + +| resource +| The scope of the privilege. +E.g., the entire DBMS, a specific database, a graph, or sub-graph access. +| STRING + +| graph +| The specific database or graph the privilege applies to. +| STRING + +| segment +| The labels, relationship types, procedures, functions, transactions or settings the privilege applies to (if applicable). +| STRING + +| role +| The role the privilege is granted to. +| STRING + +| immutable +| Whether or not the privilege is immutable. + +This column is also available for the `AS COMMAND` variant using `YIELD`. +| BOOLEAN + +| user +| The user the privilege belongs to. + +Note that this is only returned for `SHOW USER [username] PRIVILEGES`. +| STRING + +|=== [[access-control-list-all-privileges]] === Examples for listing all privileges diff --git a/modules/ROOT/pages/access-control/manage-roles.adoc b/modules/ROOT/pages/access-control/manage-roles.adoc index b4cf2510e..e12aa550a 100644 --- a/modules/ROOT/pages/access-control/manage-roles.adoc +++ b/modules/ROOT/pages/access-control/manage-roles.adoc @@ -344,7 +344,9 @@ GRANT REMOVE ROLE [[access-control-list-roles]] == Listing roles -Available roles can be seen using `SHOW ROLES`: + +Available roles can be seen using `SHOW ROLES`. +This returns a single column `role` of type `STRING`, containing the role name. [source, cypher, role=noplay] ---- @@ -353,16 +355,6 @@ SHOW ROLES This is the same command as `SHOW ALL ROLES`. -When first starting a Neo4j DBMS, there are a number of built-in roles: - -* `PUBLIC` - a role that all users have granted. -By default it gives access to the home database and to execute privileges for procedures and functions. -* `reader` - can perform traverse and read operations in all databases except `system`. -* `editor` - can perform traverse, read, and write operations in all databases except `system`, but cannot create new labels or relationship types. -* `publisher` - can do the same as `editor`, but also create new labels and relationship types. -* `architect` - can do the same as `publisher` as well as create and manage indexes and constraints. -* `admin` - can do the same as all the above, as well as manage databases, aliases, users, roles, and privileges. - .Result [options="header,footer", width="100%", cols="m"] |=== @@ -378,12 +370,23 @@ By default it gives access to the home database and to execute privileges for pr 1+a|Rows: 6 |=== +When first starting a Neo4j DBMS, there are a number of built-in roles: + +* `PUBLIC` - a role that all users have granted. +By default it gives access to the home database and to execute privileges for procedures and functions. +* `reader` - can perform traverse and read operations in all databases except `system`. +* `editor` - can perform traverse, read, and write operations in all databases except `system`, but cannot create new labels or relationship types. +* `publisher` - can do the same as `editor`, but also create new labels and relationship types. +* `architect` - can do the same as `publisher` as well as create and manage indexes and constraints. +* `admin` - can do the same as all the above, as well as manage databases, aliases, users, roles, and privileges. + More information about the built-in roles can be found in link:{neo4j-docs-base-uri}/operations-manual/{page-version}/authentication-authorization/built-in-roles[Operations Manual -> Built-in roles] There are multiple versions of this command, the default being `SHOW ALL ROLES`. To only show roles that are assigned to users, the command is `SHOW POPULATED ROLES`. -To see which users are assigned to roles, `WITH USERS` can be added to the command. -This will give a result with one row for each user, so if a role is assigned to two users, then it will show up twice. +To see which users are assigned to which roles, `WITH USERS` can be added to the command. +This will return an additional `STRING` column, `member`, containing the username. +Since this gives a result with one row for each user, if a role is assigned to two users it will show up twice. [source, cypher, role=noplay] ---- diff --git a/modules/ROOT/pages/access-control/manage-servers.adoc b/modules/ROOT/pages/access-control/manage-servers.adoc index a456eab98..eda562dd9 100644 --- a/modules/ROOT/pages/access-control/manage-servers.adoc +++ b/modules/ROOT/pages/access-control/manage-servers.adoc @@ -181,80 +181,95 @@ a| `GRANT SHOW SERVERS` The table of results shows information about the servers: -[options="header", width="100%", cols="2a,4,1,1"] +[options="header", width="100%", cols="2a,4,2m,1,1"] |=== | Column | Description +| Type | Default output | Full output | name | Name of the server. +| STRING | {check-mark} | {check-mark} | serverId | Id of the server. +| STRING | | {check-mark} | address | Bolt address of the server (if enabled). +| STRING | {check-mark} | {check-mark} | httpAddress | Http address of the server (if enabled). +| STRING | | {check-mark} | httpsAddress | Https address of the server (if enabled). +| STRING | | {check-mark} | state | Information of the state of the server: `free`, `enabled`, `deallocating`, or `dropped`. +| STRING | {check-mark} | {check-mark} | health | The availability of the server: `available` or `unavailable`. +| STRING | {check-mark} | {check-mark} | hosting | A list of databases currently hosted on the server. +| LIST OF STRING | {check-mark} | {check-mark} | requestedHosting | A list of databases that should be hosted on the server, decided by the allocator. +| LIST OF STRING | | {check-mark} | tags | Tags are user provided strings that can be used while allocating databases. +| LIST OF STRING | | {check-mark} | allowedDatabases | A list of databases allowed to be hosted on the server. +| LIST OF STRING | | {check-mark} | deniedDatabases | A list of databases not allowed to be hosted on the server. +| LIST OF STRING | | {check-mark} | modeConstraint | Constraint for the allocator to allocate only databases in this mode on the server. +| STRING | | {check-mark} | version | Neo4j version the server is running. +| STRING | | {check-mark} |=== diff --git a/modules/ROOT/pages/access-control/manage-users.adoc b/modules/ROOT/pages/access-control/manage-users.adoc index 17f6d764b..c7042a895 100644 --- a/modules/ROOT/pages/access-control/manage-users.adoc +++ b/modules/ROOT/pages/access-control/manage-users.adoc @@ -344,36 +344,48 @@ The `SHOW USER[S] PRIVILEGES` command is only available in Neo4j Enterprise Edit The currently logged-in user can be seen using `SHOW CURRENT USER`, which will produce a table with the following columns: -[options="header", width="100%", cols="2a,4,^.^,^.^"] +[options="header", width="100%", cols="2a,4,2m,^.^,^.^"] |=== | Column | Description +| Type | Community Edition | Enterprise Edition | user | User name +| STRING | {check-mark} | {check-mark} | roles | Roles granted to the user. + +Will return `null` in community edition. +| LIST OF STRING | {cross-mark} | {check-mark} | passwordChangeRequired | If `true`, the user must change their password at the next login. +| BOOLEAN | {check-mark} | {check-mark} | suspended | If `true`, the user is currently suspended (cannot log in). + +Will return `null` in community edition. +| BOOLEAN | {cross-mark} | {check-mark} | home | The home database configured by the user, or `null` if no home database has been configured. If this database is unavailable and the user does not specify a database to use, they will not be able to log in. + +Will return `null` in community edition. +| STRING | {cross-mark} | {check-mark} |=== @@ -412,30 +424,39 @@ This command is only supported for a logged-in user and will return an empty res Available users can be seen using `SHOW USERS`, which will produce a table of users with the following columns: -[options="header", width="100%", cols="2a,4,^.^,^.^"] +[options="header", width="100%", cols="2a,4,2m,^.^,^.^"] |=== | Column | Description +| Type | Community Edition | Enterprise Edition | user | User name +| STRING | {check-mark} | {check-mark} | roles | Roles granted to the user. + +Will return `null` in community edition. +| LIST OF STRING | {cross-mark} | {check-mark} | passwordChangeRequired | If `true`, the user must change their password at the next login. +| BOOLEAN | {check-mark} | {check-mark} | suspended | If `true`, the user is currently suspended (cannot log in). + +Will return `null` in community edition. +| BOOLEAN | {cross-mark} | {check-mark} @@ -443,6 +464,9 @@ Available users can be seen using `SHOW USERS`, which will produce a table of us | The home database configured by the user, or `null` if no home database has been configured. A home database will be resolved if it is either pointing to a database or a database alias. If this database is unavailable and the user does not specify a database to use, they will not be able to log in. + +Will return `null` in community edition. +| STRING | {cross-mark} | {check-mark} |=== diff --git a/modules/ROOT/pages/aliases.adoc b/modules/ROOT/pages/aliases.adoc index 4fb274f3a..b237aa507 100644 --- a/modules/ROOT/pages/aliases.adoc +++ b/modules/ROOT/pages/aliases.adoc @@ -273,32 +273,39 @@ The required privileges are described xref::access-control/dbms-administration.a `SHOW ALIASES FOR DATABASE` will produce a table of database aliases with the following columns: -[options="header" cols="2m,4a"] +[options="header" cols="2m,4a,2m"] |=== -| Column | Description +| Column | Description | Type | name | The fully qualified name of the database alias. label:default-output[] +| STRING | database | The name of the target database. label:default-output[] +| STRING | location | The location of the database, either `local` or `remote`. label:default-output[] +| STRING | url | Target location or `null` if the target is local. label:default-output[] +| STRING | user | User connecting to the remote database or `null` if the target database is local. label:default-output[] +| STRING | driver | The driver options for connection to the remote database or `null` if the target database is local or if no driver settings are added. List of xref::aliases.adoc#remote-alias-driver-settings[driver settings] allowed for remote database aliases. +| MAP | properties | Any properties set on the database alias. +| MAP |=== diff --git a/modules/ROOT/pages/clauses/listing-functions.adoc b/modules/ROOT/pages/clauses/listing-functions.adoc index cf8b91d26..e0c4d5ea6 100644 --- a/modules/ROOT/pages/clauses/listing-functions.adoc +++ b/modules/ROOT/pages/clauses/listing-functions.adoc @@ -21,43 +21,53 @@ The `SHOW FUNCTIONS` command will produce a table with the following columns: .List functions output -[options="header", cols="4,6"] +[options="header", cols="4,6,2"] |=== -| Column | Description +| Column | Description | Type m| name a| The name of the function. label:default-output[] +m| STRING m| category a| The function category, for example `scalar` or `string`. label:default-output[] +m| STRING m| description a| The function description. label:default-output[] +m| STRING m| signature a| The signature of the function. +m| STRING m| isBuiltIn a| Whether the function is built-in or user-defined. +m| BOOLEAN m| argumentDescription a| List of the arguments for the function, as map of strings with name, type, default, and description. +m| LIST OF MAP m| returnDescription a| The return value type. +m| STRING m| aggregating a| Whether the function is aggregating or not. +m| BOOLEAN m| rolesExecution a| List of roles permitted to execute this function. Is `null` without the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +m| LIST OF STRING m| rolesBoostedExecution a| List of roles permitted to use boosted mode when executing this function. Is `null` without the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +m| LIST OF STRING |=== diff --git a/modules/ROOT/pages/clauses/listing-procedures.adoc b/modules/ROOT/pages/clauses/listing-procedures.adoc index 9f31ba932..f11b03808 100644 --- a/modules/ROOT/pages/clauses/listing-procedures.adoc +++ b/modules/ROOT/pages/clauses/listing-procedures.adoc @@ -19,46 +19,57 @@ Full output: `SHOW PROCEDURES YIELD *`. This command will produce a table with the following columns: .List procedures output -[options="header", cols="4,6"] +[options="header", cols="4,6,2"] |=== -| Column | Description +| Column | Description | Type m| name a| The name of the procedure. label:default-output[] +m| STRING m| description a| The procedure description. label:default-output[] +m| STRING m| mode a| The procedure mode, for example `READ` or `WRITE`. label:default-output[] +m| STRING m| worksOnSystem a| Whether the procedure can be run on the `system` database or not. label:default-output[] +m| BOOLEAN m| signature a| The signature of the procedure. +m| STRING m| argumentDescription a| List of the arguments for the procedure, as map of strings with name, type, default, and description. +m| LIST OF MAP m| returnDescription a| List of the returned values for the procedure, as map of strings with name, type, and description. +m| LIST OF MAP m| admin a| `true` if this procedure is an admin procedure. +m| BOOLEAN m| rolesExecution a| List of roles permitted to execute this procedure. Is `null` without the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +m| LIST OF STRING m| rolesBoostedExecution a| List of roles permitted to use boosted mode when executing this procedure. Is `null` without the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +m| LIST OF STRING m| option a| Map of extra output, e.g. if the procedure is deprecated. +m| MAP |=== diff --git a/modules/ROOT/pages/clauses/transaction-clauses.adoc b/modules/ROOT/pages/clauses/transaction-clauses.adoc index d7ad742e4..5053bb3a7 100644 --- a/modules/ROOT/pages/clauses/transaction-clauses.adoc +++ b/modules/ROOT/pages/clauses/transaction-clauses.adoc @@ -127,12 +127,12 @@ m| MAP m| activeLockCount a| Count of active locks held by the transaction. -m| LONG +m| INTEGER // New in 5.0 m| currentQueryActiveLockCount a| Count of active locks held by the query currently executing in this transaction. -m| LONG +m| INTEGER m| cpuTime a| CPU time that has been actively spent executing the transaction or `null` if unavailable. @@ -164,38 +164,38 @@ m| DURATION // New in 5.0 m| currentQueryIdleTime