Role-based access control -- Neo4j v. 4 on Aura

I presume that role-based access control is still not available on Aura, even with Neo4j v.4?

When i submit this command to the SYSTEM database: GRANT ROLE ... to ...
I had the error message: Neo.ClientError.Security.Forbidden: Permission denied.

When i tried: CALL dbms.security.addRoleToUser('reader', 'anonymous')
I had the error message: Executing admin procedure is not allowed for user 'neo4j' with READ restricted to TOKEN_WRITE.

Hi @chriskhoo.sg,
Neo4j Aura Professional Tier, which is a self serve version of Aura does not support RBAC.
For that, you will have to pick Neo4j Aura Enterprise which is in the Early Access Program (EAP) right now.
Let me know if you want to discuss your usecase that requires RBAC and we can maybe jump on a call.
Thanks!

Hi Soham,

Thank you for reaching out to me. :-)
Yes, I'm keen to participate in the EAP program. Let me quickly outline my needs so you can judge if there's any hope for me!

I'm developing a visualization interface to a digital heritage archive. Currently I have a text-based interface to navigate the graph (on an Aura database).
I want to offer the Bloom visualizer for public users to browse the graph.
So what I need is:

  1. an anonymous user account with read-only role
  2. allow users to browse the graph using Bloom. Currently, when I use Bloom to access my graph, a login form comes up. So I want to be able include the login userid and password (for anonymous user) in the hyperlink parameters.
  3. when using Bloom, I want the anonymous user to retrieve my Bloom perspective. In other words, to store the Bloom perspective in my Aura database. Alternatively, I can put the Bloom perspective (json file) on my website, but I don't know how to tell Bloom to retrieve the perspective from my URL. Bloom deep-linking would be even better.

Actually, my website is already live and publicly accessible. But I had to put a note that the graph visualizer is not ready. :-(
I'm considering using another graph visualization package, like Cytoscape.js, but I do like Bloom.

Thanks!

-- chris

If one has a user defined with roles in Neo4j 4.2. Can you login with that user defined in the Neo4j system database rather than the Aura login password? It appears that this is not possible at the moment based on my own testing.

Looks like someone else had this question before. Has anything changed in that regard? The ability to secure certain data in a hosted database is essential. Thank you for your response in advance.

Wolfgang