This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Head's Up! These forums are read-only. All users and content have migrated. Please join us at community.neo4j.com.

Object Tree, Users, Privilege Query

mburbidg
Node

‎11-09-2019 03:43 PM

2X_0_0cf1ac7d5df316433c968837924ff2b13e7b0165.jpeg

In our system, objects are organized into single rooted hierarchies (trees). In the diagram, the gray circles represent objects. An edge, named CHILD represents the child objects of a parent object.

User’s are given access privilege to specific objects in the tree. Users in the diagram are represented by pink circles. An access privilege is represented by an edge named CAN_ACCESS from a user to an object.

Access privileges in our system are inherited.

I’m trying to write a query that would find the objects a given user has access privilege to, but does not have access privilege to an ancestor.

In the example diagram for the user U2, the query should result in [b, c]. U2 does have privilege grant to f, but f should be excluded from the results because U2 has access to b, which is an ancestor of f.

thanks,
Michael-

0 Kudos
Reply
1 REPLY 1

mburbidg
Node

‎11-09-2019 04:21 PM

This is what I came up with. It seems to work.

MATCH (user:User{name:"U2"})-[:GRANT]->(asset:Asset)
WHERE NOT(EXISTS((asset)<-[:CHILD*]-(:Asset)<-[:GRANT]-(user)))
return asset

0 Kudos
Reply
Nodes 2022
Nodes
NODES 2022, Neo4j Online Education Summit

All the sessions of the conference are now available online

Watch replays