neo4j · renetapopova · Feb 10, 2025 · Feb 10, 2025
diff --git a/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc b/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc
@@ -34,9 +34,16 @@ For more details about the syntax descriptions, see xref:database-administration
 ====
 
 [[access-control-graph-privileges]]
-== Graph privilege commands (`GRANT`, `DENY`, and `REVOKE`)
+== Graph privilege commands
+
+Administrators can use the Cypher commands `GRANT`, `DENY`, and `REVOKE` to manage Neo4j graph administrative rights.
+These commands can be used to grant or deny privileges to roles, and to revoke previously granted or denied privileges.
+The privileges can be granted or denied on the entire graph or specific elements within the graph.
+The privileges can also be made immutable, which means they cannot be granted, denied, or revoked unless auth is disabled.
+
+[[components-of-the-graph-privilege-commands]]
+=== Components of the graph privilege commands
 
-Administrators can use Cypher commands to manage Neo4j graph administrative rights.
 The components of the graph privilege commands are:
 
 * _the command_:
@@ -87,6 +94,9 @@ See xref:authentication-authorization/privileges-writes.adoc[Write privileges] f
 * _role[, ...]_
 ** The role or roles to associate the privilege with, comma-separated.
 
+[[general-syntax-for-graph-privilege-commands]]
+=== General syntax for graph privilege commands
+
 .General grant +ON GRAPH+ privilege syntax
 [cols="<15s,<85"]
 |===

diff --git a/modules/ROOT/pages/authentication-authorization/privileges-reads.adoc b/modules/ROOT/pages/authentication-authorization/privileges-reads.adoc
@@ -17,10 +17,7 @@ There are three separate read privileges:
 * xref:authentication-authorization/privileges-reads.adoc#access-control-privileges-reads-read[`READ`] - enables the specified properties of the found entities to be read.
 * xref:authentication-authorization/privileges-reads.adoc#access-control-privileges-reads-match[`MATCH`] - combines both `TRAVERSE` and `READ`, enabling an entity to be found and its properties read.
 
-[NOTE]
-====
-For more details about the syntax descriptions, see xref:database-administration/syntax.adoc[].
-====
+For more details about how to read the administration commands syntax, see xref:database-administration/syntax.adoc#administration-syntax-reading[Reading the administration commands syntax] and xref:authentication-authorization/manage-privileges.adoc#components-of-the-graph-privilege-commands[Components of the graph privilege commands].
 
 [[access-control-privileges-reads-traverse]]
 == The `TRAVERSE` privilege

diff --git a/modules/ROOT/pages/authentication-authorization/privileges-writes.adoc b/modules/ROOT/pages/authentication-authorization/privileges-writes.adoc
@@ -25,10 +25,7 @@ There are also compound privileges that combine the above specific privileges:
 * <<access-control-privileges-writes-write, `WRITE`>> - allows all `WRITE` operations on an entire graph.
 * <<access-control-privileges-writes-all, `ALL GRAPH PRIVILEGES`>> - allows all `READ` and `WRITE` operations on an entire graph.
 
-[NOTE]
-====
-For more details about the syntax descriptions, see xref:database-administration/syntax.adoc[].
-====
+For more details about how to read the administration commands syntax, see xref:database-administration/syntax.adoc#administration-syntax-reading[Reading the administration commands syntax] and xref:authentication-authorization/manage-privileges.adoc#components-of-the-graph-privilege-commands[Components of the graph privilege commands].
 
 [[access-control-privileges-writes-create]]
 == The `CREATE` privilege

diff --git a/modules/ROOT/pages/database-administration/syntax.adoc b/modules/ROOT/pages/database-administration/syntax.adoc
@@ -47,7 +47,8 @@ In this case, you will get either `+{ * }+` or `+{ name }+`.
 
 The special characters in the table above are the only ones that need to be escaped using `"` in the syntax summaries.
 
-Here is an example that uses all the special characters. It grants the `READ` privilege:
+Here is an example that uses all the special characters.
+It grants the `READ` privilege:
 
 [source, syntax, role="noheader"]
 ----
@@ -62,6 +63,7 @@ GRANT READ
 
 Note that this command includes `+{+` and `+}+` in the syntax, and between them there can be a grouping of properties or the character `+*+`.
 It also has multiple optional parts, including the entity part of the command which is the grouping following the graph name.
+For details about the graph privilege commands syntax, see xref:/authentication-authorization/manage-privileges.adoc#components-of-the-graph-privilege-commands[Components of the graph privilege commands].
 
 However, there is no need to escape any characters when creating a constraint for a node property.
 This is because `(` and `)` are not special characters, and `[` and `]` indicate that the constraint name and the `IF NOT EXISTS` parts are optional, and therefore not part of the command.