Skip to content

Commit

Permalink
note that the role does not need access to the property used in the p…
Browse files Browse the repository at this point in the history 
…roperty rule
  • Loading branch information
@HannesSandberg
HannesSandberg committed Mar 25, 2024
1 parent 1159f43 commit 6b8607d
Showing 1 changed file with 8 additions and 0 deletions.
8 changes: 8 additions & 0 deletions modules/ROOT/pages/authentication-authorization/property-based-access-control.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ Pattern syntax:
====
For more details about the syntax descriptions, see xref:database-administration/syntax.adoc[Cypher syntax for administration commands].
====
[NOTE]
====
The role does not need to have `READ` privilege for the property used by the property-based privilege.
====
You can use this pattern syntax for defining read privileges as follows:

[source, syntax, role="noheader"]
Expand Down Expand Up @@ -78,6 +82,10 @@ DENY MATCH {*} ON GRAPH * FOR (n) WHERE n.classification <> 'UNCLASSIFIED' TO re
----
GRANT READ {*} ON GRAPH * FOR (n) WHERE n.securityLevel > 3 TO regularUsers
----
[NOTE]
====
The role `regularUsers` does not need to have `READ` privilege for the property `securityLevel` used by the property-based privilege.
====

.Denying permission to `READ` all properties on nodes where the property `classification` is not included in the list of `[UNCLASSIFIED, PUBLIC]`
[source, syntax, role="noheader"]
Expand Down

0 comments on commit 6b8607d

Please sign in to comment.