Administering immutable privileges
This tutorial describes methods for administering immutable privileges, which are useful assets for restricting the actions of users who themselves are able to administer privileges. They offer a way to prevent such users from simply removing any restrictions by using their privilege management privileges.
In other words, having privilege management privileges is not sufficient to add or remove immutable privileges. The only way immutable privileges can be added or removed is when auth is disabled.
There are two specific scenarios which equate to auth being disabled.
One is when dbms.security.auth_enabled
is set to false
, and the other is from the context of the Security Init file.
Both of these are described in this tutorial.
Administering immutable privileges via the Security Init file
The Security Init file is a file containing a list of Cypher commands which are run when the system database is created for the first time. Putting immutable privilege commands in this file will ensure that they are in place before the DBMS is accessed for the first time.
The following steps must be performed before the first time the Neo4j DBMS is started. If the DBMS has already been initialized, you will need to make changes by disabling auth. The steps to do this are described in sequence. |
-
Create a file named
systemdb-init.cypher
and edit it to contain the immutable privileges which you require.
In this instance, you would like to prevent all users (via thePUBLIC
role) from being able to perform Database Management actions.
Make sure that even users with the rights to alter their own privileges cannot remove thisDENY
.DENY IMMUTABLE DATABASE MANAGEMENT ON DBMS TO PUBLIC
-
Specify the path of the Security Init file by setting the
internal.dbms.init_file
config settings to the full path of the file created in step 1. -
Start the DBMS.
-
Observe that the immutable privileges are now in place:
SHOW PRIVILEGES WHERE IMMUTABLE
access | action | resource | graph | segment | role | immutable |
---|---|---|---|---|---|---|
|
|
|
|
|
|
|
This privilege can now be considered to be an immutable part of the DBMS. The only way to subsequently remove it would be to disable auth.
Administering immutable privileges by disabling auth
This should only be performed when you have other means of preventing access to the Neo4j DBMS. |
When auth is disabled, immutable privileges can be added and removed in the same way as regular privileges. To do so, follow these steps:
-
Change the config setting
dbms.security.auth_enabled
tofalse
. -
Restart the Neo4j DBMS.
-
Create or remove immutable privileges in the same way as regular privileges, using the keyword
IMMUTABLE
. -
Change the config setting
dbms.security.auth_enabled
totrue
. -
Restart the Neo4j DBMS.
-
Observe that the following immutable privileges are now in place:
SHOW PRIVILEGES WHERE IMMUTABLE
access | action | resource | graph | segment | role | immutable |
---|---|---|---|---|---|---|
|
|
|
|
|
|
|
Privileges like this one can now be considered to be an immutable part of the DBMS. The only way to subsequently remove it would be to disable auth.
Was this page helpful?