From b711f56fdfc54a816acf3452768267a546f603a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jens=20Pryce-=C3=85klundh?= <112686610+JPryce-Aklundh@users.noreply.github.com> Date: Tue, 4 Apr 2023 13:52:05 +0200 Subject: [PATCH 1/2] fix conflict --- modules/ROOT/content-nav.adoc | 32 +-- .../access-control/built-in-roles.adoc | 28 +-- .../database-administration.adoc | 8 +- .../access-control/dbms-administration.adoc | 56 ++--- .../administration/access-control/index.adoc | 37 +++ .../access-control/limitations.adoc | 4 +- .../access-control/manage-privileges.adoc | 24 +- .../access-control/manage-roles.adoc | 42 ++-- .../access-control/manage-users.adoc | 42 ++-- .../access-control/privileges-immutable.adoc | 6 +- .../access-control/privileges-reads.adoc | 8 +- .../access-control/privileges-writes.adoc | 34 +-- .../pages/{ => administration}/aliases.adoc | 24 +- .../pages/{ => administration}/databases.adoc | 4 +- .../index.adoc | 31 +-- .../servers.adoc} | 19 +- modules/ROOT/pages/clauses/index.adoc | 6 +- .../ROOT/pages/clauses/listing-functions.adoc | 10 +- .../pages/clauses/listing-procedures.adoc | 12 +- .../ROOT/pages/clauses/listing-settings.adoc | 2 +- .../pages/clauses/transaction-clauses.adoc | 8 +- modules/ROOT/pages/constraints/syntax.adoc | 8 +- ...ions-additions-removals-compatibility.adoc | 20 +- modules/ROOT/pages/functions/scalar.adoc | 2 +- .../pages/indexes-for-full-text-search.adoc | 2 +- .../pages/indexes-for-search-performance.adoc | 8 +- .../ROOT/pages/introduction/cypher_neo4j.adoc | 8 +- .../introduction/neo4j-databases-graphs.adoc | 8 +- modules/ROOT/pages/keyword-glossary.adoc | 232 +++++++++--------- 29 files changed, 375 insertions(+), 350 deletions(-) rename modules/ROOT/pages/{ => administration}/access-control/built-in-roles.adoc (85%) rename modules/ROOT/pages/{ => administration}/access-control/database-administration.adoc (97%) rename modules/ROOT/pages/{ => administration}/access-control/dbms-administration.adoc (94%) create mode 100644 modules/ROOT/pages/administration/access-control/index.adoc rename modules/ROOT/pages/{ => administration}/access-control/limitations.adoc (97%) rename modules/ROOT/pages/{ => administration}/access-control/manage-privileges.adoc (94%) rename modules/ROOT/pages/{ => administration}/access-control/manage-roles.adoc (81%) rename modules/ROOT/pages/{ => administration}/access-control/manage-users.adoc (87%) rename modules/ROOT/pages/{ => administration}/access-control/privileges-immutable.adoc (69%) rename modules/ROOT/pages/{ => administration}/access-control/privileges-reads.adoc (90%) rename modules/ROOT/pages/{ => administration}/access-control/privileges-writes.adoc (80%) rename modules/ROOT/pages/{ => administration}/aliases.adoc (95%) rename modules/ROOT/pages/{ => administration}/databases.adoc (99%) rename modules/ROOT/pages/{access-control => administration}/index.adoc (60%) rename modules/ROOT/pages/{access-control/manage-servers.adoc => administration/servers.adoc} (90%) diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index ca192bcfe..5aa713e0a 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -71,22 +71,6 @@ ** xref:constraints/syntax.adoc[] ** xref:constraints/examples.adoc[] -* xref:databases.adoc[] -* xref:aliases.adoc[] - -* xref:access-control/index.adoc[] -** xref:access-control/manage-users.adoc[] -** xref:access-control/manage-roles.adoc[] -** xref:access-control/manage-privileges.adoc[] -** xref:access-control/manage-servers.adoc[] -** xref:access-control/built-in-roles.adoc[] -** xref:access-control/privileges-reads.adoc[] -** xref:access-control/privileges-writes.adoc[] -** xref:access-control/database-administration.adoc[] -** xref:access-control/dbms-administration.adoc[] -** xref:access-control/limitations.adoc[] -** xref:access-control/privileges-immutable.adoc[] - * xref:query-tuning/index.adoc[] ** xref:query-tuning/query-options.adoc[] ** xref:query-tuning/query-profile.adoc[] @@ -101,6 +85,22 @@ ** xref:execution-plans/operators.adoc[] ** xref:execution-plans/shortestpath-planning.adoc[] +* xref:administration/index.adoc[] +** xref:administration/databases.adoc[] +** xref:administration/aliases.adoc[] +** xref:administration/servers.adoc[] +** xref:administration/access-control/index.adoc[] +*** xref:administration/access-control/manage-users.adoc[] +*** xref:administration/access-control/manage-roles.adoc[] +*** xref:administration/access-control/manage-privileges.adoc[] +*** xref:administration/access-control/built-in-roles.adoc[] +*** xref:administration/access-control/privileges-reads.adoc[] +*** xref:administration/access-control/privileges-writes.adoc[] +*** xref:administration/access-control/database-administration.adoc[] +*** xref:administration/access-control/dbms-administration.adoc[] +*** xref:administration/access-control/limitations.adoc[] +*** xref:administration/access-control/privileges-immutable.adoc[] + * xref:deprecations-additions-removals-compatibility.adoc[] * xref:keyword-glossary.adoc[] diff --git a/modules/ROOT/pages/access-control/built-in-roles.adoc b/modules/ROOT/pages/administration/access-control/built-in-roles.adoc similarity index 85% rename from modules/ROOT/pages/access-control/built-in-roles.adoc rename to modules/ROOT/pages/administration/access-control/built-in-roles.adoc index 9f009b9f3..cd29e7da2 100644 --- a/modules/ROOT/pages/access-control/built-in-roles.adoc +++ b/modules/ROOT/pages/administration/access-control/built-in-roles.adoc @@ -11,12 +11,12 @@ This section explains the default privileges of the built-in roles in Neo4j and All of the commands described in this chapter require that the user executing the commands has the rights to do so. The privileges listed in the following sections are the default set of privileges for each built-in role: -* xref::access-control/built-in-roles.adoc#access-control-built-in-roles-public[The `PUBLIC` role] -* xref::access-control/built-in-roles.adoc#access-control-built-in-roles-reader[The `reader` role] -* xref::access-control/built-in-roles.adoc#access-control-built-in-roles-editor[The `editor` role] -* xref::access-control/built-in-roles.adoc#access-control-built-in-roles-publisher[The `publisher` role] -* xref::access-control/built-in-roles.adoc#access-control-built-in-roles-architect[The `architect` role] -* xref::access-control/built-in-roles.adoc#access-control-built-in-roles-admin[The `admin` role] +* xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-public[The `PUBLIC` role] +* xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-reader[The `reader` role] +* xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-editor[The `editor` role] +* xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-publisher[The `publisher` role] +* xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-architect[The `architect` role] +* xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-admin[The `admin` role] [[access-control-built-in-roles-public]] == The `PUBLIC` role @@ -222,7 +222,7 @@ The resulting `editor` role now has the same privileges as the original built-in [[access-control-built-in-roles-publisher]] == The `publisher` role -The `publisher` role can do the same as xref::access-control/built-in-roles.adoc#access-control-built-in-roles-editor[`editor`], as well as create new labels, property keys and relationship types. +The `publisher` role can do the same as xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-editor[`editor`], as well as create new labels, property keys and relationship types. [[access-control-built-in-roles-publisher-list]] @@ -303,7 +303,7 @@ The resulting `publisher` role now has the same privileges as the original built [[access-control-built-in-roles-architect]] == The `architect` role -The `architect` role can do the same as the xref::access-control/built-in-roles.adoc#access-control-built-in-roles-publisher[`publisher`], as well as create and manage indexes and constraints. +The `architect` role can do the same as the xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-publisher[`publisher`], as well as create and manage indexes and constraints. [[access-control-built-in-roles-architect-list]] @@ -396,24 +396,24 @@ The resulting `architect` role now has the same privileges as the original built [[access-control-built-in-roles-admin]] == The `admin` role -The `admin` role can do the same as the xref::access-control/built-in-roles.adoc#access-control-built-in-roles-architect[`architect`], as well as manage databases, aliases, users, roles and privileges. +The `admin` role can do the same as the xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-architect[`architect`], as well as manage databases, aliases, users, roles and privileges. The `admin` role has the ability to perform administrative tasks. These include the rights to perform the following classes of tasks: -* Manage xref::access-control/database-administration.adoc[database security] to control the rights to perform actions on specific databases: +* Manage xref::administration/access-control/database-administration.adoc[database security] to control the rights to perform actions on specific databases: ** Manage access to a database and the right to start and stop a database. ** Manage xref::indexes-for-search-performance.adoc[indexes] and xref::constraints/index.adoc[constraints]. ** Allow the creation of labels, relationship types or property names. ** Manage transactions -* Manage xref::access-control/dbms-administration.adoc[DBMS security] to control the rights to perform actions on the entire system: -** Manage xref::databases.adoc[multiple databases]. -** Manage xref::access-control/manage-users.adoc[users] and xref::access-control/manage-roles.adoc[roles]. +* Manage xref::administration/access-control/dbms-administration.adoc[DBMS security] to control the rights to perform actions on the entire system: +** Manage xref::administration/databases.adoc[multiple databases]. +** Manage xref::administration/access-control/manage-users.adoc[users] and xref::administration/access-control/manage-roles.adoc[roles]. ** Change configuration parameters. ** Manage sub-graph privileges. ** Manage procedure security. -These rights are conferred using privileges that can be managed through the xref::access-control/manage-privileges.adoc#access-control-graph-privileges[`GRANT`, `DENY` and `REVOKE` commands]. +These rights are conferred using privileges that can be managed through the xref::administration/access-control/manage-privileges.adoc#access-control-graph-privileges[`GRANT`, `DENY` and `REVOKE` commands]. [[access-control-built-in-roles-admin-list]] diff --git a/modules/ROOT/pages/access-control/database-administration.adoc b/modules/ROOT/pages/administration/access-control/database-administration.adoc similarity index 97% rename from modules/ROOT/pages/access-control/database-administration.adoc rename to modules/ROOT/pages/administration/access-control/database-administration.adoc index a1a21df88..874047c73 100644 --- a/modules/ROOT/pages/access-control/database-administration.adoc +++ b/modules/ROOT/pages/administration/access-control/database-administration.adoc @@ -31,7 +31,7 @@ The components of the database privilege commands are: * _mutability_: ** `IMMUTABLE` - When used in conjunction with `GRANT` or `DENY`, specifies that a privilege cannot subsequently be removed unless auth is disabled. Contrastingly, when `IMMUTABLE` is specified in conjunction with a `REVOKE` command, it will act as a filter and only remove matching _immutable_ privileges. -See also xref:access-control/index.adoc#access-control-privileges-immutable[immutable privileges]. +See also xref:administration/access-control/index.adoc#access-control-privileges-immutable[immutable privileges]. * _database-privilege_ ** `ACCESS` - allows access to a specific database or remote database alias. @@ -73,7 +73,7 @@ This can be quite powerful as it allows permissions to be switched from one data [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .General grant +ON DATABASE+ privilege syntax @@ -625,7 +625,7 @@ a|Rows: 6 [NOTE] ==== -Note that `START` and `STOP` privileges are not included in the xref::access-control/database-administration.adoc#access-control-database-administration-all[`ALL DATABASE PRIVILEGES`]. +Note that `START` and `STOP` privileges are not included in the xref::administration/access-control/database-administration.adoc#access-control-database-administration-all[`ALL DATABASE PRIVILEGES`]. ==== @@ -970,7 +970,7 @@ GRANT [IMMUTABLE] TRANSACTION [MANAGEMENT] [( { * \| user[, ...] } )] [NOTE] ==== -Note that the `TRANSACTION MANAGEMENT` privileges are not included in the xref::access-control/database-administration.adoc#access-control-database-administration-all[`ALL DATABASE PRIVILEGES`]. +Note that the `TRANSACTION MANAGEMENT` privileges are not included in the xref::administration/access-control/database-administration.adoc#access-control-database-administration-all[`ALL DATABASE PRIVILEGES`]. ==== For example, to grant the role `regularUsers` the ability to list transactions for user `jake` on the database `neo4j`, use: diff --git a/modules/ROOT/pages/access-control/dbms-administration.adoc b/modules/ROOT/pages/administration/access-control/dbms-administration.adoc similarity index 94% rename from modules/ROOT/pages/access-control/dbms-administration.adoc rename to modules/ROOT/pages/administration/access-control/dbms-administration.adoc index 65f15513d..900c30032 100644 --- a/modules/ROOT/pages/access-control/dbms-administration.adoc +++ b/modules/ROOT/pages/administration/access-control/dbms-administration.adoc @@ -71,13 +71,13 @@ This section explains how to use Cypher to manage Neo4j DBMS administrative priv All DBMS privileges are relevant system-wide. Like user management, they do not belong to one specific database or graph. -For more details on the differences between graphs, databases and the DBMS, refer to xref::introduction/neo4j-databases-graphs.adoc[]. +For more details on the differences between graphs, databases and the DBMS, refer to xref::introduction/cypher_neo4j.adoc[]. image::privileges_grant_and_deny_syntax_dbms_privileges.svg[title="Syntax of GRANT and DENY DBMS Privileges"] image::privileges_hierarchy_dbms.svg[title="DBMS privileges hierarchy"] -The xref::access-control/built-in-roles.adoc#access-control-built-in-roles-admin[`admin` role] has a number of built-in privileges. +The xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-admin[`admin` role] has a number of built-in privileges. These include: * Create, delete, and modify databases and aliases. @@ -91,14 +91,14 @@ To enable a user to perform these tasks, you can grant them the `admin` role, bu All privileges are also assignable using Cypher commands. For more details, see the following sections: -* xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[Role management] -* xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[User management] -* xref::access-control/dbms-administration.adoc#access-control-dbms-administration-impersonation[Impersonation privileges management] -* xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[Database management] -* xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[Alias management] -* xref::access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[Privilege management] -* xref::access-control/database-administration.adoc#access-control-database-administration-transaction[Transaction management] -* xref::access-control/dbms-administration.adoc#access-control-dbms-administration-execute[Procedure and user-defined function security] +* xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[Role management] +* xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[User management] +* xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-impersonation[Impersonation privileges management] +* xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[Database management] +* xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[Alias management] +* xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[Privilege management] +* xref::administration/access-control/database-administration.adoc#access-control-database-administration-transaction[Transaction management] +* xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-execute[Procedure and user-defined function security] [[access-control-dbms-administration-custom]] == Using a custom role to manage DBMS privileges @@ -203,7 +203,7 @@ They can be granted, denied and revoked like other privileges. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Role management privileges command syntax @@ -437,7 +437,7 @@ They can be granted, denied and revoked like other privileges. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .User management privileges command syntax @@ -769,7 +769,7 @@ The ability to impersonate users can be granted via the `IMPERSONATE` privilege. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Impersonation privileges command syntax @@ -842,7 +842,7 @@ They can be granted, denied and revoked like other privileges. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Database management privileges command syntax @@ -1098,11 +1098,11 @@ a|Rows: 1 The DBMS privileges for alias management can be assigned by using Cypher administrative commands and can be applied to both local and remote aliases. They can be granted, denied and revoked like other privileges. -It is also possible to manage aliases with xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[database management commands]. +It is also possible to manage aliases with xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[database management commands]. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Alias management privileges command syntax @@ -1270,7 +1270,7 @@ They can be granted, denied, and revoked like other privileges. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Server management privileges command syntax @@ -1300,7 +1300,7 @@ They can be granted, denied and revoked like other privileges. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Privilege management privileges command syntax @@ -1452,7 +1452,7 @@ They can be granted, denied and revoked like other privileges. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Execute privileges command syntax @@ -1501,7 +1501,7 @@ These cannot be revoked, but will be updated on each restart with the current co === The `EXECUTE PROCEDURE` privilege The ability to execute a procedure can be granted via the `EXECUTE PROCEDURE` privilege. -A role with this privilege is allowed to execute the procedures matched by the xref::access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing]. +A role with this privilege is allowed to execute the procedures matched by the xref::administration/access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing]. The following query shows an example of how to grant this privilege: [source, cypher, role=noplay] @@ -1565,7 +1565,7 @@ Both the `dbms.killTransaction` and the `dbms.killTransactions` procedures are b === The `EXECUTE BOOSTED PROCEDURE` privilege The ability to execute a procedure with elevated privileges can be granted via the `EXECUTE BOOSTED PROCEDURE` privilege. -A user with this privilege is allowed to execute the procedures matched by the xref::access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing] without the execution being restricted to their other privileges. +A user with this privilege is allowed to execute the procedures matched by the xref::administration/access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing] without the execution being restricted to their other privileges. There is no need to grant an individual `EXECUTE PROCEDURE` privilege for the procedures either, as granting the `EXECUTE BOOSTED PROCEDURE` includes an implicit `EXECUTE PROCEDURE` grant for them. A denied `EXECUTE PROCEDURE` still denies executing the procedure. @@ -1764,7 +1764,7 @@ For comparison, when only `EXECUTE BOOSTED PROCEDURE myProc` is granted, the `my === The `EXECUTE ADMIN PROCEDURE` privilege The ability to execute admin procedures (annotated with `@Admin`) can be granted via the `EXECUTE ADMIN PROCEDURES` privilege. -This privilege is equivalent to granting the xref::access-control/dbms-administration.adoc#access-control-execute-boosted-procedure[`EXECUTE BOOSTED PROCEDURE` privilege] on each of the admin procedures. +This privilege is equivalent to granting the xref::administration/access-control/dbms-administration.adoc#access-control-execute-boosted-procedure[`EXECUTE BOOSTED PROCEDURE` privilege] on each of the admin procedures. Any newly added `admin` procedure is automatically included in this privilege. The following query shows an example of how to grant this privilege: @@ -1806,7 +1806,7 @@ In this case, it does not matter whether `EXECUTE PROCEDURE`, `EXECUTE BOOSTED P //EXECUTE [USER [DEFINED]] FUNCTION[S] The ability to execute a user-defined function (UDF) can be granted via the `EXECUTE USER DEFINED FUNCTION` privilege. -A role with this privilege is allowed to execute the UDFs matched by the xref::access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing]. +A role with this privilege is allowed to execute the UDFs matched by the xref::administration/access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing]. [IMPORTANT] ==== @@ -1902,7 +1902,7 @@ The `apoc.any.property` and `apoc.any.properties` are blocked, as well as any ot //EXECUTE BOOSTED [USER [DEFINED]] FUNCTION[S] The ability to execute a user-defined function (UDF) with elevated privileges can be granted via the `EXECUTE BOOSTED USER DEFINED FUNCTION` privilege. -A user with this privilege is allowed to execute the UDFs matched by the xref::access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing] without the execution being restricted to their other privileges. +A user with this privilege is allowed to execute the UDFs matched by the xref::administration/access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing] without the execution being restricted to their other privileges. There is no need to grant an individual `EXECUTE USER DEFINED FUNCTION` privilege for the functions, as granting `EXECUTE BOOSTED USER DEFINED FUNCTION` includes an implicit `EXECUTE USER DEFINED FUNCTION` grant. However, a denied `EXECUTE USER DEFINED FUNCTION` still prevents the function to be executed. @@ -1915,7 +1915,7 @@ The `EXECUTE BOOSTED USER DEFINED FUNCTION` privilege does not apply to built-in Granting `EXECUTE BOOSTED USER DEFINED FUNCTION` on its own allows the UDF to be both executed (because of the implicit `EXECUTE USER DEFINED FUNCTION` grant) and gives it elevated privileges during the execution. A denied `EXECUTE BOOSTED USER DEFINED FUNCTION` on its own behaves slightly differently: it only denies the elevation and not the execution of the UDF. However, a role with only a granted `EXECUTE BOOSTED USER DEFINED FUNCTION` and a denied `EXECUTE BOOSTED USER DEFINED FUNCTION` prevents the execution to be performed as well. -This is the same behavior as for the xref::access-control/dbms-administration.adoc#access-control-execute-boosted-procedure[`EXECUTE BOOSTED PROCEDURE` privilege]. +This is the same behavior as for the xref::administration/access-control/dbms-administration.adoc#access-control-execute-boosted-procedure[`EXECUTE BOOSTED PROCEDURE` privilege]. .Execute boosted user-defined function ====== @@ -1960,12 +1960,12 @@ a|Rows: 2 == The DBMS `SETTING` privileges The ability to show configuration settings can be granted via the `SHOW SETTING` privilege. -A role with this privilege is allowed to query the configuration settings matched by the xref::access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing]. +A role with this privilege is allowed to query the configuration settings matched by the xref::administration/access-control/dbms-administration.adoc#access-control-name-globbing[name-globbing]. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Setting privileges command syntax @@ -2055,7 +2055,7 @@ The right to perform the following privileges can be achieved with a single comm [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== [source, syntax, role=noheader] diff --git a/modules/ROOT/pages/administration/access-control/index.adoc b/modules/ROOT/pages/administration/access-control/index.adoc new file mode 100644 index 000000000..5506d1f1c --- /dev/null +++ b/modules/ROOT/pages/administration/access-control/index.adoc @@ -0,0 +1,37 @@ +:description: Neo4j role-based access control and fine-grained security. + +[[access-control]] += Access control + +== Overview + +Neo4j has a complex security model stored in the system graph, which is maintained on a special database called the `system` database. +All administrative commands need to be executed against the `system` database. +When connected to the DBMS over link:{neo4j-docs-base-uri}/operations-manual/{page-version}/configuration/connectors[Bolt], administrative commands are automatically routed to the `system` database. +For more information on how to manage multiple databases, refer to the section on xref::administration/databases.adoc[administering databases]. + +_Role-based access control_ was introduced in Neo4j 3.1. +Since then, it has been possible to create users and assign them to roles to control whether users can read, write and administer the database. +In Neo4j 4.0 this model was enhanced significantly with the addition of _privileges_, which are the underlying access-control rules by which the users rights are defined. + +The original built-in roles still exist with almost the exact same access rights, but they are no-longer statically defined (see xref::administration/access-control/built-in-roles.adoc[Built-in roles]). +Instead, they are defined in terms of their underlying _privileges_, and they can be modified by adding or removing these access rights. + +In addition, any newly created roles can be assigned to any combination of _privileges_, so that you may set specific access controls for them. +Another new major capability is the _sub-graph_ access control, through which read access to the graph can be limited to specific combinations of labels, relationship types, and properties. + +== Categories of access control + +More details about specific categories of access control can be found in the following sections: + +* xref:administration/access-control/manage-users.adoc[] +* xref:administration/access-control/manage-roles.adoc[] +* xref:administration/access-control/manage-privileges.adoc[] +* xref:administration/access-control/built-in-roles.adoc[] +* xref:administration/access-control/privileges-reads.adoc[] +* xref:administration/access-control/privileges-writes.adoc[] +* xref:administration/access-control/database-administration.adoc[] +* xref:administration/access-control/dbms-administration.adoc[] +* xref:administration/access-control/limitations.adoc[] +* xref:administration/access-control/privileges-immutable.adoc[] + diff --git a/modules/ROOT/pages/access-control/limitations.adoc b/modules/ROOT/pages/administration/access-control/limitations.adoc similarity index 97% rename from modules/ROOT/pages/access-control/limitations.adoc rename to modules/ROOT/pages/administration/access-control/limitations.adoc index 084ca2bd3..25d563b31 100644 --- a/modules/ROOT/pages/access-control/limitations.adoc +++ b/modules/ROOT/pages/administration/access-control/limitations.adoc @@ -26,7 +26,7 @@ As described in xref::indexes-for-search-performance.adoc[Indexes for search per Note that the Neo4j security model impacts the results of queries, regardless if the indexes are used or not. When using non full-text Neo4j indexes, a Cypher query will always return the same results it would have if no index existed. -This means that, if the security model causes fewer results to be returned due to restricted read access in xref::access-control/manage-privileges.adoc[Graph and sub-graph access control], +This means that, if the security model causes fewer results to be returned due to restricted read access in xref::administration/access-control/manage-privileges.adoc[Graph and sub-graph access control], the index will also return the same fewer results. However, this rule is not fully obeyed by xref::indexes-for-full-text-search.adoc[Indexes for full-text search]. @@ -189,7 +189,7 @@ In this case, the query will return zero results rather than simply returning th === Traversing the graph with multi-labeled nodes -The general influence of access control privileges on graph traversal is described in detail in xref::access-control/manage-privileges.adoc[Graph and sub-graph access control]. +The general influence of access control privileges on graph traversal is described in detail in xref::administration/access-control/manage-privileges.adoc[Graph and sub-graph access control]. The following section will only focus on nodes due to their ability to have multiple labels. Relationships can only have one type of label and thus they do not exhibit the behavior this section aims to clarify. While this section will not mention relationships further, the general function of the traverse privilege also applies to them. diff --git a/modules/ROOT/pages/access-control/manage-privileges.adoc b/modules/ROOT/pages/administration/access-control/manage-privileges.adoc similarity index 94% rename from modules/ROOT/pages/access-control/manage-privileges.adoc rename to modules/ROOT/pages/administration/access-control/manage-privileges.adoc index 1b867d74d..238954cc4 100644 --- a/modules/ROOT/pages/access-control/manage-privileges.adoc +++ b/modules/ROOT/pages/administration/access-control/manage-privileges.adoc @@ -13,28 +13,28 @@ Privileges control the access rights to graph elements using a combined allowlis It is possible to grant or deny access, or use a combination of the two. The user will be able to access the resource if they have a `GRANT` (allowlist) and do not have a `DENY` (denylist) relevant to that resource. All other combinations of `GRANT` and `DENY` will result in the matching path being inaccessible. -What this means in practice depends on whether we are talking about a xref::access-control/privileges-reads.adoc[read privilege] or a xref::access-control/privileges-writes.adoc[write privilege]: +What this means in practice depends on whether we are talking about a xref::administration/access-control/privileges-reads.adoc[read privilege] or a xref::administration/access-control/privileges-writes.adoc[write privilege]: -* If an entity is not accessible due to xref::access-control/privileges-reads.adoc[read privileges], the data will become invisible. +* If an entity is not accessible due to xref::administration/access-control/privileges-reads.adoc[read privileges], the data will become invisible. It will appear to the user as if they had a smaller database (smaller graph). -* If an entity is not accessible due to xref::access-control/privileges-writes.adoc[write privileges], an error will occur on any attempt to write that data. +* If an entity is not accessible due to xref::administration/access-control/privileges-writes.adoc[write privileges], an error will occur on any attempt to write that data. [NOTE] ==== In this document we will often use the terms _'allows'_ and _'enables'_ in seemingly identical ways. However, there is a subtle difference. -We will use _'enables'_ to refer to the consequences of xref::access-control/privileges-reads.adoc[read privileges] where a restriction will not cause an error, only a reduction in the apparent graph size. -We will use _'allows'_ to refer to the