Data Access Permissions Scenario for Neo4j 4.0+

gistfile1.txt

/* Sample Data */
CREATE (mark:User { name: 'Mark' })
WITH mark
CREATE (mark)-[:PHONE]->(:Phone { number: '555-123-456' })
CREATE (mark)-[:SSN]->(:SSN { ssn: 'XYZ-ABC-DEFG' })
CREATE (mark)-[:ADDRESS]->(:Address {
    street: '123 Elm St',
    state: 'VA',
    zip: '23226'
})
CREATE (mark)-[:POST]->(:Post {
    content: 'My spouse is really mad at the fact that I have no sense of direction. So I packed up my stuff and right.'
})
CREATE (mark)-[:POST]->(:Post {
    content: "Did you know the first French fries weren't actually cooked in France? They were cooked in Greece."
});

/* Role Setup */
:use system
create role bi_user;
GRANT ACCESS ON DATABASE neo4j TO bi_user;
GRANT MATCH {*} ON GRAPH neo4j TO bi_user;
GRANT READ { * } ON GRAPH neo4j NODES User, Phone, Address TO bi_user;
GRANT TRAVERSE ON GRAPH neo4j RELATIONSHIPS PHONE, ADDRESS TO bi_user;
DENY TRAVERSE ON GRAPH neo4j RELATIONSHIPS SSN TO bi_user;
DENY READ { * } ON GRAPH neo4j NODES SSN to bi_user;

/* User creation and role assignment */
CREATE USER marketing_analyst SET PASSWORD 'secret' SET PASSWORD CHANGE NOT REQUIRED;
GRANT ROLE bi_user TO marketing_analyst;