Read Query Structure

[USE]
[MATCH [WHERE]]
[OPTIONAL MATCH [WHERE]]
[WITH [WHERE] [ORDER BY] [SKIP] [LIMIT]]
RETURN [ORDER BY] [SKIP] [LIMIT]

Baseline for pattern search operations.

MATCH

MATCH (n)
RETURN n AS node

Find all nodes and return all nodes.

MATCH (n:Person)-[:KNOWS]->(m:Person)
WHERE n.name = 'Alice'
RETURN m AS person

Node patterns can contain labels and properties.

MATCH (n)-->(m)
RETURN n, m

Any pattern can be used in MATCH.

MATCH (n {name: 'Alice'})-->(m)
RETURN m AS node

Patterns with node properties.

MATCH p = (n)-->(m)
RETURN p AS path

Assign a path to p.

OPTIONAL MATCH

OPTIONAL MATCH (n)-[r]->(m {name: 'Alice'})
RETURN n, r, m

An OPTIONAL MATCH matches patterns against your graph database, just like a MATCH does. The difference is that if no matches are found, OPTIONAL MATCH will use a null for missing parts of the pattern.

MATCH (n {name: 'Neo'})
OPTIONAL MATCH (n)-[r]->(m {name: 'Alice'})
RETURN n, r, m

You should MATCH the portions that must be present, and then the OPTIONAL MATCH on the pieces of the pattern that may not be present.

WHERE

MATCH (n:Person)-->(m:Person)
WHERE n.property <> $value
RETURN n, m

The WHERE clause adds constraints to the patterns in a MATCH or OPTIONAL MATCH clause; or filters the results of a WITH clause.

The scope of the WHERE clause is within the related MATCH, OPTIONAL MATCH, or WITH clause.

WHERE EXISTS {
  MATCH (n)-->(m)
  WHERE n.age = m.age
}

Use an existential subquery to filter.

RETURN

MATCH (n)-[r]->(m)
RETURN *

Return the value of all variables.

MATCH (n)-[r]->(m:Person)
RETURN n AS node, r AS rel

Use alias for result column name.

MATCH (n)-[r:KNOWS]-(m:Person)
RETURN DISTINCT n AS node

Return unique rows.

MATCH (n:Person)-[r]->(m)
RETURN n AS node, r AS rel
ORDER BY n.name

Sort the result. The default order is ASCENDING.

MATCH (n:Person)-[r]->(m)
RETURN n AS node, r AS rel
ORDER BY n.name DESC

Sort the result in DESCENDING order.

MATCH (n:Person)-[r]->(m)
RETURN n AS node, r AS rel
SKIP 10

Skip the 10 first rows, for the result set.

MATCH (n:Person)-[r]->(m)
RETURN n AS node, r AS rel
LIMIT 10

Limit the number of rows to a maximum of 10, for the result set.

MATCH (n:Person)-[r]->(m)
RETURN count(*) AS nbr

The number of matching rows. See aggregating functions for more.

WITH

MATCH (user)-[:FRIEND]-(friend)
WHERE user.name = $name
WITH user, count(friend) AS friends
WHERE friends > 10
RETURN user

The WITH syntax is similar to RETURN. It separates query parts explicitly, allowing you to declare which variables to carry over to the next part. Return the value of all variables.

MATCH (user)-[:FRIEND]-(friend)
WITH user, count(friend) AS friends
WHERE friends > 10
ORDER BY friends DESC
SKIP 1
LIMIT 3
RETURN user

The WITH clause can use:

  • WHERE
  • ORDER BY
  • SKIP
  • LIMIT

UNION

MATCH (a)-[:KNOWS]->(b)
RETURN b.name AS name
UNION
MATCH (a)-[:LOVES]->(b)
RETURN b.name AS name

Returns the distinct union of all query results. Result column types and names have to match.

MATCH (a)-[:KNOWS]->(b)
RETURN b.name AS name
UNION ALL
MATCH (a)-[:LOVES]->(b)
RETURN b.name AS name

Returns the union of all query results, including duplicated rows.

Write-Only Query Structure

[USE]
[CREATE]
[MERGE [ON CREATE ...] [ON MATCH ...]]
[WITH [WHERE] [ORDER BY] [SKIP] [LIMIT]]
[SET]
[DELETE]
[REMOVE]
[RETURN [ORDER BY] [SKIP] [LIMIT]]

Baseline for write operations.

Read-Write Query Structure

[USE]
[MATCH [WHERE]]
[OPTIONAL MATCH [WHERE]]
[WITH [WHERE] [ORDER BY] [SKIP] [LIMIT]]
[CREATE]
[MERGE [ON CREATE ...] [ON MATCH ...]]
[WITH [WHERE] [ORDER BY] [SKIP] [LIMIT]]
[SET]
[DELETE]
[REMOVE]
[RETURN [ORDER BY] [SKIP] [LIMIT]]

Baseline for pattern search and write operations.

CREATE

CREATE (n {name: $value})

Create a node with the given properties.

CREATE (n $map)

Create a node with the given properties.

CREATE (n)-[r:KNOWS]->(m)

Create a relationship with the specified relationship type (KNOWS) and direction; bind a variable (r) to it.

CREATE (n)-[:LOVES {since: $value}]->(m)

Create a relationship with the given type, direction, and properties.

SET

SET e.property1 = $value1

Update or create a property.

SET
  e.property1 = $value1,
  e.property2 = $value2

Update or create several properties.

SET e = $map

Set all properties. This will remove any existing properties.

SET e = {}

Using the empty map ({}), removes any existing properties.

SET e += $map

Add and update properties, while keeping existing ones.

MATCH (n)
WHERE n.id = 123
SET n:Person

Add a label to a node. This example add the label Person to a node.

MERGE

MERGE (n:Person {name: $value})
ON CREATE SET n.created = timestamp()
ON MATCH SET
  n.counter = coalesce(n.counter, 0) + 1,
  n.accessTime = timestamp()

Match a pattern or create it if it does not exist. Use ON CREATE and ON MATCH for conditional updates.

MATCH
  (a:Person {name: $value1}),
  (b:Person {name: $value2})
MERGE (a)-[r:LOVES]->(b)

MERGE finds or creates a relationship between the nodes.

MATCH (a:Person {name: $value1})
MERGE (a)-[r:KNOWS]->(b:Person {name: $value3})

MERGE finds or creates paths attached to the node.

DELETE

MATCH ()-[r]->()
WHERE r.id = 123
DELETE r

Delete a relationship.

MATCH ()-[r]->()
DELETE r

Delete all relationships.

MATCH (n)
WHERE n.id = 123
DETACH DELETE n

Delete a node and all relationships connected to it.

MATCH (n)-[r]-()
WHERE r.id = 123 AND n.id = 'abc'
DELETE n, r

Delete a node and a relationship. This will throw an error if the node is attached to more than one relationship.

MATCH (n1:Person)-[r {id: 123}]->(n2:Person)
CALL {
  WITH n1 MATCH (n1)-[r1]-()
  RETURN count(r1) AS rels1
}
CALL {
  WITH n2 MATCH (n2)-[r2]-()
  RETURN count(r2) AS rels2
}
DELETE r
RETURN
  n1.name AS node1, rels1 - 1 AS relationships1,
  n2.name AS node2, rels2 - 1 AS relationships2

Delete a relationship and return the number of relationships for each node after the deletion.

MATCH (n)
DETACH DELETE n

Delete all nodes and relationships from the database.

REMOVE

MATCH (n:Person)
WHERE n.id = 123
REMOVE n:Person

Remove a label from a node. REMOVE n:ExampleLabel

MATCH (n:Person)
WHERE n.id = 123
REMOVE n.alias

Remove a property. REMOVE e.property

MATCH (n:Person)
WHERE n.id = 123
SET n = {} # REMOVE ALL properties

REMOVE cannot be used to remove all existing properties from a node or relationship. All existing properties can be removed from a node or relationship by using the SET clause with the property replacement operator (=) and an empty map ({}) as the right operand.