consequence of xref::access-control/privileges-writes.adoc[write privileges] where a restriction can result in an error. +We will use _'enables'_ to refer to the consequences of xref::administration/access-control/privileges-reads.adoc[read privileges] where a restriction will not cause an error, only a reduction in the apparent graph size. +We will use _'allows'_ to refer to the consequence of xref::administration/access-control/privileges-writes.adoc[write privileges] where a restriction can result in an error. ==== [NOTE] ==== If a user was not also provided with the database `ACCESS` privilege, then access to the entire database will be denied. -Information about the database access privilege can be found in xref::access-control/database-administration.adoc#access-control-database-administration-access[The ACCESS privilege]. +Information about the database access privilege can be found in xref::administration/access-control/database-administration.adoc#access-control-database-administration-access[The ACCESS privilege]. ==== [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== [[access-control-graph-privileges]] @@ -49,10 +49,10 @@ The components of the graph privilege commands are: ** `REVOKE` – removes granted or denied privileges from roles. * _mutability_: -** `IMMUTABLE` can optionally be specified when performing a `GRANT` or `DENY` to indicate that the privilege cannot be subsequently removed unless auth is disabled. Auth must also be disabled in order to `GRANT` or `DENY` an immutable privilege. Contrastingly, when `IMMUTABLE` is specified in conjunction with a `REVOKE` command, it will act as a filter and only remove matching _immutable_ privileges. See also xref:access-control/index.adoc#access-control-privileges-immutable[immutable privileges]. +** `IMMUTABLE` can optionally be specified when performing a `GRANT` or `DENY` to indicate that the privilege cannot be subsequently removed unless auth is disabled. Auth must also be disabled in order to `GRANT` or `DENY` an immutable privilege. Contrastingly, when `IMMUTABLE` is specified in conjunction with a `REVOKE` command, it will act as a filter and only remove matching _immutable_ privileges. See also xref:administration/access-control/index.adoc#access-control-privileges-immutable[immutable privileges]. * _graph-privilege_: -** Can be either a xref::access-control/privileges-reads.adoc[read privilege] or xref::access-control/privileges-writes.adoc[write privilege]. +** Can be either a xref::administration/access-control/privileges-reads.adoc[read privilege] or xref::administration/access-control/privileges-writes.adoc[write privilege]. * _name_: ** The graph or graphs to associate the privilege with. @@ -80,7 +80,7 @@ This can be quite powerful as it allows permissions to be switched from one grap ** Multiple labels or types can be specified, comma-separated. ** Defaults to `ELEMENTS` `+*+` if omitted. ** Some of the commands for write privileges do not allow an _entity_ part. -See xref::access-control/privileges-writes.adoc[Write privileges] for details. +See xref::administration/access-control/privileges-writes.adoc[Write privileges] for details. * _role[, ...]_ ** The role or roles to associate the privilege with, comma-separated. @@ -1038,7 +1038,7 @@ SHOW PRIVILEGES AS REVOKE COMMANDS a|Rows: 35 |=== -For more info about revoking privileges, please see xref::access-control/manage-privileges.adoc#access-control-revoke-privileges[The REVOKE command]. +For more info about revoking privileges, please see xref::administration/access-control/manage-privileges.adoc#access-control-revoke-privileges[The REVOKE command]. [[access-control-list-privileges-role]] === Examples for listing privileges for specific roles @@ -1164,7 +1164,7 @@ SHOW ROLE architect PRIVILEGES AS COMMANDS WHERE command CONTAINS 'MATCH' |=== Again, it is possible to get the privileges listed as revoking commands instead of granting or denying. -For more info about revoking privileges, please see xref::access-control/manage-privileges.adoc#access-control-revoke-privileges[The REVOKE command]. +For more info about revoking privileges, please see xref::administration/access-control/manage-privileges.adoc#access-control-revoke-privileges[The REVOKE command]. [source, cypher, role=noplay] ---- diff --git a/modules/ROOT/pages/access-control/manage-roles.adoc b/modules/ROOT/pages/administration/access-control/manage-roles.adoc similarity index 81% rename from modules/ROOT/pages/access-control/manage-roles.adoc rename to modules/ROOT/pages/administration/access-control/manage-roles.adoc index e12aa550a..16b1afd87 100644 --- a/modules/ROOT/pages/access-control/manage-roles.adoc +++ b/modules/ROOT/pages/administration/access-control/manage-roles.adoc @@ -32,7 +32,7 @@ When connected to the DBMS over `bolt`, administration commands are automaticall [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== [cols="<15s,<85"] @@ -57,7 +57,7 @@ Lists roles. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. -For more information, see xref::access-control/manage-roles.adoc#access-control-list-roles[Listing roles]. +For more information, see xref::administration/access-control/manage-roles.adoc#access-control-list-roles[Listing roles]. | Required privilege a| @@ -67,7 +67,7 @@ GRANT SHOW ROLE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]). +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]). |=== @@ -93,7 +93,7 @@ Lists roles and users assigned to them. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. -For more information, see xref::access-control/manage-roles.adoc#access-control-list-roles[Listing roles]. +For more information, see xref::administration/access-control/manage-roles.adoc#access-control-list-roles[Listing roles]. | Required privilege a| @@ -102,7 +102,7 @@ a| GRANT SHOW ROLE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) [source, privilege, role="noheader"] @@ -111,7 +111,7 @@ GRANT SHOW USER ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) |=== @@ -138,7 +138,7 @@ Lists the privileges granted to the specified roles. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. -For more information, see xref::access-control/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. +For more information, see xref::administration/access-control/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. | Required privilege a| @@ -147,7 +147,7 @@ a| GRANT SHOW PRIVILEGE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[DBMS PRIVILEGE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[DBMS PRIVILEGE MANAGEMENT privileges]) |=== @@ -170,7 +170,7 @@ CREATE ROLE name [IF NOT EXISTS] [AS COPY OF otherName] a| Creates a new role. -For more information, see xref::access-control/manage-roles.adoc#access-control-create-roles[Creating roles]. +For more information, see xref::administration/access-control/manage-roles.adoc#access-control-create-roles[Creating roles]. | Required privilege a| @@ -179,7 +179,7 @@ a| GRANT CREATE ROLE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) |=== @@ -199,7 +199,7 @@ CREATE OR REPLACE ROLE name [AS COPY OF otherName] a| Creates a new role, or if a role with the same name exists, replace it. -For more information, see xref::access-control/manage-roles.adoc#access-control-create-roles[Creating roles]. +For more information, see xref::administration/access-control/manage-roles.adoc#access-control-create-roles[Creating roles]. | Required privilege a| @@ -213,7 +213,7 @@ GRANT CREATE ROLE GRANT DROP ROLE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) |=== @@ -235,7 +235,7 @@ RENAME ROLE name [IF EXISTS] TO otherName a| Changes the name of a role. -For more information, see xref::access-control/manage-roles.adoc#access-control-rename-roles[Renaming roles]. +For more information, see xref::administration/access-control/manage-roles.adoc#access-control-rename-roles[Renaming roles]. | Required privilege a| @@ -244,7 +244,7 @@ a| GRANT RENAME ROLE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) |=== @@ -266,7 +266,7 @@ DROP ROLE name [IF EXISTS] a| Removes a role. -For more information, see xref::access-control/manage-roles.adoc#access-control-drop-roles[Deleting roles]. +For more information, see xref::administration/access-control/manage-roles.adoc#access-control-drop-roles[Deleting roles]. | Required privilege [source, privilege, role="noheader"] @@ -274,7 +274,7 @@ For more information, see xref::access-control/manage-roles.adoc#access-control- GRANT DROP ROLE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) |=== @@ -296,7 +296,7 @@ GRANT ROLE[S] name[, ...] TO user[, ...] a| Assigns roles to users. -For more information, see xref::access-control/manage-roles.adoc#access-control-assign-roles[Assigning roles to users]. +For more information, see xref::administration/access-control/manage-roles.adoc#access-control-assign-roles[Assigning roles to users]. | Required privilege a| @@ -305,7 +305,7 @@ a| GRANT ASSIGN ROLE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) |=== @@ -327,7 +327,7 @@ REVOKE ROLE[S] name[, ...] FROM user[, ...] a| Removes roles from users. -For more information, see xref::access-control/manage-roles.adoc#access-control-revoke-roles[Revoking roles from users]. +For more information, see xref::administration/access-control/manage-roles.adoc#access-control-revoke-roles[Revoking roles from users]. | Required privilege a| @@ -336,7 +336,7 @@ a| GRANT REMOVE ROLE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DBMS ROLE MANAGEMENT privileges]) |=== @@ -452,7 +452,7 @@ It is also possible to use `SKIP` and `LIMIT` to paginate the results. [NOTE] ==== -The `SHOW ROLE name PRIVILEGES` command is found in xref::access-control/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. +The `SHOW ROLE name PRIVILEGES` command is found in xref::administration/access-control/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. ==== diff --git a/modules/ROOT/pages/access-control/manage-users.adoc b/modules/ROOT/pages/administration/access-control/manage-users.adoc similarity index 87% rename from modules/ROOT/pages/access-control/manage-users.adoc rename to modules/ROOT/pages/administration/access-control/manage-users.adoc index 502fc0cce..3e1d7bba8 100644 --- a/modules/ROOT/pages/access-control/manage-users.adoc +++ b/modules/ROOT/pages/administration/access-control/manage-users.adoc @@ -17,7 +17,7 @@ When connected to the DBMS over `bolt`, administration commands are automaticall [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== [cols="<15s,<85"] @@ -42,7 +42,7 @@ Lists the current user. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. -For more information, see xref::access-control/manage-users.adoc#access-control-current-users[Listing current user]. +For more information, see xref::administration/access-control/manage-users.adoc#access-control-current-users[Listing current user]. | Required privilege a| None @@ -72,7 +72,7 @@ Lists all users. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. -For more information, see xref::access-control/manage-users.adoc#access-control-list-users[Listing users]. +For more information, see xref::administration/access-control/manage-users.adoc#access-control-list-users[Listing users]. | Required privilege a| @@ -81,7 +81,7 @@ a| GRANT SHOW USER ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) |=== @@ -107,7 +107,7 @@ Lists the privileges granted to the specified users or the current user if no us When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. -For more information, see xref::access-control/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. +For more information, see xref::administration/access-control/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. | Required privilege a| @@ -116,14 +116,14 @@ a| GRANT SHOW PRIVILEGE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[DBMS PRIVILEGE MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[DBMS PRIVILEGE MANAGEMENT privileges]) [source, privilege, role="noheader"] ---- GRANT SHOW USER ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) |=== @@ -147,7 +147,7 @@ CREATE USER name [IF NOT EXISTS] a| Creates a new user. -For more information, see xref::access-control/manage-users.adoc#access-control-create-users[Creating users]. +For more information, see xref::administration/access-control/manage-users.adoc#access-control-create-users[Creating users]. | Required privilege a| @@ -156,7 +156,7 @@ a| GRANT CREATE USER ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) |=== @@ -180,7 +180,7 @@ CREATE OR REPLACE USER name a| Creates a new user, or if a user with the same name exists, replace it. -For more information, see xref::access-control/manage-users.adoc#access-control-create-users[Creating users]. +For more information, see xref::administration/access-control/manage-users.adoc#access-control-create-users[Creating users]. | Required privilege a| @@ -189,7 +189,7 @@ a| GRANT CREATE USER ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) [source, privilege, role="noheader"] @@ -197,7 +197,7 @@ GRANT CREATE USER GRANT DROP USER ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) |=== @@ -217,7 +217,7 @@ RENAME USER name [IF EXISTS] TO otherName a| Changes the name of a user. -For more information, see xref::access-control/manage-users.adoc#access-control-rename-users[Renaming users]. +For more information, see xref::administration/access-control/manage-users.adoc#access-control-rename-users[Renaming users]. | Required privilege a| @@ -226,7 +226,7 @@ a| GRANT RENAME USER ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) |=== @@ -253,7 +253,7 @@ Modifies the settings for an existing user. At least one `SET` or `REMOVE` clause is required. `SET` and `REMOVE` clauses cannot be combined in the same command. -For more information, see xref::access-control/manage-users.adoc#access-control-alter-users[Modifying users]. +For more information, see xref::administration/access-control/manage-users.adoc#access-control-alter-users[Modifying users]. | Required privilege a| @@ -272,7 +272,7 @@ GRANT SET USER STATUS GRANT SET USER HOME DATABASE ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) |=== @@ -294,7 +294,7 @@ ALTER CURRENT USER SET PASSWORD FROM 'oldPassword' TO 'newPassword' a| Changes the current user's password. -For more information, see xref::access-control/manage-users.adoc#access-control-alter-password[Changing the current user's password]. +For more information, see xref::administration/access-control/manage-users.adoc#access-control-alter-password[Changing the current user's password]. | Required privilege a| None @@ -319,7 +319,7 @@ DROP USER name [IF EXISTS] a| Removes an existing user. -For more information, see xref::access-control/manage-users.adoc#access-control-drop-users[Delete users]. +For more information, see xref::administration/access-control/manage-users.adoc#access-control-drop-users[Delete users]. | Required privilege a| @@ -328,7 +328,7 @@ a| GRANT DROP USER ---- -(see xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) +(see xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DBMS USER MANAGEMENT privileges]) |=== @@ -526,7 +526,7 @@ RETURN user AS adminUser [NOTE] ==== -The `SHOW USER name PRIVILEGES` command is described in xref::access-control/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. +The `SHOW USER name PRIVILEGES` command is described in xref::administration/access-control/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. ==== @@ -582,7 +582,7 @@ User names are case sensitive. The created user will appear on the list provided by `SHOW USERS`. * In Neo4j Community Edition there are no roles, but all users have implied administrator privileges. -* In Neo4j Enterprise Edition all users are automatically assigned the