Showing results for 
Search instead for 
Did you mean: 

Head's Up! Site maintenance this Wednesday, February 1. Disruptions expected as we migrate the forums.

Can i use RBAC features to build filtering functionality in my application

Node Clone

I need to build in filtering of query results so that a user can tell upfront which nodetypes and relationshiptypes need to be considered in a query. I can of course add this to each query but when testing out the RBAC features of neo the idea came to mind if it is possible to use that mechanism to not overcomplicate my query and maybe using the internals of neo4j for this is faster in performance.
Is there a way to tell the bolt driver to assume a role before executing a query. Or are there plans to build such functionality in neo4j 4.0?


Graph Steward

What drivers are you using for your project? Is it a GRANDstack project or are you simply using one of the other language drivers?

Using the java driver in this case. Also using the python neo4j driver for other parts of the project

We have exactly the same problem
We have a REST application that accesses neo4j for retrieving data from the graph and we would like to leverage on neo4j RBAC for data filtering and authorization.
Is there a way to provide the user/role to assume for a query in the same connection? We cannot establish a new connection and execute a login for every request coming to our REST application


About a year ago I talked to some of the neo4j developers and got the impression that this was something that could be put on the backlog. I havent followed up on that so don;t know if this feature request made it through

We think that the actual implementation of RBAC is only useful in case you have a UI that establishes a 1<--> 1 connection to neo4j leveraging the same role of the user that logged in.
However I've never seen a UI/Backend that follows this pattern IMHO.
A backend/UI usually keeps a connection pool using a service account and it uses this pool for creating sessions and executing queries.
From the perspective of a backend the user that logs in is always the same (the service account), so it is essential that the driver provides a way for assuming a role before triggering a query.