Fine Grained Control - Where User == Resource.User

I am working through building a platform, and am at a point where I want to add security in to the build.

Ignoring anything to do with the rest of the stack, and focussing just on user roles within Neo4j, is it possible to use fine grained control to grant access to a user only for their node, and specific traversals of that node.

I have looked through on:

and the role that would most closely match what I am trying to describe, is what a 'Patient' would see in the sample provided.

Coming from firebase, the equivalent statement in firestore rules would be

    match /customers/{uid} {
      allow read: if request.auth.uid == uid;

Can this be done exclusively within neo4j, or would it require support from the serverside solution?

Any guidance greatly appreciated.

Yes, this can exclusively be done within Neo4j as mentioned through the GRANT , REVOKE, etc. commands on Neo4j. (example can be seen on the same link, you have mentioned in the question)
But to highlight this fine-grained access control feature is a part of the Neo4j Enterprise version and hence won't be possible on Neo4j community eidition.


Thanks Dhruv. Sorry, I am still relatively new to Neo4J.

Can this be done as a pattern, or should it be done per user, i.e. running it on each new sign up?

Hi @tris

Neo4j v4 and above provides a very fine grained access control options.
You can create new roles that have a pattern as you mentioned and then assign each user on sign up to either of those roles based on your requirement.
New custom roles can be created for any new requirement and added over the fly.

You even have the option to integrate the neo4j access pattern to your own (if exists) organizations LDAP services. Details for this can be found on this link-

Fine grained control introduced in Neo4j v4 and above is a very strong tool and can ideally give control over each and every possible aspect of a graph and functions that we use over it, if used efficiently.