xref::access-control/built-in-roles.adoc#access-control-built-in-roles-public[`PUBLIC` role], giving them a base set of privileges. +* In Neo4j Enterprise Edition all users are automatically assigned the xref::administration/access-control/built-in-roles.adoc#access-control-built-in-roles-public[`PUBLIC` role], giving them a base set of privileges. ==== diff --git a/modules/ROOT/pages/access-control/privileges-immutable.adoc b/modules/ROOT/pages/administration/access-control/privileges-immutable.adoc similarity index 69% rename from modules/ROOT/pages/access-control/privileges-immutable.adoc rename to modules/ROOT/pages/administration/access-control/privileges-immutable.adoc index f201a96db..6ab3965af 100644 --- a/modules/ROOT/pages/access-control/privileges-immutable.adoc +++ b/modules/ROOT/pages/administration/access-control/privileges-immutable.adoc @@ -3,12 +3,12 @@ = Immutable privileges :description: This section explains how to use Cypher to manage immutable privileges. -Unlike regular privileges, having xref:access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[privilege management] privileges is not sufficient to enable immutable privileges to be added or removed. They can only be administered when auth is disabled -- that is, when the configuration setting <> is set to `false`. +Unlike regular privileges, having xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[privilege management] privileges is not sufficient to enable immutable privileges to be added or removed. They can only be administered when auth is disabled -- that is, when the configuration setting <> is set to `false`. [[access-control-privileges-immutable-usecase]] == When to use immutable privileges -Immutable privileges are useful for restricting the actions of users who themselves are able to xref:access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[administer privileges]. +Immutable privileges are useful for restricting the actions of users who themselves are able to xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[administer privileges]. For example, you may want to prevent all users from performing Database Management, even the `admin` user (who are themselves able to add or remove privileges). To do so, you could run: @@ -43,4 +43,4 @@ Under these conditions, immutable privileges can be added and removed in a simil See the link:{neo4j-docs-base-uri}/operations-manual/{page-version}/tutorial/tutorial-immutable-privileges[Immutable privileges tutorial] for examples of how to administer immutable privileges. -See xref:access-control/manage-privileges.adoc[Managing Privileges] for more detail on syntax. +See xref:administration/access-control/manage-privileges.adoc[Managing Privileges] for more detail on syntax. diff --git a/modules/ROOT/pages/access-control/privileges-reads.adoc b/modules/ROOT/pages/administration/access-control/privileges-reads.adoc similarity index 90% rename from modules/ROOT/pages/access-control/privileges-reads.adoc rename to modules/ROOT/pages/administration/access-control/privileges-reads.adoc index a457dd5c3..dc76d6960 100644 --- a/modules/ROOT/pages/access-control/privileges-reads.adoc +++ b/modules/ROOT/pages/administration/access-control/privileges-reads.adoc @@ -18,13 +18,13 @@ This section explains how to use Cypher to manage read privileges on graphs. There are three separate read privileges: -* xref::access-control/privileges-reads.adoc#access-control-privileges-reads-traverse[`TRAVERSE`] - enables the specified entities to be found. -* xref::access-control/privileges-reads.adoc#access-control-privileges-reads-read[`READ`] - enables the specified properties of the found entities to be read. -* xref::access-control/privileges-reads.adoc#access-control-privileges-reads-match[`MATCH`] - combines both `TRAVERSE` and `READ`, enabling an entity to be found and its properties read. +* xref::administration/access-control/privileges-reads.adoc#access-control-privileges-reads-traverse[`TRAVERSE`] - enables the specified entities to be found. +* xref::administration/access-control/privileges-reads.adoc#access-control-privileges-reads-read[`READ`] - enables the specified properties of the found entities to be read. +* xref::administration/access-control/privileges-reads.adoc#access-control-privileges-reads-match[`MATCH`] - combines both `TRAVERSE` and `READ`, enabling an entity to be found and its properties read. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== [[access-control-privileges-reads-traverse]] diff --git a/modules/ROOT/pages/access-control/privileges-writes.adoc b/modules/ROOT/pages/administration/access-control/privileges-writes.adoc similarity index 80% rename from modules/ROOT/pages/access-control/privileges-writes.adoc rename to modules/ROOT/pages/administration/access-control/privileges-writes.adoc index a2fbbb984..71f6e2069 100644 --- a/modules/ROOT/pages/access-control/privileges-writes.adoc +++ b/modules/ROOT/pages/administration/access-control/privileges-writes.adoc @@ -18,21 +18,21 @@ This section explains how to use Cypher to manage write privileges on graphs. Write privileges are defined for different parts of the graph: -* xref::access-control/privileges-writes.adoc#access-control-privileges-writes-create[`CREATE`] - allows creating nodes and relationships. -* xref::access-control/privileges-writes.adoc#access-control-privileges-writes-delete[`DELETE`] - allows deleting nodes and relationships. -* xref::access-control/privileges-writes.adoc#access-control-privileges-writes-set-label[`SET LABEL`] - allows setting the specified node labels using the `SET` clause. -* xref::access-control/privileges-writes.adoc#access-control-privileges-writes-remove-label[`REMOVE LABEL`] - allows removing the specified node labels using the `REMOVE` clause. -* xref::access-control/privileges-writes.adoc#access-control-privileges-writes-set-property[`SET PROPERTY`] - allows setting properties on nodes and relationships. +* xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-create[`CREATE`] - allows creating nodes and relationships. +* xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-delete[`DELETE`] - allows deleting nodes and relationships. +* xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-set-label[`SET LABEL`] - allows setting the specified node labels using the `SET` clause. +* xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-remove-label[`REMOVE LABEL`] - allows removing the specified node labels using the `REMOVE` clause. +* xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-set-property[`SET PROPERTY`] - allows setting properties on nodes and relationships. There are also compound privileges which combine the above specific privileges: -* xref::access-control/privileges-writes.adoc#access-control-privileges-writes-merge[`MERGE`] - allows `MATCH`, `CREATE` and `SET PROPERTY` to apply the `MERGE` command. -* xref::access-control/privileges-writes.adoc#access-control-privileges-writes-write[`WRITE`] - allows all `WRITE` operations on an entire graph. -* xref::access-control/privileges-writes.adoc#access-control-privileges-writes-all[`ALL GRAPH PRIVILEGES`] - allows all `READ` and `WRITE` operations on an entire graph. +* xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-merge[`MERGE`] - allows `MATCH`, `CREATE` and `SET PROPERTY` to apply the `MERGE` command. +* xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-write[`WRITE`] - allows all `WRITE` operations on an entire graph. +* xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-all[`ALL GRAPH PRIVILEGES`] - allows all `READ` and `WRITE` operations on an entire graph. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== [[access-control-privileges-writes-create]] @@ -83,8 +83,8 @@ DENY CREATE ON GRAPH * NODES foo TO regularUsers [NOTE] ==== -If the user attempts to create nodes with a label that does not already exist on the database, then the user must also possess the xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW LABEL] privilege. -The same applies to new relationships: the xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW RELATIONSHIP TYPE] privilege is required. +If the user attempts to create nodes with a label that does not already exist on the database, then the user must also possess the xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW LABEL] privilege. +The same applies to new relationships: the xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW RELATIONSHIP TYPE] privilege is required. ==== @@ -183,7 +183,7 @@ DENY SET LABEL foo ON GRAPH * TO regularUsers [NOTE] ==== -If no instances of this label exist on the database, then the xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW LABEL] privilege is also required. +If no instances of this label exist on the database, then the xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW LABEL] privilege is also required. ==== @@ -275,7 +275,7 @@ DENY SET PROPERTY { foo } ON GRAPH * NODES bar TO regularUsers [NOTE] ==== -If the user attempts to set a property with a property name that does not already exist on the database, the user must also possess the xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW PROPERTY NAME] privilege. +If the user attempts to set a property with a property name that does not already exist on the database, the user must also possess the xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW PROPERTY NAME] privilege. ==== @@ -305,15 +305,15 @@ GRANT MERGE {*} ON GRAPH neo4j ELEMENTS * TO regularUsers ---- It is not possible to deny the `MERGE` privilege. -If you wish to prevent a user from creating elements and setting properties: use xref::access-control/privileges-writes.adoc#access-control-privileges-writes-create[DENY CREATE] or xref::access-control/privileges-writes.adoc#access-control-privileges-writes-set-property[DENY SET PROPERTY]. +If you wish to prevent a user from creating elements and setting properties: use xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-create[DENY CREATE] or xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-set-property[DENY SET PROPERTY]. [NOTE] ==== If the user attempts to create nodes with a label that does not already exist on the database, the user must also possess the -xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW LABEL] privilege. +xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW LABEL] privilege. The same applies to new relationships and properties - the -xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW RELATIONSHIP TYPE] or -xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW PROPERTY NAME] privileges are required. +xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW RELATIONSHIP TYPE] or +xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW PROPERTY NAME] privileges are required. ==== diff --git a/modules/ROOT/pages/aliases.adoc b/modules/ROOT/pages/administration/aliases.adoc similarity index 95% rename from modules/ROOT/pages/aliases.adoc rename to modules/ROOT/pages/administration/aliases.adoc index b237aa507..37d870048 100644 --- a/modules/ROOT/pages/aliases.adoc +++ b/modules/ROOT/pages/administration/aliases.adoc @@ -13,7 +13,7 @@ A local database alias can only target a database within the same DBMS. A remote database alias may target a database from another Neo4j DBMS. When a query is run against a database alias, it will be redirected to the target database. The home database for users can be set to an alias, which will be resolved to the target database on use. -Both local and remote database aliases can be created as part of a xref::databases.adoc#administration-databases-create-composite-database[composite database]. +Both local and remote database aliases can be created as part of a xref::administration/databases.adoc#administration-databases-create-composite-database[composite database]. A local database alias can be used in all other Cypher commands in place of the target database. Please note that the local database alias will be resolved while executing the command. @@ -24,14 +24,14 @@ Remote database aliases require configuration to safely connect to the remote ta It is not possible to impersonate a user on the remote database or to execute an administration command on the remote database via a remote database alias. Database aliases can be created and managed using a set of Cypher administration commands executed against the `system` database. -The required privileges are described xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. +The required privileges are described xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. When connected to the DBMS over Bolt, administration commands are automatically routed to the `system` database. The syntax of the database alias management commands is as follows: [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Alias management command syntax @@ -269,7 +269,7 @@ DRIVER { //// Available database aliases can be seen using `SHOW ALIASES FOR DATABASE`. -The required privileges are described xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. +The required privileges are described xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. `SHOW ALIASES FOR DATABASE` will produce a table of database aliases with the following columns: @@ -300,7 +300,7 @@ The required privileges are described xref::access-control/dbms-administration.a | driver | The driver options for connection to the remote database or `null` if the target database is local or if no driver settings are added. -List of xref::aliases.adoc#remote-alias-driver-settings[driver settings] allowed for remote database aliases. +List of xref::administration/aliases.adoc#remote-alias-driver-settings[driver settings] allowed for remote database aliases. | MAP | properties @@ -472,7 +472,7 @@ It is also possible to use `SKIP` and `LIMIT` to paginate the results. Database aliases can be created using `CREATE ALIAS`. -The required privileges are described xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. +The required privileges are described xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. .Create alias command syntax [options="header", width="100%", cols="5a,2"] @@ -511,6 +511,7 @@ The `IF NOT EXISTS` and `OR REPLACE` parts of this command cannot be used togeth [NOTE] ==== +<<<<<<< HEAD:modules/ROOT/pages/aliases.adoc Database alias names are subject to the xref::syntax/naming.adoc[standard Cypher restrictions on valid identifiers]. The following naming rules apply: @@ -520,6 +521,9 @@ The following naming rules apply: * Names cannot end with dots. * Names that begin with an underscore or with the prefix `system` are reserved for internal use. * Non-alphabetic characters, including numbers, symbols and whitespace characters, can be used in names, but must be escaped using backticks. +======= +Database alias names are subject to the rules specified in the xref:administration/alias-management-escaping[Alias names and escaping] section. +>>>>>>> 6740b28 (New Administration chapter (#494)):modules/ROOT/pages/administration/aliases.adoc ==== [[database-management-create-local-database-alias]] @@ -725,7 +729,7 @@ FOR DATABASE .