I need to build in filtering of query results so that a user can tell upfront which nodetypes and relationshiptypes need to be considered in a query. I can of course add this to each query but when testing out the RBAC features of neo the idea came to mind if it is possible to use that mechanism to not overcomplicate my query and maybe using the internals of neo4j for this is faster in performance.
Is there a way to tell the bolt driver to assume a role before executing a query. Or are there plans to build such functionality in neo4j 4.0?
We have exactly the same problem
We have a REST application that accesses neo4j for retrieving data from the graph and we would like to leverage on neo4j RBAC for data filtering and authorization.
Is there a way to provide the user/role to assume for a query in the same connection? We cannot establish a new connection and execute a login for every request coming to our REST application
We think that the actual implementation of RBAC is only useful in case you have a UI that establishes a 1<--> 1 connection to neo4j leveraging the same role of the user that logged in.
However I've never seen a UI/Backend that follows this pattern IMHO.
A backend/UI usually keeps a connection pool using a service account and it uses this pool for creating sessions and executing queries.
From the perspective of a backend the user that logs in is always the same (the service account), so it is essential that the driver provides a way for assuming a role before triggering a query.