Commencing with Neo4j 3.1 and implementaion of native database users it is possible to suspend a user, thus preventing the user from further authenticating in.

To view all suspended users run the following Cypher

call dbms.security.listUsers() yield username, flags
with username,flags
where 'is_suspended' in flags
return username

Further if you encounter the need to suspend all users, for example to prevent all database access during a weekend maintenance period, the following Cypher can be used to generate Cypher statements which can then be used to suspend and subsequently reactivate all users.

  • Build the Cypher statements to activate all currently ‘active’ users
// users with no  is_suspended flag and build the statement to activate the user and not force a password change
call dbms.security.listUsers() yield username, flags with username, flags
where not 'is_suspended' in flags
return 'call dbms.security.activateUser(\'' + username + '\',false);'
  • Build the Cypher statements to suspend all currently ‘active’ users
// users with no  is_suspended flag
call dbms.security.listUsers() yield username, flags with username, flags
where not 'is_suspended' in flags
return 'call dbms.security.suspendUser(\'' + username + '\');'

Finally at the time of the maintenance window one would first run the generated Cypher statements from above to suspend all users. Note it is not possible to suspend the user you are currently logged in as and as such you may see a call dbms.security.suspendUser result in failure error message of ‘Suspending yourself (user ‘neo4j’) is not allowed.’

At the completion of the maintenance window, one would then run the generated Cypher statement to activate all the currrently defined suspended users.

Details


Author:
Dana Canzano
Applicable versions:
3.1
Keywords:
activatemaintenanceneo4j-3.1suspend