Knowledge Base

Using Cypher to generate Cypher statements to recreate Users and Roles

The following can be used to extract user and role definitions from an existing database and the resultant output can be played back on another Neo4j database.

//export roles
return '//export Roles' as output
union all
call dbms.security.listRoles() yield role return 'call dbms.security.createRole(\'' + role + '\');' as output
union all
//export users
return '//export Users' as output
union all
call dbms.security.listUsers() yield username return 'call dbms.security.createUser(\'' + username + '\',\'newpassword\');' as output
union all
// export user to role maps
return '//export Roles to User map' as output
union all
call dbms.security.listRoles() yield role,users with role,users unwind users as user return 'call dbms.security.addRoleToUser(\'' + role + '\',' + user + '\');'  as output

The resultant output will default all users passwords to 'newpassword' and the user will be required to change their password on initial log on. Sample output is as follows:

//export Roles
call dbms.security.createRole('reader');
call dbms.security.createRole('architect');
call dbms.security.createRole('admin');
call dbms.security.createRole('publisher');
//export Users
call dbms.security.createUser('neo4j_dba','newpassword');
call dbms.security.createUser('neo4j','newpassword');
//export Roles to User map
call dbms.security.addRoleToUser('admin',neo4j');
call dbms.security.addRoleToUser('admin',neo4j_dba');

The approach used above is similar to related knowledgebase document "Using Cypher to generate Cypher statements to recreate indexes and constraints"