Last active
June 26, 2022 08:54
-
-
Save rvanbruggen/ce6cee9c922004e5e7c7 to your computer and use it in GitHub Desktop.
Identity and Access Management
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // What is related, and how | |
| MATCH (a)-[r]->(b) | |
| WHERE labels(a) <> [] AND labels(b) <> [] | |
| RETURN DISTINCT head(labels(a)) AS This, type(r) as To, head(labels(b)) AS That | |
| LIMIT 20 | |
| //show me NeoTech | |
| match (n:Company {name:"Neo Technology"}) return n | |
| //show me NeoTech (excl Partners) | |
| match (n:Company {name:"Neo Technology"})-[r]-() | |
| where type(r) <> "PARTNER_OF" | |
| return n,r; | |
| //Show a file | |
| match (f:File)-[r]-(n) | |
| return f,r,n | |
| limit 1; | |
| //Questions to ask | |
| //How many files can a person see | |
| match (p:Person {first_name:"Rik", last_name:"Van Bruggen"})-[:IS_MEMBER]->(d:Department)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f:File) | |
| return count(f); | |
| //give me 10 files that Rik has access to | |
| match (p:Person {first_name:"Rik", last_name:"Van Bruggen"})-[:IS_MEMBER]->(d:Department)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f:File) | |
| return f.name, id(f) | |
| limit 10; | |
| //can a person access a file | |
| //this is a file that | |
| match (f:File) | |
| where id(f)=72977 | |
| with f | |
| match (p:Person {first_name:"Rik", last_name:"Van Bruggen"})-[:IS_MEMBER]->(d:Department)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f) | |
| return count(*) > 0 as hasAccess; | |
| match (f:File) | |
| where id(f)=129283 | |
| with f | |
| match (p:Person {first_name:"Rik", last_name:"Van Bruggen"})-[:IS_MEMBER]->(d:Department)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f) | |
| return count(*) > 0 as hasAccess; | |
| //here's a list of files that Rik has / does not have access to | |
| match (f:File),(p:Person {first_name:"Rik", last_name:"Van Bruggen"})-[:IS_MEMBER]->(d:Department)-[r:HAS_ACCESS]->(n) | |
| where not((f)-[:PART_OF*..3]->(n)) | |
| return id(f) | |
| limit 10 | |
| //how many people can see a File: follow PART_OF relationship to FileShare, and then check which department owns the Fileshare, and how many people work for that department | |
| match (f:File) | |
| where id(f)=72977 | |
| with f | |
| match (p:Person)-[:IS_MEMBER]->(d:Department)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f) | |
| return f.name, d.name, p.first_name, p.last_name; | |
| match (f:File) | |
| where id(f)=129283 | |
| with f | |
| match (p:Person)-[:IS_MEMBER]->(d:Department)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f) | |
| return f.name, d.name, p.first_name, p.last_name; | |
| //find the partners | |
| match (n:Company {name:"Neo Technology"})-[:PARTNER_OF]-(m) return m limit 5 | |
| //what files of Neo Technology do its partners have access to | |
| match (neo:Company {name:"Neo Technology"})<-[:PARTNER_OF]-(partner:Company)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f:File) | |
| with f,neo | |
| match (f)-[:PART_OF*..4]-(n:Asset {name:"Files"})-[:ASSET_OF]->(neo) | |
| return f.name, id(f) | |
| limit 10; | |
| //what files of Neo Technology do its partners NOT have access to | |
| match (neo:Company {name:"Neo Technology"})<-[:PARTNER_OF]-(partner:Company), | |
| (f:File)-[:PART_OF*..4]-(n:Asset {name:"Files"})-[:ASSET_OF]->(neo) | |
| where(partner)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f) | |
| with f,neo | |
| match (f)-[:PART_OF*..4]-(n:Asset {name:"Files"})-[:ASSET_OF]->(neo) | |
| return f.name, id(f) | |
| limit 10; | |
| //does a partner of Neo Technology have access to a certain file? | |
| match (f:File) | |
| where id(f)=369283 | |
| with f | |
| match (neo:Company {name:"Neo Technology"})<-[:PARTNER_OF]-(partner:Company)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f) | |
| return count(*) > 0 as hasAccess; | |
| match (f:File) | |
| where id(f)=2000000 | |
| with f | |
| match (neo:Company {name:"Neo Technology"})<-[:PARTNER_OF]-(partner:Company)-[:HAS_ACCESS]->(n)<-[:PART_OF*..3]-(f) | |
| return count(*) > 0 as hasAccess; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //Run this file in the Neo4j Shell | |
| //Create the companies | |
| create (c1:Company:Group {id:1, name:'Acme, inc.'}), | |
| (c2:Company:Group {id:2, name:'Widget Corp'}), | |
| (c3:Company:Group {id:3, name:'123 Warehousing'}), | |
| (c4:Company:Group {id:4, name:'Demo Company'}), | |
| (c5:Company:Group {id:5, name:'Smith and Co.'}), | |
| (c6:Company:Group {id:6, name:'Foo Bars'}), | |
| (c7:Company:Group {id:7, name:'ABC Telecom'}), | |
| (c8:Company:Group {id:8, name:'Fake Brothers'}), | |
| (c9:Company:Group {id:9, name:'QWERTY Logistics'}), | |
| (c10:Company:Group {id:10, name:'Demo, inc.'}), | |
| (c11:Company:Group {id:11, name:'Sample Company'}), | |
| (c12:Company:Group {id:12, name:'Sample, inc'}), | |
| (c13:Company:Group {id:13, name:'Acme Corp'}), | |
| (c14:Company:Group {id:14, name:'Allied Biscuit'}), | |
| (c15:Company:Group {id:15, name:'Ankh-Sto Associates'}), | |
| (c16:Company:Group {id:16, name:'Extensive Enterprise'}), | |
| (c17:Company:Group {id:17, name:'Galaxy Corp'}), | |
| (c18:Company:Group {id:18, name:'Globo-Chem'}), | |
| (c19:Company:Group {id:19, name:'Mr. Sparkle'}), | |
| (c20:Company:Group {id:20, name:'Globex Corporation'}), | |
| (c21:Company:Group {id:21, name:'LexCorp'}), | |
| (c22:Company:Group {id:22, name:'LuthorCorp'}), | |
| (c23:Company:Group {id:23, name:'North Central Positronics'}), | |
| (c24:Company:Group {id:24, name:'Omni Consimer Products'}), | |
| (c25:Company:Group {id:25, name:'Praxis Corporation'}), | |
| (c26:Company:Group {id:26, name:'Sombra Corporation'}), | |
| (c27:Company:Group {id:27, name:'Sto Plains Holdings'}), | |
| (c28:Company:Group {id:28, name:'Tessier-Ashpool'}), | |
| (c29:Company:Group {id:29, name:'Wayne Enterprises'}), | |
| (c30:Company:Group {id:30, name:'Wentworth Industries'}), | |
| (c31:Company:Group {id:31, name:'ZiffCorp'}), | |
| (c32:Company:Group {id:32, name:'Bluth Company'}), | |
| (c33:Company:Group {id:33, name:'Strickland Propane'}), | |
| (c34:Company:Group {id:34, name:'Thatherton Fuels'}), | |
| (c35:Company:Group {id:35, name:'Three Waters'}), | |
| (c36:Company:Group {id:36, name:'Water and Power'}), | |
| (c37:Company:Group {id:37, name:'Western Gas & Electric'}), | |
| (c38:Company:Group {id:38, name:'Mammoth Pictures'}), | |
| (c39:Company:Group {id:39, name:'Mooby Corp'}), | |
| (c40:Company:Group {id:40, name:'Gringotts'}), | |
| (c41:Company:Group {id:41, name:'Thrift Bank'}), | |
| (c42:Company:Group {id:42, name:'Flowers By Irene'}), | |
| (c43:Company:Group {id:43, name:'The Legitimate Businessmens Club'}), | |
| (c44:Company:Group {id:44, name:'Osato Chemicals'}), | |
| (c45:Company:Group {id:45, name:'Transworld Consortium'}), | |
| (c46:Company:Group {id:46, name:'Universal Export'}), | |
| (c47:Company:Group {id:47, name:'United Fried Chicken'}), | |
| (c48:Company:Group {id:48, name:'Virtucon'}), | |
| (c49:Company:Group {id:49, name:'Kumatsu Motors'}), | |
| (c50:Company:Group {id:50, name:'Keedsler Motors'}), | |
| (c51:Company:Group {id:51, name:'Powell Motors'}), | |
| (c52:Company:Group {id:52, name:'Industrial Automation'}), | |
| (c53:Company:Group {id:53, name:'Sirius Cybernetics Corporation'}), | |
| (c54:Company:Group {id:54, name:'U.S. Robotics and Mechanical Men'}), | |
| (c55:Company:Group {id:55, name:'Colonial Movers'}), | |
| (c56:Company:Group {id:56, name:'Corellian Engineering Corporation'}), | |
| (c57:Company:Group {id:57, name:'Incom Corporation'}), | |
| (c58:Company:Group {id:58, name:'General Products'}), | |
| (c59:Company:Group {id:59, name:'Leeding Engines Ltd.'}), | |
| (c60:Company:Group {id:60, name:'Blammo'}), | |
| (c61:Company:Group {id:61, name:'Input, Inc.'}), | |
| (c62:Company:Group {id:62, name:'Mainway Toys'}), | |
| (c63:Company:Group {id:63, name:'Videlectrix'}), | |
| (c64:Company:Group {id:64, name:'Zevo Toys'}), | |
| (c65:Company:Group {id:65, name:'Ajax'}), | |
| (c66:Company:Group {id:66, name:'Axis Chemical Co.'}), | |
| (c67:Company:Group {id:67, name:'Barrytron'}), | |
| (c68:Company:Group {id:68, name:'Carrys Candles'}), | |
| (c69:Company:Group {id:69, name:'Cogswell Cogs'}), | |
| (c70:Company:Group {id:70, name:'Spacely Sprockets'}), | |
| (c71:Company:Group {id:71, name:'General Forge and Foundry'}), | |
| (c72:Company:Group {id:72, name:'Duff Brewing Company'}), | |
| (c73:Company:Group {id:73, name:'Dunder Mifflin'}), | |
| (c74:Company:Group {id:74, name:'General Services Corporation'}), | |
| (c75:Company:Group {id:75, name:'Monarch Playing Card Co.'}), | |
| (c76:Company:Group {id:76, name:'Krustyco'}), | |
| (c77:Company:Group {id:77, name:'Initech'}), | |
| (c78:Company:Group {id:78, name:'Roboto Industries'}), | |
| (c79:Company:Group {id:79, name:'Primatech'}), | |
| (c80:Company:Group {id:80, name:'Sonky Rubber Goods'}), | |
| (c81:Company:Group {id:81, name:'St. Anky Beer'}), | |
| (c82:Company:Group {id:82, name:'Stay Puft Corporation'}), | |
| (c83:Company:Group {id:83, name:'Vandelay Industries'}), | |
| (c84:Company:Group {id:84, name:'Wernham Hogg'}), | |
| (c85:Company:Group {id:85, name:'Gadgetron'}), | |
| (c86:Company:Group {id:86, name:'Burleigh and Stronginthearm'}), | |
| (c87:Company:Group {id:87, name:'BLAND Corporation'}), | |
| (c88:Company:Group {id:88, name:'Nordyne Defense Dynamics'}), | |
| (c89:Company:Group {id:89, name:'Petrox Oil Company'}), | |
| (c90:Company:Group {id:90, name:'Roxxon'}), | |
| (c91:Company:Group {id:91, name:'McMahon and Tate'}), | |
| (c92:Company:Group {id:92, name:'Sixty Second Avenue'}), | |
| (c93:Company:Group {id:93, name:'Charles Townsend Agency'}), | |
| (c94:Company:Group {id:94, name:'Spade and Archer'}), | |
| (c95:Company:Group {id:95, name:'Megadodo Publications'}), | |
| (c96:Company:Group {id:96, name:'Rouster and Sideways'}), | |
| (c97:Company:Group {id:97, name:'C.H. Lavatory and Sons'}), | |
| (c98:Company:Group {id:98, name:'Globo Gym American Corp'}), | |
| (c99:Company:Group {id:99, name:'The New Firm'}), | |
| (c100:Company:Group {id:100, name:'SpringShield'}), | |
| (c101:Company:Group {id:101, name:'Neo Technology'}); | |
| //For each company, create the departments | |
| match (c:Company) create (d101:Department:Group {id:101, name:'Sales'})-[:DEPT_OF]->(c), | |
| (d102:Department:Group {id:102, name:'Marketing'})-[:DEPT_OF]->(c), | |
| (d103:Department:Group {id:103, name:'Finance'})-[:DEPT_OF]->(c), | |
| (d104:Department:Group {id:104, name:'HR'})-[:DEPT_OF]->(c), | |
| (d105:Department:Group {id:105, name:'Operations'})-[:DEPT_OF]->(c), | |
| (d106:Department:Group {id:106, name:'IT'})-[:DEPT_OF]->(c); | |
| //For each company, create the Assets | |
| match (c:Company) create (d1001:Asset {id:1001, name:'ERP system'})-[:ASSET_OF]->(c), | |
| (d1002:Asset {id:1002, name:'CRM system'})-[:ASSET_OF]->(c), | |
| (d1003:Asset {id:1003, name:'Website CMS'})-[:ASSET_OF]->(c), | |
| (d1004:Asset {id:1004, name:'Intranet CMS'})-[:ASSET_OF]->(c), | |
| (d1005:Asset {id:1005, name:'Email'})-[:ASSET_OF]->(c), | |
| (d1006:Asset {id:1006, name:'Calendaring'})-[:ASSET_OF]->(c), | |
| (d1007:Asset {id:1007, name:'Files'})-[:ASSET_OF]->(c); | |
| //departments have access to Assets | |
| match (d:Department {id:101})-[:DEPT_OF]->(c:Company), (r:Asset {id:1001})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:102})-[:DEPT_OF]->(c:Company), (r:Asset {id:1001})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:103})-[:DEPT_OF]->(c:Company), (r:Asset {id:1001})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:104})-[:DEPT_OF]->(c:Company), (r:Asset {id:1001})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:105})-[:DEPT_OF]->(c:Company), (r:Asset {id:1001})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:106})-[:DEPT_OF]->(c:Company), (r:Asset {id:1001})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:101})-[:DEPT_OF]->(c:Company), (r:Asset {id:1002})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:102})-[:DEPT_OF]->(c:Company), (r:Asset {id:1002})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:102})-[:DEPT_OF]->(c:Company), (r:Asset {id:1003})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:102})-[:DEPT_OF]->(c:Company), (r:Asset {id:1004})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:104})-[:DEPT_OF]->(c:Company), (r:Asset {id:1004})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:101})-[:DEPT_OF]->(c:Company), (r:Asset {id:1005})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:102})-[:DEPT_OF]->(c:Company), (r:Asset {id:1005})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:103})-[:DEPT_OF]->(c:Company), (r:Asset {id:1005})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:104})-[:DEPT_OF]->(c:Company), (r:Asset {id:1005})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:105})-[:DEPT_OF]->(c:Company), (r:Asset {id:1005})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:106})-[:DEPT_OF]->(c:Company), (r:Asset {id:1005})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:101})-[:DEPT_OF]->(c:Company), (r:Asset {id:1006})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:102})-[:DEPT_OF]->(c:Company), (r:Asset {id:1006})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:103})-[:DEPT_OF]->(c:Company), (r:Asset {id:1006})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:104})-[:DEPT_OF]->(c:Company), (r:Asset {id:1006})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:105})-[:DEPT_OF]->(c:Company), (r:Asset {id:1006})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| match (d:Department {id:106})-[:DEPT_OF]->(c:Company), (r:Asset {id:1006})-[:ASSET_OF]->(c) create (d)-[:HAS_ACCESS]->(r); | |
| //Create the file tree structure | |
| //Let's create a share for every department, and give them access | |
| match (r:Asset {id:1007})-[:ASSET_OF]-(c:Company)<-[:DEPT_OF]-(d:Department) | |
| with d,r, "Share of "+d.name as DepartmentName | |
| create (f:FileShare:Asset {id:d.id, name:DepartmentName})-[:PART_OF]->(r), (d)-[:HAS_ACCESS]->(f); | |
| //for every share, connect 10 folders in every Share | |
| match (n2:FileShare) | |
| with range(1,10) as RANGE, n2 | |
| foreach (r in RANGE | create (n3:Folder {id:r, name:"Folder"+" "+r})-[:PART_OF]->(n2) ); | |
| //for every folder, connect 10 subfolders | |
| match (n3:Folder) | |
| with range(1,10) as RANGE, n3 | |
| foreach (r in RANGE | create (n4:SubFolder {id:r, name:"Sub Folder"+" "+r})-[:PART_OF]->(n3) ); | |
| //for every folder, connect 10 .pptx files | |
| match (n4:Folder) | |
| with range(1,10) as RANGE, n4 | |
| foreach (r in RANGE | create (n5:File {id:r, name:"File"+" "+r+".pptx", type:"Powerpoint"})-[:PART_OF]->(n4) ); | |
| //for every subfolder, connect 10 .txt files (batching up!) | |
| match (n4:SubFolder) | |
| with range(1,4) as RANGE, n4 | |
| foreach (r in RANGE | create (n5:File {id:r, name:"File"+" "+r+".txt", type:"Text"})-[:PART_OF]->(n4) ); | |
| match (n4:SubFolder) | |
| with range(5,7) as RANGE, n4 | |
| foreach (r in RANGE | create (n5:File {id:r, name:"File"+" "+r+".txt", type:"Text"})-[:PART_OF]->(n4) ); | |
| match (n4:SubFolder) | |
| with range(8,10) as RANGE, n4 | |
| foreach (r in RANGE | create (n5:File {id:r, name:"File"+" "+r+".txt", type:"Text"})-[:PART_OF]->(n4) ); | |
| //add indexes | |
| create index on :Department(id); | |
| create index on :Company(id); | |
| create index on :Person(first_name); | |
| create index on :Person(last_name); | |
| create index on :File(type); | |
| create index on :Asset(name); | |
| //add people to departments | |
| load csv with headers from "https://docs.google.com/a/neotechnology.com/spreadsheets/d/1mSZKvPh7dzBnSIPkboKTEkGHEqDMjA3gGxZpx7Y4Zws/export?format=csv&id=1mSZKvPh7dzBnSIPkboKTEkGHEqDMjA3gGxZpx7Y4Zws&gid=1411338621" as csv | |
| match (d:Department {id:toInt(csv.Department)})-[:DEPT_OF]->(c:Company {id:toInt(csv.Company)}) | |
| merge (p:Person {id:toInt(csv.Id), first_name:csv.FirstName, last_name:csv.LastName})-[:IS_MEMBER]->(d); | |
| //add Rik | |
| match (d:Department {name:"Sales"})-[:DEPT_OF]->(c:Company {name:"Neo Technology"}) | |
| merge (p:Person {id:9999, first_name:"Rik", last_name:"Van Bruggen"})-[:IS_MEMBER]->(d); | |
| //add a Partners for Neo Technology | |
| load csv with headers from "https://docs.google.com/a/neotechnology.com/spreadsheets/d/1mSZKvPh7dzBnSIPkboKTEkGHEqDMjA3gGxZpx7Y4Zws/export?format=csv&id=1mSZKvPh7dzBnSIPkboKTEkGHEqDMjA3gGxZpx7Y4Zws&gid=1115294362" as csv | |
| match (neo:Company {name:"Neo Technology"})<-[:DEPT_OF]-(neosales:Department {name:"Sales"})-[:HAS_ACCESS]->(a:Asset {name:"Share of Sales"})<-[:PART_OF]-(f:Folder {name:"Folder 1"}) | |
| merge (partner:Company {name:csv.Partner, region:csv.Region, country:csv.Country, country:csv.City})-[:PARTNER_OF]->(neo) | |
| merge (partner)-[:HAS_ACCESS]->(f) | |
| create (d101:Department:Group {id:101, name:'Sales'})-[:DEPT_OF]->(partner), | |
| (d102:Department:Group {id:102, name:'Marketing'})-[:DEPT_OF]->(partner), | |
| (d103:Department:Group {id:103, name:'Finance'})-[:DEPT_OF]->(partner), | |
| (d104:Department:Group {id:104, name:'HR'})-[:DEPT_OF]->(partner), | |
| (d105:Department:Group {id:105, name:'Operations'})-[:DEPT_OF]->(partner), | |
| (d106:Department:Group {id:106, name:'IT'})-[:DEPT_OF]->(partner) | |
| create (p:Person {name:csv.Contact, email:csv.Email})-[:IS_MEMBER]->(d101); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment