Useful Cypher statements for suspending and reactivating users

knowledge-base
suspend
activate
maintenance

(Dana Canzano) #1

Commencing with Neo4j 3.1 and implementaion of native database users
it is possible to suspend a user, thus preventing the user from further authenticating in.

To view all suspended users run the following Cypher

call dbms.security.listUsers() yield username, flags 
with username,flags 
where 'is_suspended' in flags
return username

Further if you encounter the need to suspend all users, for example to prevent all database access during a weekend maintenance period,
the following Cypher can be used to generate Cypher statements which can then be used to suspend and subsequently reactivate all users.

  • Build the Cypher statements to activate all currently 'active' users
<!-- // users with no  is_suspended flag and build the statement to activate the user and not force a password change -->
call dbms.security.listUsers() yield username, flags with username, flags 
where not 'is_suspended' in flags  
return 'call dbms.security.activateUser(\'' + username + '\',false);'
  • Build the Cypher statements to suspend all currently 'active' users
<!-- // users with no  is_suspended flag -->
call dbms.security.listUsers() yield username, flags with username, flags 
where not 'is_suspended' in flags  
return 'call dbms.security.suspendUser(\'' + username + '\');'

Finally at the time of the maintenance window one would first run the generated Cypher statements from above to suspend all users.
Note it is not possible to suspend the user you are currently logged in as and as such you may see a call dbms.security.suspendUser
result in failure error message of 'Suspending yourself (user 'neo4j') is not allowed.'

At the completion of the maintenance window, one would then run the generated Cypher statement to activate all the
currrently defined suspended users.