Add documentation for the alter database privileges on database level #2490
Conversation
|
|
||
| image::privileges_hierarchy_database.svg[title="Database privileges hierarchy"] | ||
| // TODO: do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure | ||
| image::privileges_hierarchy_database.svg[width="800", title="Database privileges hierarchy"] |
There was a problem hiding this comment.
do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
|
|
||
| image::privileges_grant_and_deny_syntax_database_privileges.svg[title="Syntax of GRANT and DENY Database Privileges"] | ||
| // TODO: do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure | ||
| image::privileges_grant_and_deny_syntax_database_privileges.svg[width="800", title="Syntax of GRANT and DENY Database Privileges"] |
There was a problem hiding this comment.
do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure
| ---- | ||
|
|
||
| For example, to deny the role `regularUsers` the ability to start to the database `neo4j`, use: | ||
| For example, to deny the role `regularUsers` the ability to start to the database `system`, use: |
There was a problem hiding this comment.
the example query had system... (even if starting and stopping system isn't really a thing I think)
There was a problem hiding this comment.
Maybe it's better to update the example to use neo4j?
There was a problem hiding this comment.
maybe, but it would require more changes as that also affects the show output and such 🤷 I decided to start with the smallest change to fix it as it wasn't what I was updating the docs for
| ---- | ||
|
|
||
| For example, to deny the role `regularUsers` the ability to stop the database `neo4j`, use: | ||
| For example, to deny the role `regularUsers` the ability to stop the database `system`, use: |
There was a problem hiding this comment.
the example query had system... (even if starting and stopping system isn't really a thing I think)
There was a problem hiding this comment.
As above, I don't think we want an example that doesn't work .
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
|
|
||
| |=== | ||
|
|
||
| From Cypher 25, the `ALTER DATABASE`, `SET DATABASE ACCESS`, `SET DATABASE DEFAULT LANGUAGE`, and `ALTER COMPOSITE DATABASE` privileges can be granted both as database privileges and as DBMS privileges. |
There was a problem hiding this comment.
- is this a good enough marker for when it was introduced?
- does it also need neo4j version?
I assume whatever the answer is here that it should also apply to the other ones in this file
There was a problem hiding this comment.
- probably? but how do we nicely fit that in? (or do we only say 2025.08 instead of Cypher 25?)
There was a problem hiding this comment.
Perhaps it should be implicit that if it's new in 2025.08 it will be in in Cypher 25 only, since we don't add new stuff to Cypher 5 anymore. But this is a new process, I'm not sure if users would understand it yet. But it's probably for the docs team to decide.
| |=== | ||
|
|
||
| [role=label--new-2025.08] | ||
| .Database privilege syntax |
There was a problem hiding this comment.
Do we want to also mark it as Cypher 25 only, and if so how?
|
|
||
| [role=label--new-2025.08] | ||
| [[access-control-database-administration-alter-db]] | ||
| == The alter database related privileges |
There was a problem hiding this comment.
Do we want to also mark it as Cypher 25 only, and if so how?
| |=== | ||
|
|
||
| [role=label--new-2025.08] | ||
| .Database privilege syntax |
There was a problem hiding this comment.
Do we want to also mark it as Cypher 25 only, and if so how?
modules/ROOT/images/privileges_grant_and_deny_syntax_database_privileges.svg
Show resolved
Hide resolved
| ---- | ||
|
|
||
| For example, to deny the role `regularUsers` the ability to start to the database `neo4j`, use: | ||
| For example, to deny the role `regularUsers` the ability to start to the database `system`, use: |
There was a problem hiding this comment.
Maybe it's better to update the example to use neo4j?
| ---- | ||
|
|
||
| For example, to deny the role `regularUsers` the ability to stop the database `neo4j`, use: | ||
| For example, to deny the role `regularUsers` the ability to stop the database `system`, use: |
There was a problem hiding this comment.
As above, I don't think we want an example that doesn't work .
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Show resolved
Hide resolved
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
|
|
||
| |=== | ||
|
|
||
| From Cypher 25, the `ALTER DATABASE`, `SET DATABASE ACCESS`, `SET DATABASE DEFAULT LANGUAGE`, and `ALTER COMPOSITE DATABASE` privileges can be granted both as database privileges and as DBMS privileges. |
There was a problem hiding this comment.
Perhaps it should be implicit that if it's new in 2025.08 it will be in in Cypher 25 only, since we don't add new stuff to Cypher 5 anymore. But this is a new process, I'm not sure if users would understand it yet. But it's probably for the docs team to decide.
Since we moved them over from DBMS level (while still keeping the DBMS level syntax, just as another syntax for `DATABASE *`)
Still need to figure out if/how to mark them as cypher 25 as well
Co-authored-by: Mark Dixon <1756429+mnd999@users.noreply.github.com>
renetapopova
force-pushed
the
dev-move-alter-database-privileges
branch
from
c67b5df to
ee88244
Compare
| |=== | ||
|
|
||
| [role=label--new-2025.08] | ||
| .Database privilege syntax |
| |=== | ||
|
|
||
| [role=label--new-2025.08] | ||
| .Database privilege syntax |
| |=== | ||
|
|
||
|
|
||
| // TODO: do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure |
There was a problem hiding this comment.
I think one is enough.
There was a problem hiding this comment.
then maybe we should have removed the TODOs
|
Thanks for the documentation updates. The preview documentation has now been torn down - reopening this PR will republish it. |
|
|
||
| The hierarchy between the different database privileges is shown in the image below. | ||
|
|
||
| // TODO: do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure |
There was a problem hiding this comment.
nit: Should we do something about this TODO?
There was a problem hiding this comment.
Reneta answered on the other one that we probably only needed one image, so we should remove the TODOs
…neo4j#2490) Since we moved them over from DBMS level (while still keeping the DBMS level syntax, just as another syntax for `DATABASE *`) --------- Co-authored-by: Mark Dixon <1756429+mnd999@users.noreply.github.com> Co-authored-by: Reneta Popova <reneta.popova@neo4j.com>
Since we moved them over from DBMS level (while still keeping the DBMS level syntax, just as another syntax for
DATABASE *)