a| Idle time for the query currently executing in this transaction, or `null` if unavailable or no query is currently executing. -m| LONG +m| DURATION // New in 5.0 m| currentQueryAllocatedBytes a| The number of bytes allocated on the heap so far by the query currently executing in this transaction, or `null` if unavailable or no query is currently executing. -m| LONG +m| INTEGER m| allocatedDirectBytes a| Amount of off-heap (native) memory allocated by the transaction in bytes or `null` if unavailable. -m| LONG +m| INTEGER m| estimatedUsedHeapMemory a| The estimated amount of used heap memory allocated by the transaction in bytes or `null` if unavailable. -m| LONG +m| INTEGER m| pageHits a| The total number of page cache hits that the transaction performed. -m| LONG +m| INTEGER m| pageFaults a| The total number of page cache faults that the transaction performed. -m| LONG +m| INTEGER // New in 5.0 m| currentQueryPageHits a| The total number of page cache hits that the query currently executing in this transaction performed. -m| LONG +m| INTEGER // New in 5.0 m| currentQueryPageFaults a| The total number of page cache faults that the query currently executing in this transaction performed. -m| LONG +m| INTEGER m| initializationStackTrace a| The initialization stacktrace for this transaction, or an empty string if unavailable. diff --git a/modules/ROOT/pages/constraints/syntax.adoc b/modules/ROOT/pages/constraints/syntax.adoc index dee270c2a..79c2e9496 100644 --- a/modules/ROOT/pages/constraints/syntax.adoc +++ b/modules/ROOT/pages/constraints/syntax.adoc @@ -331,38 +331,47 @@ This is the default if none is given. The returned columns from the show command is: .Listing constraints output -[options="header", width="100%", cols="4m,6a"] +[options="header", width="100%", cols="4m,6a,2m"] |=== -| Column | Description +| Column | Description | Type | id | The id of the constraint. label:default-output[] +| INTEGER | name | Name of the constraint (explicitly set by the user or automatically assigned). label:default-output[] +| STRING | type | The ConstraintType of this constraint (`UNIQUENESS`, `NODE_PROPERTY_EXISTENCE`, `RELATIONSHIP_PROPERTY_EXISTENCE`, or `NODE_KEY`). label:default-output[] // TODO: Switch the row above to the one below when adding back relationship key and uniqueness constraints //| The ConstraintType of this constraint (`UNIQUENESS` (node uniqueness), `RELATIONSHIP_UNIQUENESS`, `NODE_PROPERTY_EXISTENCE`, `RELATIONSHIP_PROPERTY_EXISTENCE`, `NODE_KEY`, or `RELATIONSHIP_KEY`). label:default-output[] +| STRING | entityType | Type of entities this constraint represents (nodes or relationship). label:default-output[] +| STRING | labelsOrTypes | The labels or relationship types of this constraint. label:default-output[] +| LIST OF STRING | properties | The properties of this constraint. label:default-output[] +| LIST OF STRING | ownedIndex | The name of the index associated with the constraint or `null`, in case no index is associated with it. label:default-output[] +| STRING | options | The options passed to `CREATE` command, for the index associated to the constraint, or `null` if no index is associated with the constraint. +| MAP | createStatement | Statement used to create the constraint. +| STRING |=== diff --git a/modules/ROOT/pages/databases.adoc b/modules/ROOT/pages/databases.adoc index a15ef5857..ef0a07a32 100644 --- a/modules/ROOT/pages/databases.adoc +++ b/modules/ROOT/pages/databases.adoc @@ -131,18 +131,21 @@ There are four different commands for listing databases: These commands return the following columns: .Listing databases output -[options="header", width="100%", cols="4m,6a"] +[options="header", width="100%", cols="4m,6a,2m"] |=== -| Column | Description +| Column | Description | Type | name | The name of the database. label:default-output[] +| STRING | type | The type of the database: `system`, `standard`, or `composite`. label:default-output[] +| STRING | aliases | The names of any aliases the database may have. label:default-output[] +| LIST OF STRING | access | The database access mode, either `read-write` or `read-only`. label:default-output[] @@ -151,32 +154,41 @@ These commands return the following columns: ==== A database may be described as read-only when using `ALTER DATABASE ... SET ACCESS READ ONLY`. ==== +| STRING | databaseID | The database unique ID. +| STRING | serverID | The server instance ID. +| STRING | address | Instance address in a clustered DBMS. The default for a standalone database is `neo4j://localhost:7687`. label:default-output[] +| STRING | role | The current role of the database (`primary`, `secondary`, `unknown`). label:default-output[] +| STRING | writer |`true` for the database node that accepts writes (this