Procedure and user-defined function privileges

To be able to run a procedure or user-defined function, the user needs to have the corresponding execute privilege. Procedures and user-defined functions are executed according to the same security rules as regular Cypher statements, e.g. a procedure performing writes will fail if called by a user that only has read privileges.

Procedures and user-defined functions can also be run with privileges exceeding the users' own privileges. This is called execution boosting. The elevated privileges only apply within the procedure or user-defined function; any operation performed outside will still use the users' original privileges.

The steps below assume that the procedure or user-defined function is already developed and installed.

Please refer to Java Reference → Extending Neo4j for a description of creating and using user-defined procedures and functions.

Manage procedure permissions

Procedure permissions can be managed using the native execute privileges. These control whether the user is allowed to execute a procedure and which set of privileges apply during the execution.

A procedure may be run using the EXECUTE PROCEDURE privilege.

This allows the user to execute procedures that match the globbed procedures.

Example 1. Grant privilege to execute a procedure

GRANT EXECUTE PROCEDURE db.schema.visualization ON DBMS TO visualizer

This will allow any user with the visualizer role to execute the db.schema.visualization. E.g. a user that also has the following privileges:

GRANT TRAVERSE ON GRAPH * NODES A, B TO role
GRANT TRAVERSE ON GRAPH * RELATIONSHIP R1 TO role

When calling the db.schema.visualization procedure, the user will only see the A and B nodes and R1 relationships, even though there might exist other nodes and relationships.

A procedure may also be executed with elevated privileges using the EXECUTE BOOSTED PROCEDURE privilege.

The EXECUTE BOOSTED PROCEDURE privilege only controls the privileges used during the execution and not the execution itself. The user needs both EXECUTE PROCEDURE and EXECUTE BOOSTED PROCEDURE to execute the procedure with elevated privileges.

This allows the user to successfully execute procedures that would otherwise fail during execution with their assigned roles. The user is given full privileges for the procedure, during the execution of the procedure only.

Example 2. Grant privilege to use elevated privileges during procedure execution

GRANT EXECUTE BOOSTED PROCEDURE db.schema.visualization ON DBMS TO visualizer

This will allow any user with the visualizer role to execute the db.schema.visualization with elevated privileges. When calling the db.schema.visualization procedure, the user will see all nodes and relationships that exist in the graph, even though they have no traversal privileges.

Manage user-defined function permissions

User-defined function permissions can be managed using the native execute privileges. These control if the user is both allowed to execute a user-defined function and which set of privileges apply during the execution.

A user-defined function may be executed using the EXECUTE USER DEFINED FUNCTION privilege.

This allows the user to execute user-defined functions that match the globbed user-defined function.

Example 3. Grant privilege to execute a user-defined function

GRANT EXECUTE USER DEFINED FUNCTION apoc.any.properties ON DBMS TO custom

This will allow any user with the custom role to execute the apoc.any.properties. E.g. a user that also has the following privilege:

GRANT MATCH {visibleProp} ON GRAPH * NODES A TO role

When calling the user-defined function MATCH (a:A) RETURN apoc.any.properties(a) AS properties, they will only see the visibleProp even though there might exist other properties.

A user-defined function may also be executed with elevated privileges using the EXECUTE BOOSTED USER DEFINED FUNCTION privilege.

The EXECUTE BOOSTED USER DEFINED FUNCTION privilege only controls the privileges used during the execution and not the execution itself. The user needs both EXECUTE USER DEFINED FUNCTION and EXECUTE BOOSTED USER DEFINED FUNCTION to execute the user-defined function with elevated privileges.

This allows the user to successfully execute user-defined functions that would otherwise fail during execution with their assigned roles. The user is given full privileges for the user-defined function, during the execution of the function only.

Example 4. Grant privilege to use elevated privileges during user-defined function execution

GRANT EXECUTE BOOSTED USER DEFINED FUNCTION apoc.any.properties ON DBMS TO custom

This will allow any user with the custom role to execute the apoc.any.properties with elevated privileges. E.g. a user that also has the following privileges:

GRANT TRAVERSE ON GRAPH * NODES A TO role

When calling the user-defined function MATCH (a:A) RETURN apoc.any.properties(a) AS properties, they will see all properties that exist on the matched nodes even though they have no read privileges.