A.3. User management for Community Edition

This section describes user and password management for Neo4j Community Edition.

In Neo4j, native user and role management are managed by using built-in procedures through Cypher.

This chapter gives a list of all the security procedures for user management along with some simple examples.

Use the Neo4j Browser or the Neo4j Cypher Shell to run the examples provided.

Unless stated otherwise, all arguments to the procedures described in this section must be supplied.

Name Description

dbms.security.listUsers

List all users

dbms.security.changePassword

Change the current user’s password

dbms.showCurrentUser

Show details for the current user

dbms.security.createUser

Add a user

dbms.security.deleteUser

Delete a user

A.3.1. List all users

The current user is able to view the details of every user in the system.

Syntax:

CALL dbms.security.listUsers()

Returns:

Name Type Description

username

String

This is the user’s username.

flags

List<String>

This is flag indicating whether the user needs to change their password.

Example A.2. List all users

The following example shows, for each user in the system, the username and whether the user needs to change their password.

CALL dbms.security.listUsers()
+-----------------------------------------+
| username | flags                        |
+-----------------------------------------+
| "neo4j"  | []                           |
| "anne"   | ["password_change_required"] |
| "bill"   | []                           |
+-----------------------------------------+
3 rows

A.3.2. Change the current user’s password

The current user is able to change their own password at any time.

Syntax:

CALL dbms.security.changePassword(password)

Arguments:

Name Type Description

password

String

This is the new password for the current user.

Exceptions:

The password is the empty string.

The password is the same as the current user’s previous password.

Example A.3. Change the current user’s password

The following example changes the password of the current user to 'h6u4%kr'.

CALL dbms.security.changePassword('h6u4%kr')

A.3.3. Show details for the current user

The current user is able to view whether or not they need to change their password.

Syntax:

CALL dbms.showCurrentUser()

Returns:

Name Type Description

username

String

This is the user’s username.

flags

List<String>

This is a flag indicating whether the user needs change their password.

Example A.4. Show details for the current user

The following example shows that the current user — with the username 'johnsmith' — does not need to change his password.

CALL dbms.showCurrentUser()
+---------------------+
| username    | flags |
+---------------------+
| "johnsmith" | []    |
+---------------------+
1 row

A.3.4. Add a user

The current user is able to add a user to the system.

Syntax:

CALL dbms.security.createUser(username, password, requirePasswordChange)

Arguments:

Name Type Description

username

String

This is the user’s username.

password

String

This is the user’s password.

requirePasswordChange

Boolean

This is optional, with a default of true. If this is true, (i) the user will be forced to change their password when they log in for the first time, and (ii) until the user has changed their password, they will be forbidden from performing any other operation.

Exceptions:

The username either contains characters other than the ASCII characters between ! and ~, or contains : and ,.

The username is already in use within the system.

The password is the empty string.

Example A.5. Add a user

The following example creates a user with the username 'johnsmith' and password 'h6u4%kr'. When the user 'johnsmith' logs in for the first time, he will be required to change his password.

CALL dbms.security.createUser('johnsmith', 'h6u4%kr', true)

A.3.5. Delete a user

The current user is able to delete permanently a user from the system.

Syntax:

CALL dbms.security.deleteUser(username)

Arguments:

Name Type Description

username

String

This is the username of the user to be deleted.

Exceptions:

The username does not exist in the system.

The username matches that of the current user (i.e. deleting the current user is not permitted).

Considerations:

  • Deleting a user will terminate with immediate effect all of the user’s sessions and roll back any running transactions.
  • As it is not possible for the current user to delete themselves, there will always be at least one user in the system.
Example A.6. Delete a user

The following example deletes a user with the username 'janebrown'.

CALL dbms.security.deleteUser('janebrown')