This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

Can i use RBAC features to build filtering functionality in my application

krisgeus
Node Clone

‎01-10-2020 02:26 AM

I need to build in filtering of query results so that a user can tell upfront which nodetypes and relationshiptypes need to be considered in a query. I can of course add this to each query but when testing out the RBAC features of neo the idea came to mind if it is possible to use that mechanism to not overcomplicate my query and maybe using the internals of neo4j for this is faster in performance.
Is there a way to tell the bolt driver to assume a role before executing a query. Or are there plans to build such functionality in neo4j 4.0?

Labels:
0 Kudos
Reply
5 REPLIES 5

MuddyBootsCode
Graph Steward

‎01-10-2020 07:26 AM

What drivers are you using for your project? Is it a GRANDstack project or are you simply using one of the other language drivers?

0 Kudos
Reply

krisgeus
Node Clone
In response to MuddyBootsCode

‎01-10-2020 10:10 AM

Using the java driver in this case. Also using the python neo4j driver for other parts of the project

0 Kudos
Reply

fourier134949
Node

‎04-14-2021 07:15 AM

We have exactly the same problem
We have a REST application that accesses neo4j for retrieving data from the graph and we would like to leverage on neo4j RBAC for data filtering and authorization.
Is there a way to provide the user/role to assume for a query in the same connection? We cannot establish a new connection and execute a login for every request coming to our REST application

Thanks!

0 Kudos
Reply

krisgeus
Node Clone
In response to fourier134949

‎04-14-2021 07:44 AM

About a year ago I talked to some of the neo4j developers and got the impression that this was something that could be put on the backlog. I havent followed up on that so don;t know if this feature request made it through

0 Kudos
Reply

fourier134949
Node

‎04-14-2021 07:52 AM

We think that the actual implementation of RBAC is only useful in case you have a UI that establishes a 1<--> 1 connection to neo4j leveraging the same role of the user that logged in.
However I've never seen a UI/Backend that follows this pattern IMHO.
A backend/UI usually keeps a connection pool using a service account and it uses this pool for creating sessions and executing queries.
From the perspective of a backend the user that logs in is always the same (the service account), so it is essential that the driver provides a way for assuming a role before triggering a query.

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays