7.1.4.1. Native roles

This chapter describes native roles in Neo4j.

Neo4j provides four built-in roles in our role-based access control framework:

We detail below the set of actions on the data and database prescribed by each role:

Action reader publisher architect admin (no role)

Change own password

X

X

X

X

X

View own details

X

X

X

X

X

Read data

X

X

X

X

 

View own queries

X

X

X

X

 

Terminate own queries

X

X

X

X

 

Write/update/delete data

 

X

X

X

 

Create/drop index/constraint

   

X

X

 

Create/delete user

     

X

 

Change another user’s password

     

X

 

Assign/remove role to/from user

     

X

 

Suspend/activate user

     

X

 

View all users/roles

     

X

 

View all roles for a user

     

X

 

View all users for a role

     

X

 

View all queries

     

X

 

Terminate all queries

     

X

 

A user who has no assigned roles will not have any rights or capabilities regarding the data, not even read privileges. A user may have more than one assigned role, and the union of these determine what action(s) on the data may be undertaken by the user.