I am currently using the community edition of Neo4j but have a question about authorization in the EE. I have read the auth docs and I understand how Neo4j EE can restrict access to certain nodes and attributes of the node. Using the example in the docs (patient node, disease node and symptom node):
a doctor can see all nodes but can not update the patient address
the receptionist can only see the patient node and only update the address
nurse has the combined privileges of the doctor and the receptionist.
but I am wondering if authorization can be managed for 'groups' of nodes. For example, a doctor and nurse should only be able to see the patient/disease/symptom nodes within their ward (say, ICU) and the doctors and nurses in the outpatient ward would see a different set of patient/disease/symptom nodes when the browsed the patient database. Of course there should be a hospital CEO that can see all patients in all wards. etc, etc. Can Neo4j EE provide this type of authorization to view only the 'sets' of nodes that a user should have access to? How would this be configured? I thought about separate databases for each ward but that makes queries across all patients inefficient. I am still learning Neo4j so hopefully this is not too much of a newbie question.