Software developers need access to the Neo4j database, but they should not be able to create anything they want because we will end up with extra objects in the database that are not part of any agreed upon schema. (It's a basic law of chaos theory that just hasn't been named yet).
So I want to exert schema control to the full extent that Neo4j will allow. The database should enable developers and users to create only tokens (node labels, edge types, and properties) that are defined in the database schema. The database admin is solely in charge of the database schema.
My approach is to use roles as show in the image below. Only the db admin can create tokens that do not yet exist in the database, the users and developers can only create objects that are allowed by the db admin.
So if the development team needs a Person node label, the db admin creates an actual node and places a Person label on it. It really exists, and is fully accessible by queries in the database. That's fine for development but in production the db admin should not be creating an actual user. Yet it seems that this is necessary.
Is there a way for the db admin to define the allowable tokens without actually creating live instances of them in the database?
I am wide open for suggestions here including the suggestion of external tools. I'm using Neo4j Enterprise.