Propagate users and roles

This section describes how to propagate native users, roles, and role assignments across a Neo4j cluster.

Native users, roles and role assignments are stored in files named auth and roles. The files are located in the data directory (see Section 3.1, “File locations”) in a subdirectory called dbms. Neo4j automatically reloads the stored users and assigned roles from disk every five seconds. Changes to users and roles are applied only to the Neo4j instance on which the commands are executed. This means that changes are not automatically propagated across a cluster of Neo4j instances, but have to be specifically provided for.

A number of options are available to propagate changes to native users, custom roles, and role assignments across a cluster:

The recommended solution for clustered security is to use the LDAP or plugin auth provider.