CASE

CASE n.eyes
  WHEN 'blue' THEN 1
  WHEN 'brown' THEN 2
  ELSE 3
END

The CASE clause can only be used as part of the RETURN clause or the WITH clause.

Return THEN value from the matching WHEN value. The ELSE value is optional, and substituted for null if missing.

CASE
  WHEN n.eyes = 'blue' THEN 1
  WHEN n.age < 40 THEN 2
  ELSE 3
END

Return THEN value from the first WHEN predicate evaluating to true. Predicates are evaluated in order.

CALL procedure

CALL db.labels() YIELD label

This shows a standalone call to the procedure db.labels to list all labels used in the database. Note that required procedure arguments are given explicitly in brackets after the procedure name.

CALL db.labels() YIELD *

Standalone calls may use YIELD * to return all columns.

CALL java.stored.procedureWithArgs

Standalone calls may omit YIELD and also provide arguments implicitly via statement parameters, e.g. a standalone call requiring one argument input may be run by passing the parameter map {input: 'foo'}.

CALL db.labels() YIELD label
RETURN count(label) AS db_labels

Calls the built-in procedure db.labels inside a larger query to count all labels used in the database. Calls inside a larger query always requires passing arguments and naming results explicitly with YIELD.

CALL subquery

CALL {
  MATCH (p:Person)-[:FRIEND_OF]->(other:Person)
  RETURN p, other
  UNION
  MATCH (p:Child)-[:CHILD_OF]->(other:Parent)
  RETURN p, other
}

This calls a subquery with two union parts. The result of the subquery can afterwards be post-processed.

FOREACH

WITH ['Alice', 'Neo'] AS names
FOREACH ( value IN names | CREATE (:Person {name: value}) )

Execute a mutating operation for each element in a list.

FOREACH ( r IN relationships(path) | SET r.marked = true )

Execute a mutating operation for each relationship in a path.

LOAD CSV

LOAD CSV FROM
'https://neo4j.com/docs/cypher-refcard/4.4/csv/artists.csv'
AS line
CREATE (:Artist {name: line[1], year: toInteger(line[2])})

Load data from a CSV file and create nodes.

LOAD CSV WITH HEADERS FROM
'https://neo4j.com/docs/cypher-refcard/4.4/csv/artists-with-headers.csv'
AS line
CREATE (:Artist {name: line.Name, year: toInteger(line.Year)})

Load CSV data which has headers.


LOAD CSV WITH HEADERS FROM
'https://neo4j.com/docs/cypher-refcard/4.4/csv/artists-with-headers.csv'
AS line
CALL {
  WITH line
  CREATE (:Artist {name: line.Name, year: toInteger(line.Year)})
} IN TRANSACTIONS OF 500 ROWS

Subqueries can be made to execute in separate, inner transactions, producing intermediate commits. Deprecated syntax: PERIODIC COMMIT.

Only auto-commit (implicit) transactions can accept this; pre-pend with :auto in Neo4j Browser.

LOAD CSV FROM
'https://neo4j.com/docs/cypher-refcard/4.4/csv/artists-fieldterminator.csv'
AS line FIELDTERMINATOR ';'
CREATE (:Artist {name: line[1], year: toInteger(line[2])})

Use a different field terminator, not the default which is a comma (with no whitespace around it).

file()

The file() function returns a string; the absolute path of the file that LOAD CSV is processing. Returns null if called outside of LOAD CSV context.

linenumber()

The linenumber function returns an integer; the line number that LOAD CSV is currently processing. Returns null if called outside of LOAD CSV context.

SHOW FUNCTIONS

SHOW FUNCTIONS

List all available functions, returns only the default outputs (name, category, and description).

SHOW FUNCTIONS YIELD *

Listing all available functions.

SHOW PROCEDURES

SHOW PROCEDURES

Listing all available procedures, returns only the default outputs (name, description, mode, and worksOnSystem).

SHOW PROCEDURES YIELD *

Listing all available procedures.

SHOW PROCEDURES EXECUTABLE YIELD name

List all procedures that can be executed by the current user and return only the name of the procedures.

SHOW TRANSACTIONS

SHOW TRANSACTIONS

Listing running transactions (within the instance), returns only the default outputs (database, transactionId, currentQueryId, connectionId, clientAddress, username, currentQuery, startTime, status, elapsedTime, and allocatedBytes).

SHOW TRANSACTIONS YIELD *

Listing running transactions (within the instance).

SHOW TRANSACTIONS 'transaction_id' YIELD *

Listing the running transaction (within the instance), with a specific transaction_id.

Transaction IDs must be supplied as:

  • Comma-separated list of one or more quoted strings; 'id1', 'id2'
  • Parameter containing a string; $value, (value = 'id1')
  • Parameter containing a list of strings; $value, (value = ['id1', 'id2'])

TERMINATE TRANSACTIONS

TERMINATE TRANSACTIONS 'transaction_id'

Terminate a specific transaction, returns the outputs:

  • transactionId
  • username
  • message

TERMINATE TRANSACTIONS $value
Transaction IDs must be supplied as:
  • Comma-separated list of one or more quoted strings; 'id1', 'id2'
  • Parameter containing a string; $value, (value = 'id1')
  • Parameter containing a list of strings; $value, (value = ['id1', 'id2'])

UNWIND

UNWIND [1, 2, 3] AS ix
RETURN ix + 1 AS item

The UNWIND clause expands a list into a sequence of rows.

Three rows are returned.

WITH [[1, 2], [3, 4], 5] AS nested
UNWIND nested AS ix
UNWIND ix AS iy
RETURN iy AS number

Multiple UNWIND clauses can be chained to unwind nested list elements.

Five rows are returned.

UNWIND $list_of_maps AS properties
CREATE (n)
SET n = properties

Create a node for each map in the list and set the given properties.

Example parameter: list_of_maps = [{name: 'Alice', age: 20}, {name: 'Neo'}]

UNWIND $names AS name
MATCH (n {name: name})
RETURN avg(n.age) AS average

With UNWIND, any list can be transformed back into individual rows. The example matches all names from a list of names.

Example parameter: names = ['Alice', 'Neo', 'Cypher']

USE

USE myDatabase

Select myDatabase to execute query, or query part, against.

USE neo4j
MATCH (n:Person)-[:KNOWS]->(m:Person)
WHERE n.name = 'Alice'

MATCH query executed against neo4j database.

Operators

DISTINCT, ., []

General

+, -, *, /, %, ^

Mathematical

=, <>, <, >, <=, >=, IS NULL, IS NOT NULL

Comparison

AND, OR, XOR, NOT

Boolean

+

String

+, IN, [x], [x .. y]

List

=~

Regular expression

STARTS WITH, ENDS WITH, CONTAINS

String matching

null

null is used to represent missing/undefined values.

null is not equal to null. Not knowing two values does not imply that they are the same value. So the expression null = null yields null and not true. To check if an expression is null, use IS NULL.

Arithmetic expressions, comparisons and function calls (except coalesce) will return null if any argument is null.

An attempt to access a missing element in a list or a property that does not exist yields null.

In OPTIONAL MATCH clauses, nulls will be used for missing parts of the pattern.

Patterns

(n:Person)

Node with Person label.

(n:Person:Swedish)

Node with both Person and Swedish labels.

(n:Person {name: $value})

Node with the declared properties.

()-[r {name: $value}]-()

Matches relationships with the declared properties.

(n)-->(m)

Relationship from n to m.

(n)--(m)

Relationship in any direction between n and m.

(n:Person)-->(m)

Node n labeled Person with relationship to m.

(m)<-[:KNOWS]-(n)

Relationship of type KNOWS from n to m.

(n)-[:KNOWS|:LOVES]->(m)

Relationship of type KNOWS or of type LOVES from n to m.

(n)-[r]->(m)

Bind the relationship to variable r.

(n)-[*1..5]->(m)

Variable length path of between 1 and 5 relationships from n to m.

(n)-[*]->(m)

Variable length path of any number of relationships from n to m. (See Performance section.)

(n)-[:KNOWS]->(m {property: $value})

A relationship of type KNOWS from a node n to a node m with the declared property.

shortestPath((n1:Person)-[*..6]-(n2:Person))

Find a single shortest path.

allShortestPaths((n1:Person)-[*..6]->(n2:Person))

Find a single shortest path.

size((n)-->()-->())

Count the paths matching the pattern.

Labels

CREATE (n:Person {name: $value})

Create a node with label and property.

MERGE (n:Person {name: $value})

Matches or creates unique node(s) with the label and property.

MATCH (n:Person)
RETURN n AS person

Matches nodes labeled Person.

MATCH (n)
WHERE (n:Person)

Checks the existence of the label on the node.

MATCH (n:Person)
WHERE n.name = $value

Matches nodes labeled Person with the given name.

MATCH (n:Person {id: 123})
SET n:Spouse:Parent:Employee

Add label(s) to a node.

MATCH (n {id: 123})
RETURN labels(n) AS labels

The labels function returns the labels for the node.

MATCH (n {id: 123})
REMOVE n:Person

Remove the label Person from the node.

Properties

MATCH (n {name: 'Alice'})
SET n += {
  a: 1,
  b: 'example',
  c: true,
  d: date('2022-05-04'),
  e: point({x: 2, y: 3}),
  f: [1, 2, 3],
  g: ['abc', 'example'],
  h: [true, false, false],
  i: [date('2022-05-04'), date()],
  j: [point({x: 2, y: 3}), point({x: 5, y: 5})],
  k: null
}

Neo4j only supports a subset of Cypher types for storage as singleton or array properties. Properties can be lists of numbers, strings, booleans, temporal, or spatial.

{a: 123, b: 'example'}

A map is not allowed as a property.

[{a: 1, b: 2}, {c: 3, d: 4}]

A list of maps are not allowed as a property.

[[1,2,3], [4,5,6]]

Collections containing collections can not be stored in properties.

[1, 2, null]

Collections containing null values can not be stored in properties.

Lists

RETURN ['a', 'b', 'c'] AS x

Literal lists are declared in square brackets.

WITH ['Alice', 'Neo', 'Cypher'] AS names
RETURN names

Literal lists are declared in square brackets.

RETURN size($my_list) AS len

Lists can be passed in as parameters.

Example parameter: my_list = [1, 2, 3]

RETURN $my_list[0] AS value

Lists can be passed in as parameters.

Example parameter: my_list = [1, 2, 3]

RETURN range($firstNum, $lastNum, $step) AS list

range() creates a list of numbers (step is optional), other functions returning lists are: labels(), nodes(), relationships().

MATCH p = (a)-[:KNOWS*]->()
RETURN relationships(p) AS r

The list of relationships comprising a variable length path can be returned using named paths and relationships().

RETURN list[$idx] AS value

List elements can be accessed with idx subscripts in square brackets. Invalid indexes return null.

RETURN list[$startIdx..$endIdx] AS slice

Slices can be retrieved with intervals from start_idx to end_idx, each of which can be omitted or negative. Out of range elements are ignored.

MATCH (a)
RETURN [(a)-->(b) WHERE b.name = 'Alice' | b.age] AS list

Pattern comprehensions may be used to do a custom projection from a match directly into a list.

MATCH (n:Person)
RETURN n {.name, .age}

Map projections may be easily constructed from nodes, relationships and other map values.

Maps

RETURN {name: 'Alice', age: 20, address: {city: 'London', residential: true}} AS alice

Literal maps are declared in curly braces much like property maps. Lists are supported.

WITH {name: 'Alice', age: 20, colors: ['blue', 'green']} AS map
RETURN map.name, map.age, map.colors[0]

Map entries can be accessed by their keys. Invalid keys result in an error.

WITH {person: {name: 'Anne', age: 25}} AS p
RETURN p.person.name AS name

Access the property of a nested map.

MERGE (p:Person {name: $map.name})
ON CREATE SET p = $map

Maps can be passed in as parameters and used either as a map or by accessing keys.

Example parameter: map = {'name': 'Alice', 'age': 20}

MATCH (matchedNode:Person)
RETURN matchedNode

Nodes and relationships are returned as maps of their data.

Predicates

n.property <> $value

Use comparison operators.

toString(n.property) = $value

Use functions.

n.number >= 1 AND n.number <= 10

Use boolean operators to combine predicates.

n:Person

Check for node labels.

variable IS NOT NULL

Check if something is not null, e.g. that a property exists.

n.property IS NULL OR n.property = $value

Either the property does not exist or the predicate is true.

n.property = $value

Non-existing property returns null, which is not equal to anything.

n['property'] = $value

Properties may also be accessed using a dynamically computed property name.

n.property STARTS WITH 'Neo'

String matching that starts with the specified string.

n.property ENDS WITH '4j'

String matching that ends with the specified string.

n.property CONTAINS 'cypher'

String matching that contains the specified string.

n.property =~ '(?i)neo.*'

String matching that matches the specified regular expression. By pre-pending a regular expression with (?i), the whole expression becomes case-insensitive.

(n)-[:KNOWS]->(m)

Ensure the pattern has at least one match.

NOT (n)-[:KNOWS]->(m)

Exclude matches to (n)-[:KNOWS]->(m) from the result.

n.property IN [$value1, $value2]

Check if an element exists in a list.

List Predicates

all(x IN coll WHERE x.property IS NOT NULL)

Returns true if the predicate is true for all elements in the list.

any(x IN coll WHERE x.property IS NOT NULL)

Returns true if the predicate is true for at least one element in the list.

none(x IN coll WHERE x.property IS NOT NULL)

Returns true if the predicate is false for all elements in the list.

single(x IN coll WHERE x.property IS NOT NULL)

Returns true if the predicate is true for exactly one element in the list.

List Expressions

size($list)

Number of elements in the list.

head($list)

Returns the first element of the list. Returns null for an empty list. Equivalent to the list indexing $list[0].

last($list)

Returns the last element of the list. Returns null for an empty list. Equivalent to the list indexing $list[-1].

tail($list)

Returns a list containing all elements except for the first element. Equivalent to the list slice $list[1..]. In this case out-of-bound slices are truncated to an empty list [].

reverse($list)

Returns a list containing all elements in reversed order.

[x IN list | x.prop]

A list of the value of the expression for each element in the original list.

[x IN list WHERE x.prop <> $value]

A filtered list of the elements where the predicate is true.

[x IN list WHERE x.prop <> $value | x.prop]

A list comprehension that filters a list and extracts the value of the expression for each element in that list.

reduce(s = '', x IN list | s + x.prop)

Evaluate expression for each element in the list, accumulate the results.

Functions

id(nodeOrRelationship)

The id function returns an integer; the internal ID of a node or relationship. Do not rely on the internal ID for your business domain; the internal ID can change between transactions.

properties(nodeOrRelationship)

The properties function returns a map containing all the properties of a node or relationship.

keys(nodeOrRelationship)

The keys function returns a list of string representations for the property names of a node or relationship.

keys($map)

The keys function returns a list of string representations for the keys of a map.

Example parameter: map = {name: 'Alice', age: 20}

coalesce(expr1, expr2, expr3, defaultValue)

The coalesce function return the first non-null expression.

