User management
User management is a feature within Aura that allows admins to invite users and set their roles within an isolated environment.
Organization-level roles
The following roles are available at the org level and these are assigned via invitation:
-
Owner
-
Admin
-
Member
| Capability | Owner | Admin | Member |
|---|---|---|---|
List org |
|||
List org projects |
|||
Update org |
|||
Invite users to projects |
|||
List existing organization settings |
|||
Add organization settings |
|||
List organization settings on project-level |
|||
Update organization settings on project-level |
|||
Delete organization settings on project-level |
|||
Invite non-owner users to org |
|||
List users |
|||
List roles |
|||
List members of a project |
|||
Invite owners to org |
|||
Add owner |
|||
Delete owners |
|||
Transfer projects to and from the org |
|||
1. An admin can only list members of projects the admin is also a member of. 2. An owner needs to permission for both the source and destination orgs. |
|||
Project-level roles
Each project can have multiple users with individual accounts allowing access to the same environment.
The users with access to a project can be viewed and managed from the Users page. Access the Users page by selecting Users from the sidebar menu of the console.
The project you’re currently viewing is displayed in the header of the console. You can select the project name to open the project dropdown menu, allowing you to view all the projects that you have access to and switch between them.
Additionally, you can perform the following actions from the Project Settings page. You can access the Settings page by selecting Settings from the sidebar menu of the console.
-
Edit the name of the project you are currently viewing by selecting the pencil icon next to the project name. This action requires you to be an Admin of the project.
-
Copy the Project ID by selecting the clipboard icon that appears next to the Project ID.
Users
Each project can have multiple users with individual accounts allowing access to the same environment.
The users with access to a project can be viewed and managed from the Users page. You can access the Users page by selecting Users from the sidebar menu of the console.
Roles
Users within a project can be assigned one of the following roles:
-
Project Viewer
-
Metrics Reader
-
Project Member
-
Project Admin
Metrics reader role
The metrics reader role can be assigned to any user or service account.
It has the same permissions as the project viewer role, but with some extra permissions specifically for reading metrics via an API endpoint.
The role allows access to metrics for all instances in a project.
Accessing metric endpoints requires Aura API Credentials and the metrics reader role enables the creation of these credentials.
The metrics reader role can view and open instances in the console, however, login to the instance is required to interact with it, with access to Explore and Query defined by the instance’s RBAC settings.
|
Each project must have at least one Project Admin, but it is also possible for projects to have multiple Project Admins. |
| Capability | Project Viewer | Metrics reader | Member | Admin |
|---|---|---|---|---|
View users and their roles |
||||
View and open instances |
||||
Access the Neo4j Customer Support Portal |
||||
Perform all actions on instances [3] |
||||
Clone data to new and existing instances |
||||
Take on-demand snapshots |
||||
Restore from snapshots |
||||
Edit the project name |
||||
Invite new users to the project |
||||
Edit existing users' roles |
||||
Delete existing users from the project |
||||
View and edit billing information |
||||
3. Actions include creating, deleting, pausing, resuming, and editing instances. |
||||
Predefined roles
Users within a project can access instances seamlessly with their console role if Tool authentication with Aura user is enabled.
|
New organizations created after May 29th 2025 will have Tool auhtentication with Aura user enabled by default. |
When enabled, a user connects seamlessly with a predefined database role that matches their console role, i.e. their project-level role. Predefined roles are immutable and apply to all Free, Professional, and Business Critical instances. The predefined roles are assigned the following privileges on the instance level:
| Privilege | Viewer | Member | Admin | ||
|---|---|---|---|---|---|
Free |
Professional |
Business Critical |
|||
Access to database |
|||||
Start and stop database |
|||||
List constraints |
|||||
Create constraints |
|||||
Delete constraints |
|||||
List indexes |
|||||
Create indexes |
|||||
Delete indexes |
|||||
Find nodes and relationships and read their properties |
|||||
Load external data in queries |
|||||
Write to the graph |
|||||
Execute procedures and functions |
|||||
Name management for node labels, relationship types, and property names. |
|||||
List and end transactions for specified users on the database. |
|||||
List, create, delete, and modify users. |
|||||
Assign roles |
|||||
Remove roles |
|||||
Create roles |
|||||
Delete roles |
|||||
Rename roles |
|||||
List roles |
|||||
Privilege management [4] |
|||||
4. This includes to list, grant, and revoke privileges. |
|||||
Inviting users
As an Admin, to invite a new user:
-
Select Invite user from the User page.
-
Enter the Email address of the person you want to invite.
-
Select the user’s Role.
-
Select Invite.
The new user will appear within the list of users on the User page with the Pending invite Status until they accept the invite.
An email will be sent to the user with a link to accept the invite.
Editing users
As an Admin, to edit an existing user’s role:
-
Select the more actions (three dots) icon next to the user’s name from the User page.
-
Select the user’s new Role.
-
Select Save.
Deleting users
As an Admin, to delete an existing user:
-
Select the more actions (three dots) next to the user’s name from the User page.
-
Select Delete.
Accepting an invite
When invited to a project, you will receive an email with a link to accept the invite. This link will direct you to the Aura console, where a Project invitation modal will appear. You can select the project(s) you have been invited to and choose to accept or decline the invite(s).