This feature was released in Neo4j 5.13.
This section explains how to use Cypher to manage load privileges. All load privileges apply to the whole system. Like DBMS privileges, they do not belong to one specific database or graph. For more details on the differences between graphs, databases, and the DBMS, refer to Cypher Manual → Cypher and Neo4j.
The load privileges apply to the Cypher
LOAD CSV clause, deciding whether or not the data can be loaded from the given source.
The load privileges are assigned using Cypher administrative commands. They can be granted, denied, and revoked in the same way as other privileges. For more details, see RBAC and fine-grained privileges.
Enables the specified roles to load external data in queries.
More details about the syntax descriptions can be found Cypher syntax for administration commands.
Unlike other privileges, the
LOAD privilege is not granted, denied, or revoked on
Graph, but instead on the data source to load from.
ON ALL DATA means a role has the privilege to load data from all sources.
The load privilege on
ALL DATA enables or disables loading data.
If granted, the user can load data from any source.
If missing or denied, no data can be loaded at all.
For example, the below query grants users with the role
roleLoadAllData the ability to load data with
GRANT LOAD ON ALL DATA TO roleLoadAllData
The below query lists all privileges for the role
roleLoadAllData as commands:
SHOW ROLE roleLoadAllData PRIVILEGES AS COMMANDS
LOAD ON ALL DATA privilege is granted to the
PUBLIC role by default.