Syntax: coalesce(expression [, expression]*)

timestamp()

The timestamp function returns an integer; the time in milliseconds since midnight, January 1, 1970 UTC. and the current time.

randomUUID()

The randomUUID function returns a string; a randomly-generated universally unique identifier (UUID).

toInteger(expr)

The toInteger function returns an integer number if possible, for the given expression; otherwise it returns null. The function returns an error if provided with an expression that is not a string, integer, floating point, boolean, or null.

toIntegerOrNull(expr)

The toIntegerOrNull function returns an integer number if possible, for the given expression; otherwise it returns null.

toFloat(expr)

The toFloat returns a floating point number if possible, for the given expression; otherwise it returns null. The function returns an error if provided with an expression that is not a string, integer, floating point, or null.

toFloatOrNull(expr)

The toFloatOrNull returns a floating point number if possible, for the given expression; otherwise it returns null.

toBoolean(expr)

The toBoolean returns a boolean if possible, for the given expression; otherwise it returns null. The function returns an error if provided with an expression that is not a string, integer, boolean, or null.

toBooleanOrNull(expr)

The toBooleanOrNull returns a boolean if possible, for the given expression; otherwise it returns null.

isEmpty(string)

The isEmpty returns a boolean; Check if a string has zero characters. Returns null for null.

isEmpty(list)

The isEmpty returns a boolean; Check if a list has zero items. Returns null for null.

isEmpty(map)

The isEmpty returns a boolean; Check if a map has zero keys. Returns null for null.

Path Functions

length(path)

The number of relationships in the path.

nodes(path)

The nodes in the path as a list.

relationships(path)

The relationships in the path as a list.

[x IN nodes(path) | x.prop]

Extract properties from the nodes in a path.

Spatial Functions

point({x: $x, y: $y})

Returns a point in a 2D cartesian coordinate system.

point({latitude: $y, longitude: $x})

Returns a point in a 2D geographic coordinate system, with coordinates specified in decimal degrees.

point({x: $x, y: $y, z: $z})

Returns a point in a 3D cartesian coordinate system.

point({latitude: $y, longitude: $x, height: $z})

Returns a point in a 3D geographic coordinate system, with latitude and longitude in decimal degrees, and height in meters.

point.distance(
  point({x: $x1, y: $y1}),
  point({x: $x2, y: $y2})
)

Returns a floating point number representing the linear distance between two points. The returned units will be the same as those of the point coordinates, and it will work for both 2D and 3D cartesian points.

point.distance(
  point({latitude: $y1, longitude: $x1}),
  point({latitude: $y2, longitude: $x2})
)

Returns the geodesic distance between two points in meters. It can be used for 3D geographic points as well.

point.withinBBox(
  point({x: 1, y: 1}),
  point({x: 0, y: 0}),
  point({x: 2, y: 2})
)

The point.withinBBox function returns a boolean; true if the provided point is contained in the bounding box (boundary included), otherwise the return value will be false.

Syntax: point.withinBBox(point, lowerLeft, upperRight)

  • point - the point (geographic or cartesian CRS) to check.
  • lowerLeft - the lower-left (south-west) point of a bounding box.
  • upperRight - the upper-right (north-east) point of a bounding box.
  • All inputs need to be in the same Coordinate Reference System (CRS).

Temporal Functions

date('2018-04-05')

Returns a date parsed from a string.

localtime('12:45:30.25')

Returns a time with no time zone.

time('12:45:30.25+01:00')

Returns a time in a specified time zone.

localdatetime('2018-04-05T12:34:00')

Returns a datetime with no time zone.

datetime('2018-04-05T12:34:00[Europe/Berlin]')

Returns a datetime in the specified time zone.

datetime({epochMillis: 3360000})

Transforms 3360000 as a UNIX Epoch time into a normal datetime.

date({year: $year, month: $month, day: $day})

All of the temporal functions can also be called with a map of named components. This example returns a date from year, month and day components. Each function supports a different set of possible components.

datetime({date: $date, time: $time})

Temporal types can be created by combining other types. This example creates a datetime from a date and a time.

date({date: $datetime, day: 5})

Temporal types can be created by selecting from more complex types, as well as overriding individual components. This example creates a date by selecting from a datetime, as well as overriding the day component.

WITH date('2018-04-05') AS d
RETURN d.year, d.month, d.day, d.week, d.dayOfWeek

Accessors allow extracting components of temporal types.

Duration Functions

RETURN duration('P1Y2M10DT12H45M30.25S') AS duration

Returns a duration of 1 year, 2 months, 10 days, 12 hours, 45 minutes and 30.25 seconds.

RETURN duration.between($date1, $date2) AS duration

Returns a duration between two temporal instances.

WITH duration('P1Y2M10DT12H45M') AS d
RETURN d.years, d.months, d.days, d.hours, d.minutes

Returns 1 year, 14 months, 10 days, 12 hours and 765 minutes.

WITH duration('P1Y2M10DT12H45M') AS d
RETURN d.years, d.monthsOfYear, d.days, d.hours, d.minutesOfHour

Returns 1 year, 2 months, 10 days, 12 hours and 45 minutes.

RETURN date('2015-01-01') + duration('P1Y1M1D') AS date

Returns a date of 2016-02-02. It is also possible to subtract durations from temporal instances.

RETURN duration('PT30S') * 10 AS duration

Returns a duration of 5 minutes. It is also possible to divide a duration by a number.

Mathematical Functions

RETURN abs($expr) AS abs

The absolute value.

RETURN rand() AS random

Returns a random number in the range from 0 (inclusive) to 1 (exclusive), [0,1). Returns a new value for each call. Also useful for selecting a subset or random ordering.

RETURN (toInteger(rand() * 10)) + 1 AS random

Return a random number in the range from 1 to 10.

RETURN round($number) AS nbr

Round to the nearest integer.

RETURN ceil($number) AS nbr

Round up to the nearest integer.

RETURN floor($number) AS nbr

Round down to the nearest integer.

RETURN sqrt($number) AS square

The square root.

RETURN sign($number) AS sign

0 if zero, -1 if negative, 1 if positive.

RETURN sin($radians) AS sine

Trigonometric functions also include cos(), tan(), cot(), asin(), acos(), atan(), atan2(), and haversin(). All arguments for the trigonometric functions should be in radians, if not otherwise specified.

degrees($expr), radians($expr), pi()

Converts radians into degrees; use radians() for the reverse, and pi() for π.

log10($expr), log($expr), exp($expr), e()

Logarithm base 10, natural logarithm, e to the power of the parameter, and the value of e.

String Functions

toString($expression)

String representation of the expression.

replace($original, $search, $replacement)

Replace all occurrences of search with replacement. All arguments must be expressions.

substring($original, $begin, $subLength)

Get part of a string. The subLength argument is optional.

left($original, $subLength)

The first part of a string.

right($original, $subLength)

The last part of the string.

trim($original), lTrim($original), rTrim($original)

Trim all whitespace, or on the left side, or on the right side.

toUpper($original), toLower($original)

UPPERCASE and lowercase.

split($original, $delimiter)

Split a string into a list of strings.

reverse($original)

Reverse a string.

size($string)

Calculate the number of characters in the string.

Relationship Functions

type($relationship)

String representation of the relationship type.

startNode($relationship)

Start node of the relationship.

endNode($relationship)

End node of the relationship.

id($relationship)

The internal ID of the relationship. Do not rely on the internal ID for your business domain; the internal ID can change between transactions.

Aggregating Functions

MATCH (:Person)-[:KNOWS]->(:Person {name: 'Alice'})
RETURN count(*) AS rows

The number of matching rows.

count(variable)

The number of non-null values.

count(DISTINCT variable)

All aggregating functions also take the DISTINCT operator, which removes duplicates from the values.

collect(n.property)

List from the values, ignores null.

sum(n.property)

Sum numerical values. Similar functions are avg(), min(), max().

percentileDisc(n.property, $percentile)

Discrete percentile. Continuous percentile is percentileCont(). The percentile argument is from 0.0 to 1.0.

stDev(n.property)

Standard deviation for a sample of a population. For an entire population use stDevP().