+Creating remote database aliases with driver settings+ ====== It is possible to override the default driver settings per database alias, which are used for connecting to the remote database. -The full list of supported driver settings can be seen xref::aliases.adoc#remote-alias-driver-settings[here]. +The full list of supported driver settings can be seen xref::administration/aliases.adoc#remote-alias-driver-settings[here]. .Query [source, cypher] @@ -806,7 +810,7 @@ SHOW ALIAS `remote-northwind-2021` FOR DATABASE YIELD name, properties [[alias-management-create-composite-database-alias]] == Create database aliases in composite databases -Both local and remote database aliases can be part of a xref::databases.adoc#administration-databases-create-composite-database[composite database]. +Both local and remote database aliases can be part of a xref::administration/databases.adoc#administration-databases-create-composite-database[composite database]. Create a database alias in a composite database by giving the name of the composite database as namespace for the alias. @@ -911,7 +915,7 @@ CREATE ALIAS garden.trees FOR DATABASE trees AT 'neo4j+s://location:7687' USER a //// Database aliases can be altered using `ALTER ALIAS` to change its database target, properties, url, user credentials, or driver settings. -The required privileges are described xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. +The required privileges are described xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. Only the clauses used will be altered. [NOTE] @@ -1195,7 +1199,7 @@ PROPERTIES { treeVersion: 2 } Both local and remote database aliases can be deleted using the `DROP ALIAS` command. -The required privileges are described xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. +The required privileges are described xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[here]. .+Deleting local database aliases+ diff --git a/modules/ROOT/pages/databases.adoc b/modules/ROOT/pages/administration/databases.adoc similarity index 99% rename from modules/ROOT/pages/databases.adoc rename to modules/ROOT/pages/administration/databases.adoc index bb5ebd376..41ad9a00e 100644 --- a/modules/ROOT/pages/databases.adoc +++ b/modules/ROOT/pages/administration/databases.adoc @@ -26,7 +26,7 @@ The syntax of the database management commands is as follows: [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Database management command syntax @@ -645,7 +645,7 @@ SHOW DATABASES YIELD name, type, access, role, writer, constituents |=== In order to create database aliases in the composite database, give the composite database as namespace for the alias. -For information about creating aliases in composite databases, see xref:aliases.adoc#alias-management-create-composite-database-alias[here]. +For information about creating aliases in composite databases, see xref:administration/aliases.adoc#alias-management-create-composite-database-alias[here]. [role=enterprise-edition not-on-aura] diff --git a/modules/ROOT/pages/access-control/index.adoc b/modules/ROOT/pages/administration/index.adoc similarity index 60% rename from modules/ROOT/pages/access-control/index.adoc rename to modules/ROOT/pages/administration/index.adoc index bb2657163..c6713ecd0 100644 --- a/modules/ROOT/pages/access-control/index.adoc +++ b/modules/ROOT/pages/administration/index.adoc @@ -1,30 +1,15 @@ -:description: Neo4j role-based access control and fine-grained security. += Administration -[[access-control]] -= Access control +Cypher contains a number of administrative commands which allows for efficient and sophisticated database management, alias management, server management, and role-based access-control. -[abstract] --- -This section explains how to manage Neo4j role-based access control and fine-grained security. --- +More information about each of these topics can be found in the following sections: -Neo4j has a complex security model stored in the system graph, which is maintained on a special database called the `system` database. -All administrative commands need to be executed against the `system` database. -When connected to the DBMS over `bolt`, administrative commands are automatically routed to the `system` database. -For more information on how to manage multiple databases, refer to the section on xref::databases.adoc[administering databases]. +* xref:administration/databases.adoc[] +* xref:administration/aliases.adoc[] +* xref:administration/servers.adoc[] +* xref:administration/access-control/index.adoc[] -The concept of _role-based access control_ was introduced in Neo4j 3.1. -Since then, it has been possible to create users and assign them to roles to control whether users can read, write and administer the database. -In Neo4j 4.0 this model was enhanced significantly with the addition of _privileges_, which are the underlying access-control rules by which the users rights are defined. - -The original built-in roles still exist with almost the exact same access rights, but they are no-longer statically defined (see xref::access-control/built-in-roles.adoc[Built-in roles]). -Instead, they are defined in terms of their underlying _privileges_, and they can be modified by adding or removing these access rights. - -In addition, any newly created roles can be assigned to any combination of _privileges_, so that you may set specific access controls for them. -Another new major capability is the _sub-graph_ access control, through which read access to the graph can be limited to specific combinations of labels, relationship types, and properties. - - -[[access-control-syntax]] +[[administration-syntax]] == Syntax summaries Almost all administration commands have variations. diff --git a/modules/ROOT/pages/access-control/manage-servers.adoc b/modules/ROOT/pages/administration/servers.adoc similarity index 90% rename from modules/ROOT/pages/access-control/manage-servers.adoc rename to modules/ROOT/pages/administration/servers.adoc index 1a87b8ec6..6b5f13d5b 100644 --- a/modules/ROOT/pages/access-control/manage-servers.adoc +++ b/modules/ROOT/pages/administration/servers.adoc @@ -1,8 +1,7 @@ :description: This section explains how to use Cypher to manage servers in Neo4j. [role=enterprise-edition] [[server-management]] -= Managing servers - += Server management Servers can be added and managed using a set of Cypher administration commands executed against the `system` database. @@ -14,7 +13,7 @@ When connected to the DBMS over `bolt`, administration commands are automaticall [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== [cols="<15s,<85"] @@ -36,7 +35,7 @@ For more information see <>. | Required privilege a| `GRANT SERVER MANAGEMENT` -(see xref:access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) +(see xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) |=== [cols="<15s,<85"] @@ -58,7 +57,7 @@ For more information see <>. | Required privilege a| `GRANT SERVER MANAGEMENT` -(see xref:access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) +(see xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) |=== [cols="<15s,<85"] @@ -80,7 +79,7 @@ For more information see <>. | Required privilege a| `GRANT SERVER MANAGEMENT` -(see xref:access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) +(see xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) |=== [cols="<15s,<85"] @@ -102,7 +101,7 @@ For more information see <>. | Required privilege a| `GRANT SERVER MANAGEMENT` -(see xref:access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) +(see xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) |=== [cols="<15s,<85"] @@ -124,7 +123,7 @@ For more information see <>. | Required privilege a| `GRANT SERVER MANAGEMENT` -(see xref:access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) +(see xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) |=== [cols="<15s,<85"] @@ -146,7 +145,7 @@ For more information see <>. | Required privilege a| `GRANT SERVER MANAGEMENT` -(see xref:access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) +(see xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) |=== [cols="<15s,<85"] @@ -171,7 +170,7 @@ For more information see <>. | Required privilege a| `GRANT SHOW SERVERS` -(see xref:access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) +(see xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT privileges]) |=== [[server-management-show-servers]] diff --git a/modules/ROOT/pages/clauses/index.adoc b/modules/ROOT/pages/clauses/index.adoc index 2bcb03ad5..c5e139ea3 100644 --- a/modules/ROOT/pages/clauses/index.adoc +++ b/modules/ROOT/pages/clauses/index.adoc @@ -12,13 +12,13 @@ This section contains information on all the clauses in the Cypher query languag [[administration-clauses]] == Administration clauses -These comprise clauses used to manage databases, schema and security; further details can found in xref::databases.adoc[Database management] and xref::access-control/index.adoc[Access control]. +These comprise clauses used to manage databases, schema and security; further details can found in xref::administration/databases.adoc[Database management] and xref::administration/access-control/index.adoc[Access control]. [options="header"] |=== | Clause | Description -m| xref::databases.adoc[CREATE \| DROP \| START \| STOP DATABASE] +m| xref::administration/databases.adoc[CREATE \| DROP \| START \| STOP DATABASE] | Create, drop, start or stop a database. m| xref::indexes-for-search-performance.adoc#administration-indexes-syntax[CREATE \| DROP INDEX] @@ -27,7 +27,7 @@ m| xref::indexes-for-search-performance.adoc#administration-indexes-syntax[CREAT m| xref::constraints/syntax.adoc[CREATE \| DROP CONSTRAINT] | Create or drop a constraint pertaining to either a node label or relationship type, and a property. -| xref::access-control/index.adoc[Access control] +| xref::administration/access-control/index.adoc[Access control] | Manage users, roles, and privileges for database, graph and sub-graph access control. |=== diff --git a/modules/ROOT/pages/clauses/listing-functions.adoc b/modules/ROOT/pages/clauses/listing-functions.adoc index e0c4d5ea6..9c2324b76 100644 --- a/modules/ROOT/pages/clauses/listing-functions.adoc +++ b/modules/ROOT/pages/clauses/listing-functions.adoc @@ -60,13 +60,13 @@ m| BOOLEAN m| rolesExecution a| List of roles permitted to execute this function. -Is `null` without the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +Is `null` without the xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. m| LIST OF STRING m| rolesBoostedExecution a| List of roles permitted to use boosted mode when executing this function. -Is `null` without the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +Is `null` without the xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. m| LIST OF STRING |=== @@ -76,7 +76,7 @@ m| LIST OF STRING [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== List functions, either all or only built-in or user-defined:: @@ -119,7 +119,7 @@ SHOW [ALL|BUILT IN|USER DEFINED] FUNCTION[S] EXECUTABLE BY username [RETURN field[, ...] [ORDER BY field[, ...]] [SKIP n] [LIMIT n]] ---- -Required privilege xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[`SHOW USER`]. +Required privilege xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[`SHOW USER`]. This command cannot be used for LDAP users. [NOTE] @@ -358,7 +358,7 @@ SHOW FUNCTIONS EXECUTABLE BY CURRENT USER YIELD * 6+d|Rows: 10 |=== -Notice that the two `roles` columns are empty due to missing the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +Notice that the two `roles` columns are empty due to missing the xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. The second option, is to filter for a specific user: diff --git a/modules/ROOT/pages/clauses/listing-procedures.adoc b/modules/ROOT/pages/clauses/listing-procedures.adoc index f11b03808..9798ad1ce 100644 --- a/modules/ROOT/pages/clauses/listing-procedures.adoc +++ b/modules/ROOT/pages/clauses/listing-procedures.adoc @@ -58,13 +58,13 @@ m| BOOLEAN m| rolesExecution a| List of roles permitted to execute this procedure. -Is `null` without the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +Is `null` without the xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. m| LIST OF STRING m| rolesBoostedExecution a| List of roles permitted to use boosted mode when executing this procedure. -Is `null` without the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +Is `null` without the xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. m| LIST OF STRING m| option @@ -78,7 +78,7 @@ m| MAP [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== List all procedures:: @@ -121,7 +121,7 @@ SHOW PROCEDURE[S] EXECUTABLE BY username [RETURN field[, ...] [ORDER BY field[, ...]] [SKIP n] [LIMIT n]] ---- -Requires the privilege xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[`SHOW USER`]. +Requires the privilege xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[`SHOW USER`]. This command cannot be used for LDAP users. [NOTE] @@ -365,12 +365,12 @@ SHOW PROCEDURES EXECUTABLE BY CURRENT USER YIELD * |=== The above table only displays the first 15 results of the query. -Note that the two `roles` columns are empty due to missing the xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. +Note that the two `roles` columns are empty due to missing the xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[`SHOW ROLE`] privilege. Also note that the following columns are not present in the table: `mode`, `worksOnSystem`, `signature`, `argumentDescription`, `returnDescription`, `admin`, and `options`. The second option for using the `EXECUTABLE` clause is to filter the list to only contain procedures executable by a specific user. The below example shows the procedures available to the user `jake`, who has been granted the `EXECUTE PROCEDURE dbms.*` privilege by the `admin` of the database. -(More information about `DBMS EXECUTE` privilege administration can be found xref::access-control/dbms-administration.adoc#access-control-dbms-administration-execute[here]). +(More information about `DBMS EXECUTE` privilege administration can be found xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-execute[here]). .Query [source, cypher, role=test-result-skip] diff --git a/modules/ROOT/pages/clauses/listing-settings.adoc b/modules/ROOT/pages/clauses/listing-settings.adoc index 16c51d2a6..39c2f3cbc 100644 --- a/modules/ROOT/pages/clauses/listing-settings.adoc +++ b/modules/ROOT/pages/clauses/listing-settings.adoc @@ -65,7 +65,7 @@ a| A description of valid values for the setting. [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== List settings:: diff --git a/modules/ROOT/pages/clauses/transaction-clauses.adoc b/modules/ROOT/pages/clauses/transaction-clauses.adoc index 5053bb3a7..13c9a9adc 100644 --- a/modules/ROOT/pages/clauses/transaction-clauses.adoc +++ b/modules/ROOT/pages/clauses/transaction-clauses.adoc @@ -211,7 +211,7 @@ The `SHOW TRANSACTIONS` command can be combined with multiple `SHOW TRANSACTIONS [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== List transactions on the current server:: @@ -232,7 +232,7 @@ Transaction IDs must be supplied as one or more comma-separated quoted strings o When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. ==== -A user with the xref::access-control/database-administration.adoc#access-control-database-administration-transaction[`SHOW TRANSACTION`] privilege can view the currently executing transactions in accordance with the privilege grants. +A user with the xref::administration/access-control/database-administration.adoc#access-control-database-administration-transaction[`SHOW TRANSACTION`] privilege can view the currently executing transactions in accordance with the privilege grants. All users may view all of their own currently executing transactions. @@ -373,7 +373,7 @@ The `TERMINATE TRANSACTIONS` command can be combined with multiple `SHOW TRANSAC [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== Terminate transactions by ID on the current server:: @@ -398,7 +398,7 @@ Transaction IDs must be supplied as one or more comma-separated quoted strings o When using the `WHERE` or `RETURN` clauses, the `YIELD` clause is mandatory and must not be omitted. ==== -A user with the xref::access-control/database-administration.adoc#access-control-database-administration-transaction[`TERMINATE TRANSACTION`] privilege can terminate transactions in accordance with the privilege grants. +A user with the