Showing results for 
Search instead for 
Did you mean: 

Neo4j EE Authorization: access to 'groups' of graphs


I am currently using the community edition of Neo4j but have a question about authorization in the EE. I have read the auth docs and I understand how Neo4j EE can restrict access to certain nodes and attributes of the node. Using the example in the docs (patient node, disease node and symptom node):

  • a doctor can see all nodes but can not update the patient address
  • the receptionist can only see the patient node and only update the address
  • nurse has the combined privileges of the doctor and the receptionist.

but I am wondering if authorization can be managed for 'groups' of nodes. For example, a doctor and nurse should only be able to see the patient/disease/symptom nodes within their ward (say, ICU) and the doctors and nurses in the outpatient ward would see a different set of patient/disease/symptom nodes when the browsed the patient database. Of course there should be a hospital CEO that can see all patients in all wards. etc, etc. Can Neo4j EE provide this type of authorization to view only the 'sets' of nodes that a user should have access to? How would this be configured? I thought about separate databases for each ward but that makes queries across all patients inefficient. I am still learning Neo4j so hopefully this is not too much of a newbie question.

Thanks very much for your assistance