INDEX

SHOW INDEXES

List all indexes, returns only the default outputs (id, name, state, populationPercent, uniqueness, type, entityType, labelsOrTypes, properties, and indexProvider).

SHOW INDEXES YIELD *

List all indexes. See Listing indexes.

SHOW [ALL|BTREE|FULLTEXT|LOOKUP|TEXT] INDEXES

List a specific index type.

DROP INDEX index_name

Drop the index named index_name, throws an error if the index does not exist.

DROP INDEX index_name IF EXISTS

Drop the index named index_name if it exists, does nothing if it does not exist.

CREATE INDEX index_name
FOR (p:Person) ON (p.name)

Create a BTREE index with the specified name (index_name), on nodes with label Person and property name.

It is possible to omit the index_name, if not specified the index name will be decided by the DBMS. Best practice is to always specify a sensible name when creating an index.

The create syntax is CREATE [BTREE|FULLTEXT|LOOKUP|TEXT] INDEX .... Default to BTREE if not explicit stated.

CREATE BTREE INDEX index_name
FOR ()-[k:KNOWS]-() ON (k.since)

Create a BTREE index on relationships with type KNOWS and property since with the name index_name.

CREATE BTREE INDEX index_name
FOR (p:Person) ON (p.surname)
OPTIONS {
  indexProvider: 'native-btree-1.0',
  indexConfig: {
    `spatial.cartesian.min`: [-100.0, -100.0],
    `spatial.cartesian.max`: [100.0, 100.0]
  }
}

Create a BTREE index on nodes with label Person and property surname with the index provider native-btree-1.0 and given spatial.cartesian settings. The other index settings will have their default values.

CREATE INDEX index_name
FOR (p:Person) ON (p.name, p.age)

Create a composite index on nodes with label Person and the properties name and age, throws an error if the index already exist.

CREATE INDEX index_name IF NOT EXISTS
FOR (p:Person) ON (p.name, p.age)

Create a composite index on nodes with label Person and the properties name and age if it does not already exist, does nothing if it did exist.

CREATE LOOKUP INDEX index_name
FOR (n) ON EACH labels(n)

Create a token lookup index on nodes with any label.

CREATE LOOKUP INDEX index_name
FOR ()-[r]-() ON EACH type(r)

Create a token lookup index on relationships with any relationship type.

CREATE FULLTEXT INDEX index_name
FOR (n:Friend) ON EACH [n.name]
OPTIONS {
  indexConfig: {
    `fulltext.analyzer`: 'swedish'
  }
}

Create a fulltext index on nodes with the name index_name and analyzer swedish. Fulltext indexes on nodes can only be used by from the procedure db.index.fulltext.queryNodes. The other index settings will have their default values.

CREATE FULLTEXT INDEX index_name
FOR ()-[r:KNOWS]-() ON EACH [r.info, r.note]
OPTIONS {
  indexConfig: {
    `fulltext.analyzer`: 'english'
  }
}

Create a fulltext index on relationships with the name index_name and analyzer english. Fulltext indexes on relationships can only be used by from the procedure db.index.fulltext.queryRelationships. The other index settings will have their default values.

CREATE TEXT INDEX index_name
FOR (p:Person) ON (p.name)

Create a TEXT index on nodes with label Person and property name. The property value type should be a string for the TEXT index. Other value types are ignored by the TEXT index.

TEXT index is utilized if the predicate compares the property with a string. Note that for example toLower(n.name) = 'Example String' does not use an index. TEXT index is utilized to check the IN list checks, when all elements in the list are strings.

CREATE TEXT INDEX index_name
FOR ()-[r:KNOWS]-() ON (r.city)

Create a text index on relationships with type KNOWS and property city. The property value type should be a string for the TEXT index. Other value types are ignored by the TEXT index.

MATCH (n:Person)
WHERE n.name = $value

An index can be automatically used for the equality comparison. Note that for example toLower(n.name) = $value will not use an index.

MATCH (n:Person)
WHERE n.name IN [$value]

An index can automatically be used for the IN list checks.

MATCH (n:Person)
WHERE n.name = $value1 AND n.age = $value2

A composite index can be automatically used for equality comparison of both properties. Note that there needs to be predicates on all properties of the composite index for it to be used.

MATCH (n:Person)
USING INDEX n:Person(name)
WHERE n.name = $value

Index usage can be enforced when Cypher uses a suboptimal index, or more than one index should be used.

CONSTRAINT

SHOW UNIQUE CONSTRAINTS

List all unique constraints, returns only the default outputs (id, name, type, entityType, labelsOrTypes, properties, and ownedIndexId).

SHOW UNIQUE CONSTRAINTS YIELD *

List all unique constraints.

DROP CONSTRAINT constraint_name

Drop the constraint with the name constraint_name, throws an error if the constraint does not exist.

DROP CONSTRAINT constraint_name IF EXISTS

Drop the constraint with the name constraint_name if it exists, does nothing if it does not exist.

CREATE CONSTRAINT constraint_name IF NOT EXISTS
FOR (p:Person)
REQUIRE p.name IS UNIQUE

Create a unique property constraint on the label Person and property name. If any other node with that label is updated or created with a name that already exists, the write operation will fail.

Best practice is to always specify a sensible name when creating a constraint. Deprecated syntax: CREATE CONSTRAINT ON ... ASSERT ....

CREATE CONSTRAINT constraint_name IF NOT EXISTS
FOR (p:Person)
REQUIRE (p.name, p.age) IS UNIQUE

Create a unique property constraint on the label Person and properties name and age. If any node with that label is updated or created with a name and age combination that already exists, the write operation fails.

CREATE CONSTRAINT constraint_name
FOR (p:Person)
REQUIRE p.surname IS UNIQUE
OPTIONS {
  indexProvider: 'native-btree-1.0'
}

Create a unique property constraint on the label Person and property surname with the index provider native-btree-1.0 for the accompanying index.

CREATE CONSTRAINT constraint_name
FOR ()-[r:LIKED]-()
REQUIRE r.when IS NOT NULL

Create a relationship property existence constraint on the type LIKED and property when. If a relationship with that type is created without a when, or if the property when is removed from an existing relationship with the type LIKED, the write operation will fail.

CREATE CONSTRAINT constraint_name
FOR (p:Person)
REQUIRE p.name IS NOT NULL

Create a node property existence constraint on the label Person and property name.

CREATE CONSTRAINT constraint_name
FOR (p:Person)
REQUIRE (p.name, p.surname) IS NODE KEY

Create a node key constraint on the label Person and properties name and surname with the name constraint_name. If a node with that label is created without both name and surname or if the combination of the two is not unique, or if the name and/or surname properties on an existing node with the label Person is modified to violate these constraints, the write operation will fail.

CREATE CONSTRAINT constraint_name
FOR (p:Person)
REQUIRE (p.name, p.age) IS NODE KEY
OPTIONS {
  indexConfig: {
    `spatial.wgs-84.min`: [-100.0, -100.0],
    `spatial.wgs-84.max`: [100.0, 100.0]
  }
}

Create a node key constraint on the label Person and properties name and age with the name constraint_name and given spatial.wgs-84 settings. The other index settings will have their default values.

Performance

Use parameters instead of literals when possible. This allows Neo4j DBMS to cache your queries instead of having to parse and build new execution plans.

Always set an upper limit for your variable length patterns. It is possible to have a query go wild and touch all nodes in a graph by mistake.