xref::administration/access-control/database-administration.adoc#access-control-database-administration-transaction[`TERMINATE TRANSACTION`] privilege can terminate transactions in accordance with the privilege grants. All users may terminate their own currently executing transactions. diff --git a/modules/ROOT/pages/constraints/syntax.adoc b/modules/ROOT/pages/constraints/syntax.adoc index 79c2e9496..76909c2fe 100644 --- a/modules/ROOT/pages/constraints/syntax.adoc +++ b/modules/ROOT/pages/constraints/syntax.adoc @@ -6,7 +6,7 @@ [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== [[constraints-syntax-create]] @@ -28,7 +28,7 @@ There is no supported index configuration for range indexes. [NOTE] ==== -Creating a constraint requires the xref::access-control/database-administration.adoc#access-control-database-administration-constraints[`CREATE CONSTRAINT` privilege]. +Creating a constraint requires the xref::administration/access-control/database-administration.adoc#access-control-database-administration-constraints[`CREATE CONSTRAINT` privilege]. ==== [[constraints-syntax-create-node-unique]] @@ -192,7 +192,7 @@ With the `IF EXISTS` flag, no error is thrown and nothing happens should the con [NOTE] ==== -Dropping a constraint requires the xref::access-control/database-administration.adoc#access-control-database-administration-constraints[`DROP CONSTRAINT` privilege]. +Dropping a constraint requires the xref::administration/access-control/database-administration.adoc#access-control-database-administration-constraints[`DROP CONSTRAINT` privilege]. ==== @@ -203,7 +203,7 @@ List constraints in the database, either all or filtered on constraint type. [NOTE] ==== -Listing constraints requires the xref::access-control/database-administration.adoc#access-control-database-administration-constraints[`SHOW CONSTRAINTS` privilege]. +Listing constraints requires the xref::administration/access-control/database-administration.adoc#access-control-database-administration-constraints[`SHOW CONSTRAINTS` privilege]. ==== The simple version of the command allows for a `WHERE` clause and will give back the default set of output columns: diff --git a/modules/ROOT/pages/deprecations-additions-removals-compatibility.adoc b/modules/ROOT/pages/deprecations-additions-removals-compatibility.adoc index f832259e2..7fa848eab 100644 --- a/modules/ROOT/pages/deprecations-additions-removals-compatibility.adoc +++ b/modules/ROOT/pages/deprecations-additions-removals-compatibility.adoc @@ -2619,7 +2619,7 @@ label:new[] DEFAULT GRAPH ---- a| -New optional part of the Cypher commands for xref:access-control/database-administration.adoc[database privileges]. +New optional part of the Cypher commands for xref:administration/access-control/database-administration.adoc[database privileges]. a| @@ -2653,7 +2653,7 @@ EXECUTE ---- a| New Cypher commands for administering privileges for executing procedures and user defined functions. -See xref:access-control/dbms-administration.adoc#access-control-dbms-administration-execute[The DBMS `EXECUTE` privileges]. +See xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-execute[The DBMS `EXECUTE` privileges]. a| @@ -2921,21 +2921,21 @@ New support for `YIELD` and `WHERE` clauses to allow filtering results. a| label:functionality[] label:new[] + -xref:access-control/database-administration.adoc#access-control-database-administration-transaction[TRANSACTION MANAGEMENT] privileges +xref:administration/access-control/database-administration.adoc#access-control-database-administration-transaction[TRANSACTION MANAGEMENT] privileges a| New Cypher commands for administering transaction management. a| label:functionality[] label:new[] + -DBMS xref:access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[USER MANAGEMENT] privileges +DBMS xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[USER MANAGEMENT] privileges a| New Cypher commands for administering user management. a| label:functionality[] label:new[] + -DBMS xref:access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[DATABASE MANAGEMENT] privileges +DBMS xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[DATABASE MANAGEMENT] privileges a| New Cypher commands for administering database management. @@ -2943,7 +2943,7 @@ New Cypher commands for administering database management. a| label:functionality[] label:new[] + -DBMS xref:access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[PRIVILEGE MANAGEMENT] privileges +DBMS xref:administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[PRIVILEGE MANAGEMENT] privileges a| New Cypher commands for administering privilege management. @@ -2983,7 +2983,7 @@ label:new[] ON DEFAULT DATABASE ---- a| -New optional part of the Cypher commands for xref:access-control/database-administration.adoc[database privileges]. +New optional part of the Cypher commands for xref:administration/access-control/database-administration.adoc[database privileges]. |=== [[cypher-deprecations-additions-removals-4.0]] @@ -3303,21 +3303,21 @@ This Neo4j Enterprise Edition only feature involves a new runtime that has many a| label:functionality[] label:new[] + -xref:databases.adoc[Multi-database administration] +xref:administration/databases.adoc[Multi-database administration] a| New Cypher commands for administering multiple databases. a| label:functionality[] label:new[] + -xref:access-control/index.adoc[Access control] +xref:administration/access-control/index.adoc[Access control] a| New Cypher commands for administering role-based access control. a| label:functionality[] label:new[] + -xref:access-control/manage-privileges.adoc[Fine-grained security] +xref:administration/access-control/manage-privileges.adoc[Fine-grained security] a| New Cypher commands for administering dbms, database, graph and sub-graph access control. diff --git a/modules/ROOT/pages/functions/scalar.adoc b/modules/ROOT/pages/functions/scalar.adoc index 1d804fac5..c74ef39cf 100644 --- a/modules/ROOT/pages/functions/scalar.adoc +++ b/modules/ROOT/pages/functions/scalar.adoc @@ -353,7 +353,7 @@ The identifier for a relationship is guaranteed to be unique among other relatio [NOTE] ==== -On a xref:databases.adoc#administration-databases-create-composite-database[composite database], the `id()` function should be used with caution. +On a xref:administration/databases.adoc#administration-databases-create-composite-database[composite database], the `id()` function should be used with caution. It is recommended to use xref:functions/scalar.adoc#functions-elementid[`elementId()`] instead. When called in database-specific subqueries, the resulting id value for a node or relationship is local to that database. diff --git a/modules/ROOT/pages/indexes-for-full-text-search.adoc b/modules/ROOT/pages/indexes-for-full-text-search.adoc index cd321827a..9547f0b6d 100644 --- a/modules/ROOT/pages/indexes-for-full-text-search.adoc +++ b/modules/ROOT/pages/indexes-for-full-text-search.adoc @@ -103,7 +103,7 @@ A full-text index applies to a list of labels or a list of relationship types, f [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== .Syntax for creating full-text indexes diff --git a/modules/ROOT/pages/indexes-for-search-performance.adoc b/modules/ROOT/pages/indexes-for-search-performance.adoc index 9a4ec10d7..a3a10aaa6 100644 --- a/modules/ROOT/pages/indexes-for-search-performance.adoc +++ b/modules/ROOT/pages/indexes-for-search-performance.adoc @@ -80,7 +80,7 @@ It may still throw an error if conflicting constraints exist, such as constraint [NOTE] ==== -The syntax descriptions use xref:access-control/index.adoc#access-control-syntax[the style] from access control. +More details about the syntax descriptions can be found xref:administration/index.adoc#administration-syntax[here]. ==== @@ -318,9 +318,9 @@ SHOW [ALL \| FULLTEXT \| LOOKUP \| POINT \| RANGE \| TEXT] INDEX[ES] |=== -Creating an index requires xref::access-control/database-administration.adoc#access-control-database-administration-index[the `CREATE INDEX` privilege], -while dropping an index requires xref::access-control/database-administration.adoc#access-control-database-administration-index[the `DROP INDEX` privilege] and -listing indexes require xref::access-control/database-administration.adoc#access-control-database-administration-index[the `SHOW INDEX` privilege]. +Creating an index requires xref::administration/access-control/database-administration.adoc#access-control-database-administration-index[the `CREATE INDEX` privilege], +while dropping an index requires xref::administration/access-control/database-administration.adoc#access-control-database-administration-index[the `DROP INDEX` privilege] and +listing indexes require xref::administration/access-control/database-administration.adoc#access-control-database-administration-index[the `SHOW INDEX` privilege]. xref::query-tuning/using.adoc[Planner hints and the USING keyword] describes how to make the Cypher planner use specific indexes (especially in cases where the planner would not necessarily have used them). diff --git a/modules/ROOT/pages/introduction/cypher_neo4j.adoc b/modules/ROOT/pages/introduction/cypher_neo4j.adoc index 01ceb8486..02a0ba62a 100644 --- a/modules/ROOT/pages/introduction/cypher_neo4j.adoc +++ b/modules/ROOT/pages/introduction/cypher_neo4j.adoc @@ -14,7 +14,7 @@ Cypher works almost identically between the two editions, but there are key area |=== | Feature | Enterprise Edition | Community Edition -| xref::databases.adoc[Multi-database] +| xref::administration/databases.adoc[Multi-database] a| Any number of user databases. a| @@ -22,9 +22,9 @@ Only `system` and one user database. | Role-based security a| -User, role, and privilege management for flexible xref::access-control/index.adoc[access control] and xref::access-control/manage-privileges.adoc[sub-graph access control]. +User, role, and privilege management for flexible xref::administration/access-control/index.adoc[access control] and xref::administration/access-control/manage-privileges.adoc[sub-graph access control]. a| -xref::access-control/manage-users.adoc[Multi-user management]. +xref::administration/access-control/manage-users.adoc[Multi-user management]. All users have full access rights. | Constraints @@ -83,7 +83,7 @@ A fresh installation of Neo4j includes two databases: * `system` - the system database described above, containing meta-data on the DBMS and security configuration. * `neo4j` - the default database, named using the config option `dbms.default_database=neo4j`. -For more information about the _system_ database, see the sections on xref::databases.adoc[Database management] and xref::access-control/index.adoc[Access control]. +For more information about the _system_ database, see the sections on xref::administration/databases.adoc[Database management] and xref::administration/access-control/index.adoc[Access control]. === Query considerations diff --git a/modules/ROOT/pages/introduction/neo4j-databases-graphs.adoc b/modules/ROOT/pages/introduction/neo4j-databases-graphs.adoc index c656ad02e..5432dbbca 100644 --- a/modules/ROOT/pages/introduction/neo4j-databases-graphs.adoc +++ b/modules/ROOT/pages/introduction/neo4j-databases-graphs.adoc @@ -46,7 +46,7 @@ A fresh installation of Neo4j includes two databases: * `system` - the system database described above, containing meta-data on the DBMS and security configuration. * `neo4j` - the default database, named using the config option `dbms.default_database=neo4j`. -For more information about the _system_ database, see the sections on xref::databases.adoc[Database management] and xref::access-control/index.adoc[Access control]. +For more information about the _system_ database, see the sections on xref::/administration/databases.adoc[Database management] and xref::administration/access-control/index.adoc[Access control]. == Different editions of Neo4j @@ -60,7 +60,7 @@ However, it is worth listing up-front the key areas that are not supported in th |=== | Feature | Enterprise | Community -| xref::databases.adoc[Multi-database] +| xref::administration/databases.adoc[Multi-database] a| Any number of user databases. a| @@ -68,9 +68,9 @@ Only `system` and one user database. | Role-based security a| -User, role, and privilege management for flexible xref::access-control/index.adoc[access control] and xref::access-control/manage-privileges.adoc[sub-graph access control]. +User, role, and privilege management for flexible xref::administration/access-control/index.adoc[access control] and xref::administration/access-control/manage-privileges.adoc[sub-graph access control]. a| -xref::access-control/manage-users.adoc[Multi-user management]. +xref::administration/access-control/manage-users.adoc[Multi-user management]. All users have full access rights. | Constraints diff --git a/modules/ROOT/pages/keyword-glossary.adoc b/modules/ROOT/pages/keyword-glossary.adoc index e5dd0f0a9..a3bf84cc4 100644 --- a/modules/ROOT/pages/keyword-glossary.adoc +++ b/modules/ROOT/pages/keyword-glossary.adoc @@ -1076,179 +1076,179 @@ The following commands are only executable against the `system` database: |=== | Command | Admin category | Description -| xref::aliases.adoc#alias-management-alter-database-alias[ALTER ALIAS ... [IF EXISTS\] SET DATABASE ...] +| xref::administration/aliases.adoc#alias-management-alter-database-alias[ALTER ALIAS ... [IF EXISTS\] SET DATABASE ...] | Database alias | Modifies a database alias. -| xref::access-control/manage-users.adoc#access-control-alter-password[ALTER CURRENT USER SET PASSWORD FROM ... TO] +| xref::administration/access-control/manage-users.adoc#access-control-alter-password[ALTER CURRENT USER SET PASSWORD FROM ... TO] | User and role | Change the password of the user that is currently logged in. -| xref:databases.adoc#administration-databases-alter-database[ALTER DATABASE ... [IF EXISTS\] [SET ACCESS {READ ONLY \| READ WRITE}\] [SET TOPOLOGY n PRIMAR{Y\|IES} [m SECONDAR{Y\|IES}\]\]] +| xref::administration/databases.adoc#administration-databases-alter-database[ALTER DATABASE ... [IF EXISTS\] [SET ACCESS {READ ONLY \| READ WRITE}\] [SET TOPOLOGY n PRIMAR{Y\|IES} [m SECONDAR{Y\|IES}\]\] [WAIT [n [SEC[OND[S\]\]\]\]\|NOWAIT\]] | Database | Modifies the database access mode and / or topology. -| xref::access-control/manage-servers.adoc#server-management-syntax[ALTER SERVER ... [SET OPTIONS\] {...}] +| xref::administration/servers.adoc#server-management-syntax[ALTER SERVER ... [SET OPTIONS\] {...}] | Server management | Modifies the options for a server. -| xref::access-control/manage-users.adoc#access-control-alter-users[ALTER USER ... [IF EXISTS\] [SET [PLAINTEXT \| ENCRYPTED\] PASSWORD {password [CHANGE [NOT\] REQUIRED\] \| CHANGE [NOT\] REQUIRED}\] [SET STATUS {ACTIVE \| SUSPENDED}\] [SET HOME DATABASE name\] [REMOVE HOME DATABASE\]] +| xref::administration/access-control/manage-users.adoc#access-control-alter-users[ALTER USER ... [IF EXISTS\] [SET [PLAINTEXT \| ENCRYPTED\] PASSWORD {password [CHANGE [NOT\] REQUIRED\] \| CHANGE [NOT\] REQUIRED}\] [SET STATUS {ACTIVE \| SUSPENDED}\] [SET HOME DATABASE name\] [REMOVE HOME DATABASE\]] | User and role | Changes a user account. Changes can include setting a new password, setting the account status, setting or removing home database and enabling that the user should change the password upon next login. -| xref::aliases.adoc#alias-management-create-database-alias[CREATE [OR REPLACE\] ALIAS ... [IF NOT EXISTS\] FOR DATABASE ...] +| xref::administration/aliases.adoc#alias-management-create-database-alias[CREATE [OR REPLACE\] ALIAS ... [IF NOT EXISTS\] FOR DATABASE ...] | Database alias | Creates a new database alias. -| xref::databases.adoc#administration-databases-create-composite-database[CREATE [OR REPLACE\] COMPOSITE DATABASE ... [IF NOT EXISTS\] [OPTIONS {}\] [WAIT [n [SEC[OND[S\]\]\]\]\|NOWAIT\]] +| xref::administration/databases.adoc#administration-databases-create-composite-database[CREATE [OR REPLACE\] COMPOSITE DATABASE ... [IF NOT EXISTS\] [OPTIONS {}\] [WAIT [n [SEC[OND[S\]\]\]\]\|NOWAIT\]] | Database | Creates a new composite database. -| xref:databases.adoc#administration-databases-create-database[CREATE [OR REPLACE\] DATABASE ... [IF NOT EXISTS\] [TOPOLOGY n PRIMAR{Y\|IES} [m SECONDAR{Y\|IES}\]\] [OPTIONS {optionKey: optionValue[, ...