How to restrict a few nodes in Neo4j Database

cypher
knowledge-base

(Sucheta) #1

Hi,

I have created an application with Neo4j using Neovis and for backend - neo4j-driver. Now i have to create a login page for which i need to i need to store login id and password in Neo4j database. But when i display the nodes , i donot want the login and password node to appear . Is it possible to restrict these nodes ? I would like you to help me with the query.

The kind of queries that i have used are -

[1] MATCH (n)-[r: Parameter]-(find) WHERE find.name ='cabinet' RETURN n,r,find

[2] MATCH (n)-[r:Parameter]-(find) WHERE find.name ='discon' RETURN n

[3] WITH ["cabinet"] as names MATCH (p)-[:Parameter]-(m) WHERE p.name in names RETURN m

[4] MATCH p=()-[r:Method]->() RETURN p ;

[5] MATCH (a)-[ b:Parameter]-(find) WHERE find.name =~'(?i)."cabinet".' RETURN a,b,find

How do i insert restrictions in these queries ?


(Andrew Bowman) #2

Enterprise Edition has property level access control in the form of blacklisting certain user roles from being able to read certain properties across all nodes and relationships. Note that this doesn't prevent writing, so this usually works best with roles without write access.

This sets the stage for further improvements for finer grained forms of property level access, something to look forward to in 4.0.


(Sucheta) #3

Thanks Andrew. By when is edition 4.0 expected ?


(Andrew Bowman) #4

No release date as of yet, sorry, though it will be in 2019. We'll likely make announcements on our site when we get within view of a release.


(Sucheta) #5

I have a doubt. How can we restrict the display of a few nodes in query ?


(Andrew Bowman) #6

I may have actually misread your original post...you are asking about :Login and :Password nodes and not properties?

If you want to ensure neither of these nodes is used in the match pattern, you can add a path variable and a none() predicate to ensure that none of the nodes in the path has those labels:

MATCH path = (a)-[ b:Parameter]-(find) 
WHERE find.name =~'(?i). *"cabinet".* ' AND none(node in nodes(path) WHERE node:Login OR node:Password) 
RETURN a,b,find

(Doug Jones) #7

Andrew mentioned a future capability to blacklist certain user roles from reading a specific property. Does Neo4j have a way to whitelist a node or property, so that only authorized user roles can access it?


(Sucheta) #8

We also have this requirement of accessing nodes based of the role. So after research we planned to include a key-value pair in our nodes while creating them like -

 MATCH (it:it ) where it.name = "pqr" CREATE (abc_2:abc_2 {name:'carol',role:'aws developer'}),      
 (it)-[:relationship]->(abc_2);

And the query to filter on the basis of role will be like -

 MATCH (n)-[r: Parameter]-(find) WHERE find.name ='carol' AND find.role='aws developer' RETURN n,r,find

Hope this helps.

If you figure out any other method please share.