Return only the data you need. Avoid returning whole nodes and relationships; instead, pick the data you need and return only that.

Use PROFILE / EXPLAIN to analyze the performance of your queries. See Query Tuning for more information on these and other topics, such as planner hints.

DATABASE Management

dba
`db1`
`database-name`
`database-name-123`
`database.name`
`database.name.123`

The naming rules for a database:

  • The character length of a database name must be at least 3 characters; and not more than 63 characters.
  • The first character of a database name must be an ASCII alphabetic character.
  • Subsequent characters must be ASCII alphabetic or numeric characters, dots or dashes; [a..z][0..9].-.
  • Database names are case-insensitive and normalized to lowercase.
  • Database names that begin with an underscore (_) or with the prefix system are reserved for internal use.

The non-alphabetic characters dot (.) and dash (-), including numbers, can be used in database names, but must be escaped using backticks (`). Database names are the only identifier for which dots (.) do not need to be escaped; best practice is to always escape when using dots.

SHOW DATABASES

List all databases in Neo4j DBMS and information about them, returns only the default outputs (name, aliases, access, address, role, requestedStatus, currentStatus, error, default, and home).

SHOW DATABASES YIELD *

List all databases in Neo4j DBMS and information about them.

SHOW DATABASES
YIELD name, currentStatus
WHERE name CONTAINS 'my'
  AND currentStatus = 'online'

List information about databases, filtered by name and currentStatus and further refined by conditions on these.

SHOW DATABASE `database-name` YIELD *

List information about the database database-name.

SHOW DEFAULT DATABASE

List information about the default database, for the Neo4j DBMS.

SHOW HOME DATABASE

List information about the current users home database.

DROP DATABASE `database-name` IF EXISTS

Delete the database database-name, if it exists.

CREATE DATABASE `database-name` IF NOT EXISTS

Create a database named database-name if it does not already exist.

CREATE OR REPLACE DATABASE `database-name`

Create a database named database-name. If a database with that name exists, then the existing database is deleted and a new one created.

STOP DATABASE `database-name`

Stop the database database-name.

START DATABASE `database-name`

Start the database database-name.

ALTER DATABASE `database-name` IF EXISTS
SET ACCESS READ ONLY

Modify the database database-name to accept only read queries.

ALTER DATABASE `database-name` IF EXISTS
SET ACCESS READ WRITE

Modify the database database-name to accept write and read queries.

ALIAS Management

SHOW ALIASES FOR DATABASE

List all database aliases in Neo4j DBMS and information about them, returns only the default outputs (name, database, location, url, and user).

SHOW ALIASES FOR DATABASE YIELD *

List all database aliases in Neo4j DBMS and information about them.

CREATE ALIAS `database-alias` IF NOT EXISTS
FOR DATABASE `database-name`

Create a local alias database-alias for the database with name database-name.

CREATE OR REPLACE ALIAS `database-alias`
FOR DATABASE `database-name`

Create or replace a local alias database-alias for the database with name database-name.

CREATE ALIAS `database-alias` IF NOT EXISTS
FOR DATABASE `database-name`
AT $url
USER user_name
PASSSWORD $password

Create a remote alias database-alias for the database with name database-name. Remote aliases was introduced in Neo4j 4.4.8.

Example parameters:

  • url = 'neo4j+s://example.com:7687'
  • password = 'example_secret'

ALTER ALIAS `database-alias` IF EXISTS
SET DATABASE TARGET `database-name`

Alter the alias database-alias to target the database with name database-name.

ALTER ALIAS `remote-database-alias` IF EXISTS
SET DATABASE
USER user_name
PASSWORD $password

Alter the remote alias remote-database-alias, set the user name (user_name) and the password.

Example parameter: password = 'example_secret'

DROP ALIAS `database-alias` IF EXISTS FOR DATABASE

Delete the alias database-alias.

USER Management

SHOW USERS

List all users in Neo4j DBMS, returns only the default outputs (user, roles, passwordChangeRequired, suspended, and home).

SHOW CURRENT USER

List the currently logged-in user, returns only the default outputs (user, roles, passwordChangeRequired, suspended, and home).

SHOW USERS
WHERE suspended = true

List users that are suspended.

DROP USER user_name

Delete the specified user.

CREATE USER user_name
SET PASSWORD $password

Create a new user and set the password. This password must be changed on the first login.

Example parameter: password = 'example_secret'

RENAME USER user_name TO other_user_name

Rename the specified user.

ALTER CURRENT USER
SET PASSWORD FROM $oldPassword TO $newPassword

Change the password of the logged-in user. The user will not be required to change this password on the next login.

Example parameters:

  • oldPassword = 'example_secret'
  • newPassword = 'new_secret'

ALTER USER user_name
SET PASSWORD 'example_secret'
CHANGE NOT REQUIRED

Set a new password (a String) for a user. This user will not be required to change this password on the next login.

ALTER USER user_name IF EXISTS
SET PASSWORD CHANGE REQUIRED

If the specified user exists, force this user to change the password on the next login.

ALTER USER user_name
SET STATUS SUSPENDED

Change the status to SUSPENDED, for the specified user.

ALTER USER user_name
SET STATUS ACTIVE

Change the status to ACTIVE, for the specified user.

ALTER USER user_name
SET HOME DATABASE `database-name`

Set the home database for the specified user.

ALTER USER user_name
REMOVE HOME DATABASE

Unset the home database for the specified user and fallback to the default database.

ROLE Management

SHOW ROLES

List all roles in the system, returns the output role.

SHOW ROLES
WHERE role CONTAINS $subString

List roles that contains a given string.

Example parameter: subString = 'read'

SHOW POPULATED ROLES

List all roles that are assigned to at least one user in the system.

SHOW POPULATED ROLES WITH USERS

List all roles that are assigned to at least one user in the system, and the users assigned to those roles. The returned outputs are role and member.

SHOW POPULATED ROLES WITH USERS
YIELD member, role
WHERE member = $user
RETURN role

List all roles that are assigned to a $user.

Example parameter: user = 'neo4j'

DROP ROLE role_name

Delete a role.

CREATE ROLE role_name IF NOT EXISTS

Create a role, unless it already exists.

CREATE ROLE role_name AS COPY OF other_role_name

Create a role, as a copy of the existing other_role_name.

RENAME ROLE role_name TO other_role_name

Rename a role.

GRANT ROLE role_name1, role_name2 TO user_name

Assign roles to a user.

REVOKE ROLE role_name FROM user_name

Remove the specified role from a user.

SHOW Privileges

SHOW PRIVILEGES

List all privileges in the system, and the roles that they are assigned to. Outputs returned are: access, action, resource, graph, segment, and role.

SHOW PRIVILEGES AS COMMANDS

List all privileges in the system as Cypher commands, for example GRANT ACCESS ON DATABASE * TO `admin`. Outputs returned are: command.

SHOW USER PRIVILEGES

List all privileges of the currently logged-in user, and the role that they are assigned to. Outputs returned are: access, action, resource, graph, segment, role, and user.

SHOW USER PRIVILEGES AS COMMANDS

List all privileges of the currently logged-in user, and the role that they are assigned to as Cypher commands, for example GRANT ACCESS ON DATABASE * TO $role. Outputs returned are: command.

SHOW USER user_name PRIVILEGES

List all privileges assigned to each of the specified users (multiple users can be specified seperated by commas n1, n2, n3), and the role that they are assigned to. Outputs returned are: access, action, resource, graph, segment, role, and user.

SHOW USER user_name PRIVILEGES AS COMMANDS

List all privileges assigned to each of the specified users (multiple users can be specified seperated by commas n1, n2, n3), as generic Cypher commands, for example GRANT ACCESS ON DATABASE * TO $role. Outputs returned are: command.