\]}\] [WAIT [n [SEC[OND[S\]\]\]\]\|NOWAIT\]] +| xref:administration/databases.adoc#administration-databases-create-database[CREATE [OR REPLACE\] DATABASE ... [IF NOT EXISTS\] [TOPOLOGY n PRIMAR{Y\|IES} [m SECONDAR{Y\|IES}\]\] [OPTIONS {optionKey: optionValue[, ...\]}\] [WAIT [n [SEC[OND[S\]\]\]\]\|NOWAIT\]] | Database | Creates a new database. -| xref::access-control/manage-roles.adoc#access-control-create-roles[CREATE [OR REPLACE\] ROLE ... [IF NOT EXISTS\] [AS COPY OF\]] +| xref::administration/access-control/manage-roles.adoc#access-control-create-roles[CREATE [OR REPLACE\] ROLE ... [IF NOT EXISTS\] [AS COPY OF\]] | User and role | Creates new roles. -| xref::access-control/manage-users.adoc#access-control-create-users[CREATE [OR REPLACE\] USER ... [IF NOT EXISTS\] SET [PLAINTEXT \| ENCRYPTED\] PASSWORD ... [[SET PASSWORD\] CHANGE [NOT\] REQUIRED\] [SET STATUS {ACTIVE \| SUSPENDED}\] [SET HOME DATABASE name\]] +| xref::administration/access-control/manage-users.adoc#access-control-create-users[CREATE [OR REPLACE\] USER ... [IF NOT EXISTS\] SET [PLAINTEXT \| ENCRYPTED\] PASSWORD ... [[SET PASSWORD\] CHANGE [NOT\] REQUIRED\] [SET STATUS {ACTIVE \| SUSPENDED}\] [SET HOME DATABASE name\]] | User and role | Creates a new user and sets the password for the new account. Optionally the account status and home database can also be set and if the user should change the password upon first login. -| xref::access-control/manage-servers.adoc#server-management-deallocate[DEALLOCATE DATABASE(S) FROM SERVER(S) ...] +| xref::administration/servers.adoc#server-management-deallocate[DEALLOCATE DATABASE(S) FROM SERVER(S) ...] | Server management | Removes databases from the specified servers. -| xref:access-control/database-administration.adoc[DENY [IMMUTABLE\] ... ON DATABASE ... TO] +| xref:administration/access-control/database-administration.adoc[DENY [IMMUTABLE\] ... ON DATABASE ... TO] | Privilege | Denies a database or schema privilege to one or multiple roles. -| xref:access-control/dbms-administration.adoc[DENY [IMMUTABLE\] ... ON DBMS TO] +| xref:administration/access-control/dbms-administration.adoc[DENY [IMMUTABLE\] ... ON DBMS TO] | Privilege | Denies a DBMS privilege to one or multiple roles. -| xref:access-control/manage-privileges.adoc#access-control-graph-privileges[DENY [IMMUTABLE\] ... ON GRAPH ... [NODES \| RELATIONSHIPS \| ELEMENTS\] ... TO] +| xref:administration/access-control/manage-privileges.adoc#access-control-graph-privileges[DENY [IMMUTABLE\] ... ON GRAPH ... [NODES \| RELATIONSHIPS \| ELEMENTS\] ... TO] | Privilege | Denies a graph privilege for one or multiple specified elements to one or multiple roles. -| xref::aliases.adoc#alias-management-drop-database-alias[DROP ALIAS ... [IF EXISTS\] FOR DATABASE] +| xref::administration/aliases.adoc#alias-management-drop-database-alias[DROP ALIAS ... [IF EXISTS\] FOR DATABASE] | Database alias | Deletes a specified database alias. -| xref::databases.adoc#administration-databases-drop-database[DROP COMPOSITE DATABASE ... [IF EXISTS\] [DUMP DATA \| DESTROY DATA\] [WAIT [n [SEC[OND[S\]\]\]\]\|NOWAIT\]] +| xref::administration/databases.adoc#administration-databases-drop-database[DROP COMPOSITE DATABASE ... [IF EXISTS\] [DUMP DATA \| DESTROY DATA\] [WAIT [n [SEC[OND[S\]\]\]\]\|NOWAIT\]] | Database | Deletes a specified composite database. -| xref::databases.adoc#administration-databases-drop-database[DROP DATABASE ... [IF EXISTS\] [DUMP DATA \| DESTROY DATA\]] +| xref::administration/databases.adoc#administration-databases-drop-database[DROP DATABASE ... [IF EXISTS\] [DUMP DATA \| DESTROY DATA\]] | Database | Deletes a specified database (either standard or composite). -| xref::access-control/manage-roles.adoc#access-control-drop-roles[DROP ROLE ... [IF EXISTS\]] +| xref::administration/access-control/manage-roles.adoc#access-control-drop-roles[DROP ROLE ... [IF EXISTS\]] | User and role | Deletes a specified role. -| xref::access-control/manage-servers.adoc#server-management-drop-server[DROP SERVER ...] +| xref::administration/servers.adoc#server-management-drop-server[DROP SERVER ...] | Server management | Removes a specified server. -| xref::access-control/manage-users.adoc#access-control-drop-users[DROP USER ... [IF EXISTS\]] +| xref::administration/access-control/manage-users.adoc#access-control-drop-users[DROP USER ... [IF EXISTS\]] | User and role | Deletes a specified user. -| xref::access-control/manage-servers.adoc#server-management-enable-server[ENABLE SERVER [OPTIONS\]] +| xref::administration/servers.adoc#server-management-enable-server[ENABLE SERVER [OPTIONS\]] | Server management | Enables a specified server. -| xref:access-control/database-administration.adoc[GRANT [IMMUTABLE\] ... ON DATABASE ... TO] +| xref:administration/access-control/database-administration.adoc[GRANT [IMMUTABLE\] ... ON DATABASE ... TO] | Privilege | Assigns a database or schema privilege to one or multiple roles. -| xref:access-control/dbms-administration.adoc[GRANT [IMMUTABLE\] ... ON DBMS TO] +| xref:administration/access-control/dbms-administration.adoc[GRANT [IMMUTABLE\] ... ON DBMS TO] | Privilege | Assigns a DBMS privilege to one or multiple roles. -| xref:access-control/manage-privileges.adoc#access-control-graph-privileges[GRANT [IMMUTABLE\] ... ON GRAPH ... [NODES \| RELATIONSHIPS \| ELEMENTS\] ... TO] +| xref:administration/access-control/manage-privileges.adoc#access-control-graph-privileges[GRANT [IMMUTABLE\] ... ON GRAPH ... [NODES \| RELATIONSHIPS \| ELEMENTS\] ... TO] | Privilege | Assigns a graph privilege for one or multiple specified elements to one or multiple roles. -| xref:access-control/manage-roles.adoc#access-control-assign-roles[GRANT [IMMUTABLE\] ROLE[S\] ... TO] +| xref:administration/access-control/manage-roles.adoc#access-control-assign-roles[GRANT [IMMUTABLE\] ROLE[S\] ... TO] | User and role | Assigns one or multiple roles to one or multiple users. -| xref::access-control/manage-servers.adoc#server-management-reallocate[REALLOCATE DATABASE(S)] +| xref::administration/servers.adoc#server-management-reallocate[REALLOCATE DATABASE(S)] | Server management | Re-balance databases among all servers. -| xref::access-control/manage-roles.adoc#access-control-rename-roles[RENAME ROLE ... [IF EXISTS\] TO ...] +| xref::administration/access-control/manage-roles.adoc#access-control-rename-roles[RENAME ROLE ... [IF EXISTS\] TO ...] | User and role | Changes the name of a role. -| xref::access-control/manage-users.adoc#access-control-rename-users[RENAME USER ... [IF EXISTS\] TO ...] +| xref::administration/access-control/manage-users.adoc#access-control-rename-users[RENAME USER ... [IF EXISTS\] TO ...] | User and role | Changes the name of a user. -| xref:access-control/database-administration.adoc[REVOKE [IMMUTABLE\] [GRANT \| DENY\] ... ON DATABASE ... FROM] +| xref:administration/access-control/database-administration.adoc[REVOKE [IMMUTABLE\] [GRANT \| DENY\] ... ON DATABASE ... FROM] | Privilege | Removes a database or schema privilege from one or multiple roles. -| xref:access-control/dbms-administration.adoc[REVOKE [IMMUTABLE\] [GRANT \| DENY\] ... ON DBMS FROM] +| xref:administration/access-control/dbms-administration.adoc[REVOKE [IMMUTABLE\] [GRANT \| DENY\] ... ON DBMS FROM] | Privilege | Removes a DBMS privilege from one or multiple roles. -| xref:access-control/manage-privileges.adoc#access-control-revoke-privileges[REVOKE [IMMUTABLE\] [GRANT \| DENY\] ... ON GRAPH ... [NODES \| RELATIONSHIPS \| ELEMENTS\] ... FROM] +| xref:administration/access-control/manage-privileges.adoc#access-control-revoke-privileges[REVOKE [IMMUTABLE\] [GRANT \| DENY\] ... ON GRAPH ... [NODES \| RELATIONSHIPS \| ELEMENTS\] ... FROM] | Privilege | Removes a graph privilege for one or multiple specified elements from one or multiple roles. -| xref::access-control/manage-roles.adoc#access-control-revoke-roles[REVOKE ROLE[S\] ... FROM] +| xref::administration/access-control/manage-roles.adoc#access-control-revoke-roles[REVOKE ROLE[S\] ... FROM] | User and role | Removes one or multiple roles from one or multiple users. -| xref::aliases.adoc#alias-management-show-alias[SHOW ALIASES FOR DATABASE] +| xref::administration/aliases.adoc#alias-management-show-alias[SHOW ALIASES FOR DATABASE] | Database alias | Returns information about all aliases, optionally including driver settings. -| xref::access-control/manage-roles.adoc#access-control-list-roles[SHOW [ALL \| POPULATED\] ROLES [WITH USERS\]] +| xref::administration/access-control/manage-roles.adoc#access-control-list-roles[SHOW [ALL \| POPULATED\] ROLES [WITH USERS\]] | User and role | Returns information about all or populated roles, optionally including the assigned users. -| xref::databases.adoc#administration-databases-show-databases[SHOW DATABASE] +| xref::administration/databases.adoc#administration-databases-show-databases[SHOW DATABASE] | Database | Returns information about a specified database. -| xref::databases.adoc#administration-databases-show-databases[SHOW DATABASES] +| xref::administration/databases.adoc#administration-databases-show-databases[SHOW DATABASES] | Database | Returns information about all databases. -| xref::access-control/manage-servers.adoc#server-management-show-servers[SHOW SERVERS] +| xref::administration/servers.adoc#server-management-show-servers[SHOW SERVERS] | Server management | Returns information about all servers. -| xref::databases.adoc#administration-databases-show-databases[SHOW DEFAULT DATABASE] +| xref::administration/databases.adoc#administration-databases-show-databases[SHOW DEFAULT DATABASE] | Database | Returns information about the default database. -| xref::databases.adoc#administration-databases-show-databases[SHOW HOME DATABASE] +| xref::administration/databases.adoc#administration-databases-show-databases[SHOW HOME DATABASE] | Database | Returns information about the current users home database. -| xref::access-control/manage-roles.adoc#access-control-list-roles[SHOW [ROLE ... \| USER ... \| ALL \] PRIVILEGES [AS [REVOKE\] COMMAND[S\]\]] +| xref::administration/access-control/manage-roles.adoc#access-control-list-roles[SHOW [ROLE ... \| USER ... \| ALL \] PRIVILEGES [AS [REVOKE\] COMMAND[S\]\]] | Privilege | Returns information about role, user or all privileges. -| xref::access-control/manage-users.adoc#access-control-list-users[SHOW USERS] +| xref::administration/access-control/manage-users.adoc#access-control-list-users[SHOW USERS] | User and role | Returns information about all users. -| xref::databases.adoc#administration-databases-start-database[START DATABASE] +| xref::administration/databases.adoc#administration-databases-start-database[START DATABASE] | Database | Starts up a specified database. -| xref::databases.adoc#administration-databases-stop-database[STOP DATABASE] +| xref::administration/databases.adoc#administration-databases-stop-database[STOP DATABASE] | Database | Stops a specified database. @@ -1262,295 +1262,295 @@ Optionally the account status and home database can also be set and if the user |=== | Name | Category | Description -| xref::access-control/database-administration.adoc#access-control-database-administration-access[ACCESS] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-access[ACCESS] | Database | Determines whether a user can access a specific database. -| xref::access-control/database-administration.adoc#access-control-database-administration-all[ALL DATABASE PRIVILEGES] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-all[ALL DATABASE PRIVILEGES] | Database and schema | Determines whether a user is allowed to access, create, drop, and list indexes and constraints, create new labels, types and property names on a specific database. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-all[ALL DBMS PRIVILEGES] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-all[ALL DBMS PRIVILEGES] | DBMS | Determines whether a user is allowed to perform role, user, database and privilege management. -| xref::access-control/privileges-writes.adoc#access-control-privileges-writes-all[ALL GRAPH PRIVILEGES] +| xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-all[ALL GRAPH PRIVILEGES] | GRAPH | Determines whether a user is allowed to perform reads and writes. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[ALTER ALIAS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[ALTER ALIAS] | DBMS | Determines whether the user can modify aliases. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[ALTER DATABASE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[ALTER DATABASE] | DBMS | Determines whether the user can modify databases and aliases. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[ALTER USER] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[ALTER USER] | DBMS | Determines whether the user can modify users. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[ASSIGN PRIVILEGE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[ASSIGN PRIVILEGE] | DBMS | Determines whether the user can assign privileges using the `GRANT` and `DENY` commands. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[ASSIGN ROLE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[ASSIGN ROLE] | DBMS | Determines whether the user can grant roles. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[COMPOSITE DATABASE MANAGEMENT] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[COMPOSITE DATABASE MANAGEMENT] | DBMS | Determines whether the user can create and delete composite databases. -| xref::access-control/database-administration.adoc#access-control-database-administration-constraints[CONSTRAINT MANAGEMENT] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-constraints[CONSTRAINT MANAGEMENT] | Schema | Determines whether a user is allowed to create, drop, and list constraints on a specific database. -| xref::access-control/privileges-writes.adoc#access-control-privileges-writes-create[CREATE] +| xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-create[CREATE] | GRAPH | Determines whether the user can create a new element (node, relationship or both). -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[CREATE ALIAS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[CREATE ALIAS] | DBMS | Determines whether the user can create new aliases. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[CREATE COMPOSITE DATABASE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[CREATE COMPOSITE DATABASE] | DBMS | Determines whether the user can create new composite databases. -| xref::access-control/database-administration.adoc#access-control-database-administration-constraints[CREATE CONSTRAINT] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-constraints[CREATE CONSTRAINT] | Schema | Determines whether a user is allowed to create constraints on a specific database. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[CREATE DATABASE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[CREATE DATABASE] | DBMS | Determines whether the user can create new databases and aliases. -| xref::access-control/database-administration.adoc#access-control-database-administration-index[CREATE INDEX] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-index[CREATE INDEX] | Schema | Determines whether a user is allowed to create indexes on a specific database. -| xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW NODE LABEL] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW NODE LABEL] | Schema | Determines whether a user is allowed to create new node labels on a specific database. -| xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW PROPERTY NAME] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW PROPERTY NAME] | Schema | Determines whether a user is allowed to create new property names on a specific database. -| xref::access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW RELATIONSHIP TYPE] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[CREATE NEW RELATIONSHIP TYPE] | Schema | Determines whether a user is allowed to create new relationship types on a specific database. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[CREATE ROLE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[CREATE ROLE] | DBMS | Determines whether the user can create new roles. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[CREATE USER] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[CREATE USER] | DBMS | Determines whether the user can create new users. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[ALIAS MANAGEMENT] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[ALIAS MANAGEMENT] | DBMS | Determines whether the user can create, delete, modify and list aliases. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[DATABASE MANAGEMENT] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[DATABASE MANAGEMENT] | DBMS | Determines whether the user can create, delete, and modify databases and aliases. -| xref::access-control/privileges-writes.adoc#access-control-privileges-writes-delete[DELETE] +| xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-delete[DELETE] | GRAPH | Determines whether the user can delete an element (node, relationship or both). -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[DROP ALIAS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[DROP ALIAS] | DBMS | Determines whether the user can delete aliases. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[DROP COMPOSITE DATABASE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[DROP COMPOSITE DATABASE] | DBMS | Determines whether the user can delete composite databases. -| xref::access-control/database-administration.adoc#access-control-database-administration-constraints[DROP CONSTRAINT] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-constraints[DROP CONSTRAINT] | Schema | Determines whether a user is allowed to drop constraints on a specific database. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[DROP DATABASE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[DROP DATABASE] | DBMS | Determines whether the user can delete databases and aliases. -| xref::access-control/database-administration.adoc#access-control-database-administration-index[DROP INDEX] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-index[DROP INDEX] | Schema | Determines whether a user is allowed to drop indexes on a specific database. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DROP ROLE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[DROP ROLE] | DBMS | Determines whether the user can delete roles. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DROP USER] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[DROP USER] | DBMS | Determines whether the user can delete users. -| xref::access-control/dbms-administration.adoc#access-control-admin-procedure[EXECUTE ADMIN PROCEDURE] +| xref::administration/access-control/dbms-administration.adoc#access-control-admin-procedure[EXECUTE ADMIN PROCEDURE] | DBMS | Determines whether the user can execute admin procedures. -| xref::access-control/dbms-administration.adoc#access-control-execute-boosted-user-defined-function[EXECUTE BOOSTED FUNCTION] +| xref::administration/access-control/dbms-administration.adoc#access-control-execute-boosted-user-defined-function[EXECUTE BOOSTED FUNCTION] | DBMS | Determines whether the user gets elevated privileges when executing functions. -| xref::access-control/dbms-administration.adoc#access-control-execute-boosted-procedure[EXECUTE BOOSTED PROCEDURE] +| xref::administration/access-control/dbms-administration.adoc#access-control-execute-boosted-procedure[EXECUTE BOOSTED PROCEDURE] | DBMS | Determines whether the user gets elevated privileges when executing procedures. -| xref::access-control/dbms-administration.adoc#access-control-execute-user-defined-function[EXECUTE FUNCTION] +| xref::administration/access-control/dbms-administration.adoc#access-control-execute-user-defined-function[EXECUTE FUNCTION] | DBMS | Determines whether the user can execute functions. -| xref::access-control/dbms-administration.adoc#access-control-execute-procedure[EXECUTE PROCEDURE] +| xref::administration/access-control/dbms-administration.adoc#access-control-execute-procedure[EXECUTE PROCEDURE] | DBMS | Determines whether the user can execute procedures. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-impersonation[IMPERSONATE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-impersonation[IMPERSONATE] | DBMS | Determines whether a user can impersonate another one and assume their privileges. -| xref::access-control/database-administration.adoc#access-control-database-administration-index[INDEX MANAGEMENT] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-index[INDEX MANAGEMENT] | Schema | Determines whether a user is allowed to create, drop, and list indexes on a specific database. -| xref::access-control/database-administration.adoc#access-control-database-administration-index[MATCH] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-index[MATCH] | GRAPH | Determines whether the properties of an element (node, relationship or both) can be read and the element can be found and traversed while executing queries on the specified graph. -| xref::access-control/privileges-writes.adoc#access-control-privileges-writes-merge[MERGE] +| xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-merge[MERGE] | GRAPH | Determines whether the user can find, read, create and set properties on an element (node, relationship or both). -| xref::access-control/database-administration.adoc#access-control-database-administration-tokens[NAME MANAGEMENT] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-tokens[NAME MANAGEMENT] | Schema | Determines whether a user is allowed to create new labels, types and property names on a specific database. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[PRIVILEGE MANAGEMENT] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[PRIVILEGE MANAGEMENT] | DBMS | Determines whether the user can show, assign and remove privileges. -| xref::access-control/privileges-reads.adoc#access-control-privileges-reads-read[READ] +| xref::administration/access-control/privileges-reads.adoc#access-control-privileges-reads-read[READ] | GRAPH | Determines whether the properties of an element (node, relationship or both) can be read while executing queries on the specified graph. -| xref::access-control/privileges-writes.adoc#access-control-privileges-writes-remove-label[REMOVE LABEL] +| xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-remove-label[REMOVE LABEL] | GRAPH | Determines whether the user can remove a label from a node using the `REMOVE` clause. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[REMOVE PRIVILEGE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[REMOVE PRIVILEGE] | DBMS | Determines whether the user can remove privileges using the `REVOKE` command. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[REMOVE ROLE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[REMOVE ROLE] | DBMS | Determines whether the user can revoke roles. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[RENAME ROLE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[RENAME ROLE] | DBMS | Determines whether the user can rename roles. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[RENAME USER] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[RENAME USER] | DBMS | Determines whether the user can rename users. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[ROLE MANAGEMENT] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[ROLE MANAGEMENT] | DBMS | Determines whether the user can create, drop, grant, revoke and show roles. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SERVER MANAGEMENT] | DBMS | Determines whether the user can enable, alter, rename, reallocate, deallocate, drop, and show servers. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[SET DATABASE ACCESS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-database-management[SET DATABASE ACCESS] | DBMS | Determines whether the user can modify the database access mode. -| xref::access-control/privileges-writes.adoc#access-control-privileges-writes-set-label[SET LABEL] +| xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-set-label[SET LABEL] | GRAPH | Determines whether the user can set a label to a node using the SET clause. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[SET PASSWORDS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[SET PASSWORDS] | DBMS | Determines whether the user can modify users' passwords and whether those passwords must be changed upon first login. -| xref::access-control/privileges-writes.adoc#access-control-privileges-writes-set-property[SET PROPERTY] +| xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-set-property[SET PROPERTY] | GRAPH | Determines whether the user can set a property to an element (node, relationship or both) using the SET clause. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[SET USER HOME DATABASE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[SET USER HOME DATABASE] | DBMS | Determines whether the user can modify the home database of users. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[SET USER STATUS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[SET USER STATUS] | DBMS | Determines whether the user can modify the account status of users. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[SHOW ALIAS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-alias-management[SHOW ALIAS] | DBMS | Determines whether the user is allowed to list aliases. -| xref::access-control/database-administration.adoc#access-control-database-administration-constraints[SHOW CONSTRAINT] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-constraints[SHOW CONSTRAINT] | Schema | Determines whether the user is allowed to list constraints. -| xref::access-control/database-administration.adoc#access-control-database-administration-index[SHOW INDEX] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-index[SHOW INDEX] | Schema | Determines whether the user is allowed to list indexes. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[SHOW PRIVILEGE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-privilege-management[SHOW PRIVILEGE] | DBMS | Determines whether the user can get information about privileges assigned to users and roles. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[SHOW ROLE] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-role-management[SHOW ROLE] | DBMS | Determines whether the user can get information about existing and assigned roles. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SHOW SERVERS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-server-management[SHOW SERVERS] | DBMS | Determines whether the user can get information about servers. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-setting[SHOW SETTINGS] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-setting[SHOW SETTINGS] | DBMS | Determines whether the user can get information about configuration settings. -| xref::access-control/database-administration.adoc#access-control-database-administration-transaction[SHOW TRANSACTION] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-transaction[SHOW TRANSACTION] | Database | Determines whether a user is allowed to list transactions and queries. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[SHOW USER] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[SHOW USER] | DBMS | Determines whether the user can get information about existing users. -| xref::access-control/database-administration.adoc#access-control-database-administration-startstop[START] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-startstop[START] | Database | Determines whether a user can start up a specific database. -| xref::access-control/database-administration.adoc#access-control-database-administration-startstop[STOP] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-startstop[STOP] | Database | Determines whether a user can stop a specific running database. -| xref::access-control/database-administration.adoc#access-control-database-administration-transaction[TERMINATE TRANSACTION] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-transaction[TERMINATE TRANSACTION] | Database | Determines whether a user is allowed to end running transactions and queries. -| xref::access-control/database-administration.adoc#access-control-database-administration-transaction[TRANSACTION MANAGEMENT] +| xref::administration/access-control/database-administration.adoc#access-control-database-administration-transaction[TRANSACTION MANAGEMENT] | Database | Determines whether a user is allowed to list and end running transactions and queries. -| xref::access-control/privileges-reads.adoc#access-control-privileges-reads-traverse[TRAVERSE] +| xref::administration/access-control/privileges-reads.adoc#access-control-privileges-reads-traverse[TRAVERSE] | GRAPH | Determines whether an element (node, relationship or both) can be found and traversed while executing queries on the specified graph. -| xref::access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[USER MANAGEMENT] +| xref::administration/access-control/dbms-administration.adoc#access-control-dbms-administration-user-management[USER MANAGEMENT] | DBMS | Determines whether the user can create, drop, modify and show users. -| xref::access-control/privileges-writes.adoc#access-control-privileges-writes-write[WRITE] +| xref::administration/access-control/privileges-writes.adoc#access-control-privileges-writes-write[WRITE] | GRAPH | Determines whether the user can execute write operations on the specified graph. From 242feef6ba1385782f4bdf7edc1e36b606a60bdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jens=20Pryce-=C3=85klundh?= <112686610+JPryce-Aklundh@users.noreply.github.com> Date: Tue, 11 Apr 2023 11:21:09 +0200 Subject: [PATCH 2/2] fix example block --- modules/ROOT/pages/administration/aliases.adoc | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/modules/ROOT/pages/administration/aliases.adoc b/modules/ROOT/pages/administration/aliases.adoc index 37d870048..35f7b1f0e 100644 --- a/modules/ROOT/pages/administration/aliases.adoc +++ b/modules/ROOT/pages/administration/aliases.adoc @@ -511,19 +511,7 @@ The `IF NOT EXISTS` and `OR REPLACE` parts of this command cannot be used togeth [NOTE] ==== -<<<<<<< HEAD:modules/ROOT/pages/aliases.adoc -Database alias names are subject to the xref::syntax/naming.adoc[standard Cypher restrictions on valid identifiers]. - -The following naming rules apply: - -* A name is a valid identifier. -* Name length can be up to 65534 characters. -* Names cannot end with dots. -* Names that begin with an underscore or with the prefix `system` are reserved for internal use. -* Non-alphabetic characters, including numbers, symbols and whitespace characters, can be used in names, but must be escaped using backticks. -======= Database alias names are subject to the rules specified in the xref:administration/alias-management-escaping[Alias names and escaping] section. ->>>>>>> 6740b28 (New Administration chapter (#494)):modules/ROOT/pages/administration/aliases.adoc ==== [[database-management-create-local-database-alias]]