add in a list to the property value access rule page

neo4j · Mar 25, 2024 · 1159f43 · 1159f43
1 parent be92513
commit 1159f43
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/modules/ROOT/pages/authentication-authorization/property-based-access-control.adoc b/modules/ROOT/pages/authentication-authorization/property-based-access-control.adoc
@@ -34,8 +34,8 @@ Pattern syntax:
 [source, syntax, role="noheader"]
 ----
 ([var][:label["|" ...]] "{" property: value "}")
-| (var[:label["|" ...]]) WHERE [NOT] var.property { { = | <> | > | >= | < | <= } value | IS NULL | IS NOT NULL }
-| (var[:label["|" ...]] WHERE [NOT] var.property { { = | <> | > | >= | < | <= } value | IS NULL | IS NOT NULL } )
+| (var[:label["|" ...]]) WHERE [NOT] var.property { { = | <> | > | >= | < | <= } value | IS NULL | IS NOT NULL | IN { "["[value[, ...]]"]" | listParam } }
+| (var[:label["|" ...]] WHERE [NOT] var.property { { = | <> | > | >= | < | <= } value | IS NULL | IS NOT NULL | IN "["[value[, ...]]"]" | listParam } } )
 ----
 [NOTE]
 ====
@@ -78,3 +78,9 @@ DENY MATCH {*} ON GRAPH * FOR (n) WHERE n.classification <> 'UNCLASSIFIED' TO re
 ----
 GRANT READ {*} ON GRAPH * FOR (n) WHERE n.securityLevel > 3 TO regularUsers
 ----
+
+.Denying permission to `READ` all properties on nodes where the property `classification` is not included in the list of `[UNCLASSIFIED, PUBLIC]`
+[source, syntax, role="noheader"]
+----
+DENY READ {*} ON GRAPH * FOR (n) WHERE NOT n.classification IN ['UNCLASSIFIED', 'PUBLIC'] TO regularUsers
+----