SHOW ROLE role_name PRIVILEGES

List all privileges assigned to each of the specified roles (multiple roles can be specified seperated by commas r1, r2, r3). Outputs returned are: access, action, resource, graph, segment, and role.

SHOW ROLE role_name PRIVILEGES AS COMMANDS

List all privileges assigned to each of the specified roles (multiple roles can be specified seperated by commas r1, r2, r3) as Cypher commands, for example GRANT ACCESS ON DATABASE * TO `admin`. Outputs returned are: command.

ON GRAPH Read Privileges

GRANT TRAVERSE
ON GRAPH * NODE * TO role_name

Grant TRAVERSE privilege on all graphs and all nodes to the specified role.

  • GRANT – gives privileges to roles.
  • DENY – denies privileges to roles.

REVOKE GRANT TRAVERSE
ON GRAPH * NODE * FROM role_name

To remove a granted or denied privilege, prepend the privilege query with REVOKE and replace the TO with FROM.

GRANT TRAVERSE
ON GRAPH * RELATIONSHIP * TO role_name

Grant TRAVERSE privilege on all graphs and all relationships to the specified role.

DENY READ {prop}
ON GRAPH `database-name` RELATIONSHIP rel_type TO role_name

Deny READ privilege on a specified property, on all relationships with a specified type in a specified graph, to a role.

GRANT MATCH {*}
ON HOME GRAPH ELEMENTS label_or_type TO role_name

Grant MATCH privilege on all nodes and relationships with the specified label/type, on the home graph, to a role. This is semantically the same as having both TRAVERSE privilege and READ privilege.

ON GRAPH Write Privileges

GRANT ALL GRAPH PRIVILEGES
ON GRAPH `database-name` TO role_name

Grant ALL GRAPH PRIVILEGES privilege on a specified graph to a role.

GRANT ALL ON GRAPH `database-name` TO role_name

Short form for grant ALL GRAPH PRIVILEGES privilege.

  • GRANT – gives privileges to roles.
  • DENY – denies privileges to roles.
To remove a granted or denied privilege, prepend the privilege query with REVOKE and replace the TO with FROM; (REVOKE GRANT ALL ON GRAPH `database-name` FROM role_name).

DENY CREATE
ON GRAPH * NODES node_label TO role_name

Deny CREATE privilege on all nodes with a specified label in all graphs to the specified role.

DENY DELETE
ON GRAPH `database-name` TO role_name

Deny DELETE privilege on all nodes and relationships in a specified graph to a role.

DENY SET LABEL node_label
ON GRAPH * TO role_name

Deny SET LABEL privilege for the specified label on all graphs to a role.

DENY REMOVE LABEL *
ON GRAPH `database-name` TO role_name

Deny REMOVE LABEL privilege for all labels on a specified graph to a role.

DENY SET PROPERTY {prop_name}
ON GRAPH `database-name` RELATIONSHIPS rel_type TO role_name

Deny SET PROPERTY privilege on a specified property, on all relationships with a specified type in a specified graph, to a role.

DENY MERGE {*}
ON GRAPH * NODES node_label TO role_name

Deny MERGE privilege on all properties, on all nodes with a specified label in all graphs, to a role.

DENY WRITE
ON GRAPH * TO role_name

Deny WRITE privilege on all graphs to a role.

ON DATABASE Privileges

GRANT ALL DATABASE PRIVILEGES
ON DATABASE * TO role_name

Grant ALL DATABASE PRIVILEGES privilege for all databases to the specified role.

  • Allows access (GRANT ACCESS).
  • Index management (GRANT INDEX MANAGEMENT).
  • Constraint management (GRANT CONSTRAINT MANAGEMENT).
  • Name management (GRANT NAME MANAGEMENT).
Note that the privileges for starting and stopping all databases, and transaction management, are not included.

GRANT ALL ON DATABASE * TO role_name

Short form for grant ALL DATABASE PRIVILEGES privilege.

  • GRANT – gives privileges to roles.
  • DENY – denies privileges to roles.
To remove a granted or denied privilege, prepend the privilege query with REVOKE and replace the TO with FROM; (REVOKE GRANT ALL ON DATABASE * FROM role_name).

GRANT ACCESS
ON DATABASE * TO role_name

Grant ACCESS privilege to access and run queries against all databases to a role.

GRANT START
ON DATABASE * TO role_name

Grant START privilege to start all databases to a role.

GRANT STOP
ON DATABASE * TO role_name

Grant STOP privilege to stop all databases to a role.

ON DATABASE - INDEX MANAGEMENT Privileges

GRANT INDEX MANAGEMENT
ON DATABASE * TO role_name

Grant INDEX MANAGEMENT privilege to create, drop, and list indexes for all database to a role.

  • Allow creating an index - (GRANT CREATE INDEX).
  • Allow removing an index - (GRANT DROP INDEX).
  • Allow listing an index - (GRANT SHOW INDEX).

GRANT CREATE INDEX
ON DATABASE `database-name` TO role_name

Grant CREATE INDEX privilege to create indexes on a specified database to a role.

GRANT DROP INDEX
ON DATABASE `database-name` TO role_name

Grant DROP INDEX privilege to drop indexes on a specified database to a role.

GRANT SHOW INDEX
ON DATABASE * TO role_name

Grant SHOW INDEX privilege to list indexes on all databases to a role.

ON DATABASE - CONSTRAINT MANAGEMENT Privileges

GRANT CONSTRAINT MANAGEMENT
ON DATABASE * TO role_name

Grant CONSTRAINT MANAGEMENT privilege to create, drop, and list constraints for all database to a role.

  • Allow creating a constraint - (GRANT CREATE CONSTRAINT).
  • Allow removing a constraint - (GRANT DROP CONSTRAINT).
  • Allow listing a constraint - (GRANT SHOW CONSTRAINT).

GRANT CREATE CONSTRAINT
ON DATABASE * TO role_name

Grant CREATE CONSTRAINT privilege to create constraints on all databases to a role.

GRANT DROP CONSTRAINT
ON DATABASE * TO role_name

Grant DROP CONSTRAINT privilege to create constraints on all databases to a role.

GRANT SHOW CONSTRAINT
ON DATABASE `database-name` TO role_name

Grant SHOW CONSTRAINT privilege to list constraints on a specified database to a role.

ON DATABASE - NAME MANAGEMENT Privileges

GRANT NAME MANAGEMENT
ON DATABASE * TO role_name

Grant NAME MANAGEMENT privilege to create new labels, new relationship types, and new property names for all databases to a role.

  • Allow creating a new label - (GRANT CREATE NEW LABEL).
  • Allow creating a new relationship type - (GRANT CREATE NEW TYPE).
  • Allow creating a new property name - (GRANT CREATE NEW NAME).

GRANT CREATE NEW LABEL
ON DATABASE * TO role_name

Grant CREATE NEW LABEL privilege to create new labels on all databases to a role.

DENY CREATE NEW TYPE
ON DATABASE * TO role_name

Deny CREATE NEW TYPE privilege to create new relationship types on a specified database to a role.

GRANT CREATE NEW NAME
ON DATABASE * TO role_name

Grant CREATE NEW NAME privilege to create new property names on all databases to a role.

ON DATABASE - TRANSACTION MANAGEMENT Privileges

GRANT TRANSACTION MANAGEMENT (*)
ON DATABASE * TO role_name

Grant TRANSACTION MANAGEMENT privilege to show and terminate transactions on all users, for all database, to a role.

  • Allow listing transactions - (GRANT SHOW TRANSACTION).
  • Allow terminate transactions - (GRANT TERMINATE TRANSACTION).

GRANT SHOW TRANSACTION (*)
ON DATABASE * TO role_name

Grant SHOW TRANSACTION privilege to list transactions on all users on all databases to a role.

GRANT TERMINATE TRANSACTION (*)
ON DATABASE * TO role_name

Grant TERMINATE TRANSACTION privilege to terminate transactions on all users on all databases to a role.

ON DBMS Privileges

GRANT ALL DBMS PRIVILEGES
ON DBMS TO role_name

Grant ALL DBMS PRIVILEGES privilege to perform management for roles, users, databases, aliases, and privileges to a role. Also privileges to execute procedures and user defined functions are granted.

  • Allow controlling roles - (GRANT ROLE MANAGEMENT).
  • Allow controlling users - (GRANT USER MANAGEMENT).
  • Allow controlling databases - (GRANT DATABASE MANAGEMENT).
  • Allow controlling aliases - (GRANT ALIAS MANAGEMENT).
  • Allow controlling privileges - (GRANT PRIVILEGE MANAGEMENT).
  • Allow user impersonation - (GRANT IMPERSONATE (*)).
  • Allow to execute all procedures with elevated privileges.
  • Allow to execute all user defined functions with elevated privileges.

GRANT ALL
ON DBMS TO role_name

Short form for grant ALL DBMS PRIVILEGES privilege.

  • GRANT – gives privileges to roles.
  • DENY – denies privileges to roles.
To remove a granted or denied privilege, prepend the privilege query with REVOKE and replace the TO with FROM; (REVOKE GRANT ALL ON DBMS FROM role_name).

GRANT IMPERSONATE (user_name1, user_name2)
ON DBMS TO role_name

Grant IMPERSONATE privilege to impersonate the specified users (user_name1 and user_name2) to a role.

GRANT IMPERSONATE (*)
ON DBMS TO role_name

Grant IMPERSONATE privilege to impersonate all users to a role.

ON DBMS - ROLE MANAGEMENT Privileges

GRANT ROLE MANAGEMENT
ON DBMS TO role_name

Grant ROLE MANAGEMENT privilege to manage roles to a role.

  • Allow creating roles - (GRANT CREATE ROLE).
  • Allow renaming roles - (GRANT RENAME ROLE).
  • Allow deleting roles - (GRANT DROP ROLE).
  • Allow assigning (GRANT) roles to a user - (GRANT ASSIGN ROLE).
  • Allow removing (REVOKE) roles to a user - (GRANT REMOVE ROLE).
  • Allow listing roles - (GRANT SHOW ROLE).

GRANT CREATE ROLE
ON DBMS TO role_name

Grant CREATE ROLE privilege to create roles, to a role.

GRANT RENAME ROLE
ON DBMS TO role_name

Grant RENAME ROLEprivilege to rename roles, to a role.

GRANT DROP ROLE
ON DBMS TO role_name

Grant DROP ROLE privilege to delete roles, to a role.

GRANT ASSIGN ROLE
ON DBMS TO role_name

Grant ASSIGN ROLE privilege to assign roles to users, to a role.

GRANT REMOVE ROLE
ON DBMS TO role_name

Grant REMOVE ROLE privilege to remove roles from users, to a role.

GRANT SHOW ROLE
ON DBMS TO role_name

Grant SHOW ROLE privilege to list roles, to a role.

ON DBMS - USER MANAGEMENT Privileges

GRANT USER MANAGEMENT
ON DBMS TO role_name

Grant USER MANAGEMENT privilege to manage users to a role.

  • Allow creating users - (GRANT CREATE USER).
  • Allow renaming users - (GRANT RENAME USER).
  • Allow modifying a user - (GRANT ALTER USER).
  • Allow deleting users - (GRANT DROP USER).
  • Allow listing users - (GRANT SHOW USER).

GRANT CREATE USER
ON DBMS TO role_name

Grant CREATE USER privilege to create users to a role.

GRANT RENAME USER
ON DBMS TO role_name

Grant RENAME USER privilege to rename users to a role.

GRANT ALTER USER
ON DBMS TO my_role

Grant ALTER USER privilege to alter users to a role.

  • Allow changing a user's password - (GRANT SET PASSWORD).
  • Allow changing a user's home database - (GRANT SET USER HOME DATABASE).
  • Allow changing a user's status - (GRANT USER STATUS).

GRANT SET PASSWORD
ON DBMS TO role_name

Grant SET PASSWORD privilege to alter a user password to a role.

GRANT SET USER HOME DATABASE
ON DBMS TO role_name

Grant SET USER HOME DATABASE privilege to alter the home database of users to a role.

GRANT SET USER STATUS
ON DBMS TO role_name

Grant SET USER STATUS privilege to alter user account status to a role.

GRANT DROP USER
ON DBMS TO role_name

Grant DROP USER privilege to delete users to a role.

GRANT SHOW USER
ON DBMS TO role_name

Grant SHOW USER privilege to list users to a role.

ON DBMS - DATABASE MANAGEMENT Privileges

GRANT DATABASE MANAGEMENT
ON DBMS TO role_name

Grant DATABASE MANAGEMENT privilege to manage databases and aliases, to a role.

  • Allow creating databases and aliases - (GRANT CREATE DATABASE).
  • Allow deleting databases and aliases - (GRANT DROP DATABASE).
  • Allow modifying databases and aliases - (GRANT ALTER DATABASE).
  • Allow modifying access mode for databases - (GRANT SET DATABASE ACCESS).

GRANT CREATE DATABASE
ON DBMS TO role_name

Grant CREATE DATABASE privilege to create databases and aliases, to a role.

GRANT DROP DATABASE
ON DBMS TO role_name

Grant DROP DATABASE privilege to delete databases and aliases, to a role.

GRANT ALTER DATABASE
ON DBMS TO role_name

Grant ALTER DATABASE privilege to alter databases and aliases, to a role.

GRANT SET DATABASE ACCESS
ON DBMS TO role_name

Grant SET DATABASE ACCESS privilege to set database access mode, to a role.

ON DBMS - ALIAS MANAGEMENT Privileges

GRANT ALIAS MANAGEMENT
ON DBMS TO role_name

Grant ALIAS MANAGEMENT privilege to manage aliases to a role.

  • Allow creating aliases - (GRANT CREATE ALIAS).
  • Allow deleting aliases - (GRANT DROP ALIAS).
  • Allow modifying aliases - (GRANT ALTER ALIAS).
  • Allow listing aliases - (GRANT SHOW ALIAS).

GRANT CREATE ALIAS
ON DBMS TO role_name

Grant CREATE ALIAS privilege to create aliases, to a role.

GRANT DROP ALIAS
ON DBMS TO role_name

Grant DROP ALIAS privilege to delete aliases, to a role.

GRANT ALTER ALIAS
ON DBMS TO role_name

Grant ALTER ALIAS privilege to alter aliases, to a role.

GRANT SHOW ALIAS
ON DBMS TO role_name

Grant SHOW ALIAS privilege to list aliases, to a role.

ON DBMS - PRIVILEGE MANAGEMENT Privileges

GRANT PRIVILEGE MANAGEMENT
ON DBMS TO role_name

Grant PRIVILEGE MANAGEMENT privilege to manage privileges for the Neo4j DBMS to a role.

  • Allow assigning (GRANT|DENY) privileges for a role - (GRANT ASSIGN PRIVILEGE).
  • Allow removing (REVOKE) privileges for a role - (GRANT REMOVE PRIVILEGE).
  • Allow listing privileges - (GRANT SHOW PRIVILEGE).

GRANT ASSIGN PRIVILEGE
ON DBMS TO role_name

Grant ASSIGN PRIVILEGE privilege, allows the role to assign privileges for roles.

GRANT REMOVE PRIVILEGE
ON DBMS TO role_name

Grant REMOVE PRIVILEGE privilege, allows the role to remove privileges for roles.

GRANT SHOW PRIVILEGE
ON DBMS TO role_name

Grant SHOW PRIVILEGE privilege to list privileges, to a role.