node is the leader for this database in a cluster or this is a standalone instance). label:default-output[] +| BOOLEAN | requestedStatus | The expected status of the database. label:default-output[] +| STRING | currentStatus | The actual status of the database. label:default-output[] +| STRING -| error -| An error message explaining why the database is not in the correct state. label:default-output[] +| statusMessage +| A message explaining the status of the database, often explaining why it is not in the correct state. label:default-output[] +| STRING | default | @@ -186,6 +198,7 @@ Show if this is the default database for the DBMS. label:default-output[] ==== Not returned by `SHOW HOME DATABASE` or `SHOW DEFAULT DATABASE`. ==== +| BOOLEAN | home | @@ -195,31 +208,39 @@ Shown if this is the home database for the current user. label:default-output[] ==== Not returned by `SHOW HOME DATABASE` or `SHOW DEFAULT DATABASE`. ==== +| BOOLEAN | `currentPrimariesCount` | Number of primaries for this database reported as running currently. It is the same as the number of rows where `role=primary` and `name=this database`. +| INTEGER | `currentSecondariesCount` | Number of secondaries for this database reported as running currently. It is the same as the number of rows where `role=secondary` and `name=this database`. +| INTEGER | `requestedPrimariesCount` | The requested number of primaries for this database. May be lower than current if the DBMS is currently reducing the number of copies of the database, or higher if it is currently increasing the number of copies. +| INTEGER | `requestedSecondariesCount` | The requested number of secondaries for this database. May be lower than current if the DBMS is currently reducing the number of copies of the database, or higher if it is currently increasing the number of copies. +| INTEGER | creationTime | The date and time at which the database was created. +| DATETIME | lastStartTime | The date and time at which the database was last started. +| DATETIME | lastStopTime | The date and time at which the database was last stopped. +| DATETIME | store a| @@ -231,17 +252,21 @@ The value is a string formatted as: ---- {storage engine}-{store format}-{major version}.{minor version} ---- +| STRING | lastCommittedTxn | The ID of the last transaction received. +| INTEGER | replicationLag | Number of transactions the current database is behind compared to the database on the primary instance. The lag is expressed in negative integers. In standalone environments, the value is always `0`. +| INTEGER |constituents |The names of any constituents the database may have. label:default-output[] +| LIST OF STRING |=== diff --git a/modules/ROOT/pages/indexes-for-search-performance.adoc b/modules/ROOT/pages/indexes-for-search-performance.adoc index 1d8e18fa5..9a4ec10d7 100644 --- a/modules/ROOT/pages/indexes-for-search-performance.adoc +++ b/modules/ROOT/pages/indexes-for-search-performance.adoc @@ -1291,49 +1291,62 @@ There already exists a constraint called 'bookRecommendations'. Listing indexes can be done with `SHOW INDEXES`, which will produce a table with the following columns: .List indexes output -[options="header", cols="4,6"] +[options="header", cols="4,6,2"] |=== -| Column | Description +| Column | Description | Type | `id` | The id of the index. label:default-output[] +| `INTEGER` | `name` | Name of the index (explicitly set by the user or automatically assigned). label:default-output[] +| `STRING` | `state` | Current state of the index. label:default-output[] +| `STRING` | `populationPercent` | % of index population. label:default-output[] +| `FLOAT` | `type` | The IndexType of this index (`FULLTEXT`, `LOOKUP`, `POINT`, `RANGE`, or `TEXT`). label:default-output[] - -// New in 5.0 -| `owningConstraint` -| The name of the constraint the index is associated with or `null`, in case it is not associated with any constraint. label:default-output[] +| `STRING` | `entityType` | Type of entities this index represents (nodes or relationship). label:default-output[] +| `STRING` | `labelsOrTypes` | The labels or relationship types of this index. label:default-output[] +| `LIST OF STRING` | `properties` | The properties of this index. label:default-output[] +| `LIST OF STRING` | `indexProvider` | The index provider for this index. label:default-output[] +| `STRING` + +// New in 5.0 +| `owningConstraint` +| The name of the constraint the index is associated with or `null` if the index is not associated with any constraint. label:default-output[] +| `STRING` | `options` | The options passed to `CREATE` command. +| `MAP` | `failureMessage` | The failure description of a failed index. +| `STRING` | `createStatement` | Statement used to create the index. +| `STRING` |===