8.4.3. Propagate users and roles

This section describes how to propagate native users, roles, and role assignments across a Neo4j cluster.

Native users, and user passwords recorded in SHA-256 encrypted format, are stored in a file named auth. Roles and role assignments are stored in a file named roles. The files are located in the data directory, in a subdirectory called dbms. Neo4j automatically reloads the stored users and assigned roles from disk every five seconds.

Changes to users and roles are applied only to the Neo4j instance on which the commands are executed. This means that changes are not automatically propagated across a cluster of Neo4j instances, but have to be specifically provided for. A number of options are available to propagate changes to native users, custom roles, and role assignments across a cluster:

The recommended solution for clustered security is to use the LDAP or plugin auth provider.