How to restrict a few nodes in Neo4j Database

sucheta · December 24, 2018, 5:25am

Hi,

I have created an application with Neo4j using Neovis and for backend - neo4j-driver. Now i have to create a login page for which i need to i need to store login id and password in Neo4j database. But when i display the nodes , i donot want the login and password node to appear . Is it possible to restrict these nodes ? I would like you to help me with the query.

The kind of queries that i have used are -

[1] MATCH (n)-[r: Parameter]-(find) WHERE find.name ='cabinet' RETURN n,r,find

[2] MATCH (n)-[r:Parameter]-(find) WHERE find.name ='discon' RETURN n

[3] WITH ["cabinet"] as names MATCH (p)-[:Parameter]-(m) WHERE p.name in names RETURN m

[4] MATCH p=()-[r:Method]->() RETURN p ;

[5] MATCH (a)-[ b:Parameter]-(find) WHERE find.name =~'(?i)."cabinet".' RETURN a,b,find

How do i insert restrictions in these queries ?

andrew_bowman · December 24, 2018, 9:57am

Enterprise Edition has property level access control in the form of blacklisting certain user roles from being able to read certain properties across all nodes and relationships. Note that this doesn't prevent writing, so this usually works best with roles without write access.

This sets the stage for further improvements for finer grained forms of property level access, something to look forward to in 4.0.

sucheta · December 24, 2018, 10:00am

Thanks Andrew. By when is edition 4.0 expected ?

andrew_bowman · December 24, 2018, 10:12am

No release date as of yet, sorry, though it will be in 2019. We'll likely make announcements on our site when we get within view of a release.

sucheta · December 24, 2018, 11:05am

I have a doubt. How can we restrict the display of a few nodes in query ?

andrew_bowman · December 24, 2018, 6:50pm

I may have actually misread your original post...you are asking about :Login and :Password nodes and not properties?

If you want to ensure neither of these nodes is used in the match pattern, you can add a path variable and a none() predicate to ensure that none of the nodes in the path has those labels:

MATCH path = (a)-[ b:Parameter]-(find) 
WHERE find.name =~'(?i). *"cabinet".* ' AND none(node in nodes(path) WHERE node:Login OR node:Password) 
RETURN a,b,find

doug.jones · December 27, 2018, 4:42pm

Andrew mentioned a future capability to blacklist certain user roles from reading a specific property. Does Neo4j have a way to whitelist a node or property, so that only authorized user roles can access it?

sucheta · December 28, 2018, 5:52am

We also have this requirement of accessing nodes based of the role. So after research we planned to include a key-value pair in our nodes while creating them like -

 MATCH (it:it ) where it.name = "pqr" CREATE (abc_2:abc_2 {name:'carol',role:'aws developer'}),      
 (it)-[:relationship]->(abc_2);

And the query to filter on the basis of role will be like -

 MATCH (n)-[r: Parameter]-(find) WHERE find.name ='carol' AND find.role='aws developer' RETURN n,r,find

Hope this helps.

If you figure out any other method please share.

Topic		Replies	Views
Privileges to read subset of label Operations	5	633	May 4, 2020
Custom Security extension point options Neo4j Graph Platform security	1	959	September 27, 2018
Hide properties from being returned by neo4j Neo4j Graph Platform cypher , extension	4	431	January 28, 2022
Return node with properties and exclude some of them via Cypher Neo4j Graph Platform cypher	7	4901	April 17, 2020
Neo4J Fine-Grained Security for Subset of Nodes with Label Neo4j Graph Platform security	1	504	November 20, 2020

How to restrict a few nodes in Neo4j Database

Related topics