Add documentation for the alter database privileges on database level #2490
Conversation
Since we moved them over from DBMS level (while still keeping the DBMS level syntax, just as another syntax for `DATABASE *`)
| @@ -184,7 +186,8 @@ See link:{neo4j-docs-base-uri}/status-codes/{page-version}/notifications/all-not | |||
|
|
|||
| The hierarchy between the different database privileges is shown in the image below. | |||
|
|
|||
| image::privileges_hierarchy_database.svg[title="Database privileges hierarchy"] | |||
| // TODO: do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure | |||
| image::privileges_hierarchy_database.svg[width="800", title="Database privileges hierarchy"] | |||
There was a problem hiding this comment.
do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Show resolved
Hide resolved
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
|
|
||
| image::privileges_grant_and_deny_syntax_database_privileges.svg[title="Syntax of GRANT and DENY Database Privileges"] | ||
| // TODO: do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure | ||
| image::privileges_grant_and_deny_syntax_database_privileges.svg[width="800", title="Syntax of GRANT and DENY Database Privileges"] |
There was a problem hiding this comment.
do we want two pictures, one for Cypher 5 and one for Cypher 25? I'd guess not but I'm not sure
| @@ -564,7 +613,7 @@ DENY [IMMUTABLE] START | |||
| TO role[, ...] | |||
| ---- | |||
|
|
|||
| For example, to deny the role `regularUsers` the ability to start to the database `neo4j`, use: | |||
| For example, to deny the role `regularUsers` the ability to start to the database `system`, use: | |||
There was a problem hiding this comment.
the example query had system... (even if starting and stopping system isn't really a thing I think)
There was a problem hiding this comment.
Maybe it's better to update the example to use neo4j?
There was a problem hiding this comment.
maybe, but it would require more changes as that also affects the show output and such 🤷 I decided to start with the smallest change to fix it as it wasn't what I was updating the docs for
| @@ -596,7 +645,7 @@ DENY [IMMUTABLE] STOP | |||
| TO role[, ...] | |||
| ---- | |||
|
|
|||
| For example, to deny the role `regularUsers` the ability to stop the database `neo4j`, use: | |||
| For example, to deny the role `regularUsers` the ability to stop the database `system`, use: | |||
There was a problem hiding this comment.
the example query had system... (even if starting and stopping system isn't really a thing I think)
There was a problem hiding this comment.
As above, I don't think we want an example that doesn't work .
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Show resolved
Hide resolved
| @@ -1070,6 +1070,10 @@ GRANT [IMMUTABLE] DATABASE MANAGEMENT | |||
|
|
|||
| |=== | |||
|
|
|||
| From Cypher 25, the `ALTER DATABASE`, `SET DATABASE ACCESS`, `SET DATABASE DEFAULT LANGUAGE`, and `ALTER COMPOSITE DATABASE` privileges can be granted both as database privileges and as DBMS privileges. | |||
There was a problem hiding this comment.
- is this a good enough marker for when it was introduced?
- does it also need neo4j version?
I assume whatever the answer is here that it should also apply to the other ones in this file
There was a problem hiding this comment.
- probably? but how do we nicely fit that in? (or do we only say 2025.08 instead of Cypher 25?)
There was a problem hiding this comment.
Perhaps it should be implicit that if it's new in 2025.08 it will be in in Cypher 25 only, since we don't add new stuff to Cypher 5 anymore. But this is a new process, I'm not sure if users would understand it yet. But it's probably for the docs team to decide.
Still need to figure out if/how to mark them as cypher 25 as well
| @@ -237,6 +240,52 @@ GRANT [IMMUTABLE] { START \| STOP } | |||
|
|
|||
| |=== | |||
|
|
|||
| [role=label--new-2025.08] | |||
| .Database privilege syntax | |||
There was a problem hiding this comment.
Do we want to also mark it as Cypher 25 only, and if so how?
| @@ -628,6 +677,172 @@ a|Rows: 6 | |||
| Note that `START` and `STOP` privileges are not included in the xref:authentication-authorization/database-administration.adoc#access-control-database-administration-all[`ALL DATABASE PRIVILEGES`]. | |||
| ==== | |||
|
|
|||
| [role=label--new-2025.08] | |||
| [[access-control-database-administration-alter-db]] | |||
| == The alter database related privileges | |||
There was a problem hiding this comment.
Do we want to also mark it as Cypher 25 only, and if so how?
| |=== | ||
|
|
||
| [role=label--new-2025.08] | ||
| .Database privilege syntax |
There was a problem hiding this comment.
Do we want to also mark it as Cypher 25 only, and if so how?
modules/ROOT/images/privileges_grant_and_deny_syntax_database_privileges.svg
Outdated
Show resolved
Hide resolved
| @@ -564,7 +613,7 @@ DENY [IMMUTABLE] START | |||
| TO role[, ...] | |||
| ---- | |||
|
|
|||
| For example, to deny the role `regularUsers` the ability to start to the database `neo4j`, use: | |||
| For example, to deny the role `regularUsers` the ability to start to the database `system`, use: | |||
There was a problem hiding this comment.
Maybe it's better to update the example to use neo4j?
| @@ -596,7 +645,7 @@ DENY [IMMUTABLE] STOP | |||
| TO role[, ...] | |||
| ---- | |||
|
|
|||
| For example, to deny the role `regularUsers` the ability to stop the database `neo4j`, use: | |||
| For example, to deny the role `regularUsers` the ability to stop the database `system`, use: | |||
There was a problem hiding this comment.
As above, I don't think we want an example that doesn't work .
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
| TO role[, ...] | ||
| ---- | ||
|
|
||
| This should not be confused with the `ACCESS` privileges that enables the ability for a user to access a database. |
modules/ROOT/pages/authentication-authorization/database-administration.adoc
Outdated
Show resolved
Hide resolved
| @@ -1070,6 +1070,10 @@ GRANT [IMMUTABLE] DATABASE MANAGEMENT | |||
|
|
|||
| |=== | |||
|
|
|||
| From Cypher 25, the `ALTER DATABASE`, `SET DATABASE ACCESS`, `SET DATABASE DEFAULT LANGUAGE`, and `ALTER COMPOSITE DATABASE` privileges can be granted both as database privileges and as DBMS privileges. | |||
There was a problem hiding this comment.
Perhaps it should be implicit that if it's new in 2025.08 it will be in in Cypher 25 only, since we don't add new stuff to Cypher 5 anymore. But this is a new process, I'm not sure if users would understand it yet. But it's probably for the docs team to decide.
Co-authored-by: Mark Dixon <[email protected]>
|
This PR includes documentation updates Updated pages: |
Since we moved them over from DBMS level (while still keeping the DBMS level syntax, just as another syntax for
DATABASE *)