Procedure and user-defined function privileges
To be able to run a procedure or user-defined function, the user needs to have the corresponding execute privilege. Procedures and user-defined functions are executed according to the same security rules as regular Cypher statements, e.g. a procedure performing writes will fail if called by a user that only has read privileges.
Procedures and user-defined functions can also be run with privileges exceeding the users' own privileges. This is called execution boosting. The elevated privileges only apply within the procedure or user-defined function; any operation performed outside will still use the users' original privileges.
The steps below assume that the procedure or user-defined function is already developed and installed. Please refer to Java Reference → Extending Neo4j for a description of creating and using user-defined procedures and functions. |
Manage procedure permissions
Procedure permissions can be managed using the native execute privileges. These control whether the user is allowed to execute a procedure and which set of privileges apply during the execution.
A procedure may be run using the EXECUTE PROCEDURE
privilege.
This allows the user to execute procedures that match the globbed procedures.
GRANT EXECUTE PROCEDURE db.schema.visualization ON DBMS TO visualizer
This will allow any user with the visualizer
role to execute the db.schema.visualization
.
E.g. a user that also has the following privileges:
GRANT TRAVERSE ON GRAPH * NODES A, B TO role
GRANT TRAVERSE ON GRAPH * RELATIONSHIP R1 TO role
When calling the db.schema.visualization
procedure, the user will only see the A
and B
nodes and R1
relationships, even though there might exist other nodes and relationships.
A procedure may also be executed with elevated privileges using the EXECUTE BOOSTED PROCEDURE
privilege.
The |
This allows the user to successfully execute procedures that would otherwise fail during execution with their assigned roles. The user is given full privileges for the procedure, during the execution of the procedure only.
GRANT EXECUTE BOOSTED PROCEDURE db.schema.visualization ON DBMS TO visualizer
This will allow any user with the visualizer
role to execute the db.schema.visualization
with elevated privileges.
When calling the db.schema.visualization
procedure, the user will see all nodes and relationships that exist in the graph, even though they have no traversal privileges.
Manage user-defined function permissions
User-defined function permissions can be managed using the native execute privileges. These control if the user is both allowed to execute a user-defined function and which set of privileges apply during the execution.
A user-defined function may be executed using the EXECUTE USER DEFINED FUNCTION
privilege.
This allows the user to execute user-defined functions that match the globbed user-defined function.
GRANT EXECUTE USER DEFINED FUNCTION apoc.any.properties ON DBMS TO custom
This will allow any user with the custom
role to execute the apoc.any.properties
.
E.g. a user that also has the following privilege:
GRANT MATCH {visibleProp} ON GRAPH * NODES A TO role
When calling the user-defined function MATCH (a:A) RETURN apoc.any.properties(a) AS properties
, they will only see the visibleProp
even though there might exist other properties.
A user-defined function may also be executed with elevated privileges using the
EXECUTE BOOSTED USER DEFINED FUNCTION
privilege.
The |
This allows the user to successfully execute user-defined functions that would otherwise fail during execution with their assigned roles. The user is given full privileges for the user-defined function, during the execution of the function only.
GRANT EXECUTE BOOSTED USER DEFINED FUNCTION apoc.any.properties ON DBMS TO custom
This will allow any user with the custom
role to execute the apoc.any.properties
with elevated privileges.
E.g. a user that also has the following privileges:
GRANT TRAVERSE ON GRAPH * NODES A TO role
When calling the user-defined function MATCH (a:A) RETURN apoc.any.properties(a) AS properties
, they will see all properties that exist on the matched nodes even though they have no read privileges.