Created
October 13, 2020 18:04
-
-
Save moxious/b7f28c3d439a062c4dfee95f92bb68ec to your computer and use it in GitHub Desktop.
Data Access Permissions Scenario for Neo4j 4.0+
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* Sample Data */ | |
CREATE (mark:User { name: 'Mark' }) | |
WITH mark | |
CREATE (mark)-[:PHONE]->(:Phone { number: '555-123-456' }) | |
CREATE (mark)-[:SSN]->(:SSN { ssn: 'XYZ-ABC-DEFG' }) | |
CREATE (mark)-[:ADDRESS]->(:Address { | |
street: '123 Elm St', | |
state: 'VA', | |
zip: '23226' | |
}) | |
CREATE (mark)-[:POST]->(:Post { | |
content: 'My spouse is really mad at the fact that I have no sense of direction. So I packed up my stuff and right.' | |
}) | |
CREATE (mark)-[:POST]->(:Post { | |
content: "Did you know the first French fries weren't actually cooked in France? They were cooked in Greece." | |
}); | |
/* Role Setup */ | |
:use system | |
create role bi_user; | |
GRANT ACCESS ON DATABASE neo4j TO bi_user; | |
GRANT MATCH {*} ON GRAPH neo4j TO bi_user; | |
GRANT READ { * } ON GRAPH neo4j NODES User, Phone, Address TO bi_user; | |
GRANT TRAVERSE ON GRAPH neo4j RELATIONSHIPS PHONE, ADDRESS TO bi_user; | |
DENY TRAVERSE ON GRAPH neo4j RELATIONSHIPS SSN TO bi_user; | |
DENY READ { * } ON GRAPH neo4j NODES SSN to bi_user; | |
/* User creation and role assignment */ | |
CREATE USER marketing_analyst SET PASSWORD 'secret' SET PASSWORD CHANGE NOT REQUIRED; | |
GRANT ROLE bi_user TO marketing_analyst; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment