Can I use Native User Role to limit access to a user's 'own' data?

Is there a built-in way to use Native User Roles to limit a user's access to only his/her own nodes & relationships? Does neo4j maintain any record of which user created a node, or would such ownership have to be explicitly built into the model?

If there is not a built-in ownership mechanism, I see that in the operations manual-- 8.4.2. Custom roles--we can add our own custom roles and add custom procedures to them. Has anyone used this method for giving only a user access to his/her own creations (while blocking others' access)?

1 Like

Bumping this thread up as I'm very much interested in this as well. I need to display exclusively logged-in users's managed items in his/her dashboard. These items are, of course, nodes in Neo4j but not necessarily the ones the user created himself.

Currently our role and security features don't cover these kind of cases, you would have to enforce these in the queries themselves, or in filtering before the results are returned to the user.

That said, improving on the richness of our security and visibility features became high priority awhile back, so you're very likely to see improvements here in our next major release near the end of the year which may better address these cases.

1 Like