You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Apparently, in Neo4j enterprise it's not possible to prevent a user from changing their own password. DENY SET PASSWORD seems to apply only to the management of other users, a user can always change their own password, regardless of such privilege associated with them (or with a role they have).
I have an on line demo database and I'd like to tell potential users (eg, via project wiki readers) something like: "use test/*** as credentials", without the need for them to ask for a new account just to play with a demo in read-only mode.
I managed to set up read-only powers for a 'test' user and also to grant it access to the demo DB only, however, I can't afford that anyone can change this user password.
I know that sharing credentials isn't good practice, besides, it would be fine in this case and support for anonymous or password-less user seems to be missing either.
A simple solution could be a new privilege, eg, SET OWN PASSWORD, which could be in a GRANT or DENY statement. This would be incompatible with CHANGE REQUIRED.
Note that I don't want to disable authentication altogether, since this is an enterprise DB, where I need to control access to other databases too.
The text was updated successfully, but these errors were encountered:
Apparently, in Neo4j enterprise it's not possible to prevent a user from changing their own password.
DENY SET PASSWORD
seems to apply only to the management of other users, a user can always change their own password, regardless of such privilege associated with them (or with a role they have).I have an on line demo database and I'd like to tell potential users (eg, via project wiki readers) something like: "use test/*** as credentials", without the need for them to ask for a new account just to play with a demo in read-only mode.
I managed to set up read-only powers for a 'test' user and also to grant it access to the demo DB only, however, I can't afford that anyone can change this user password.
I know that sharing credentials isn't good practice, besides, it would be fine in this case and support for anonymous or password-less user seems to be missing either.
A simple solution could be a new privilege, eg,
SET OWN PASSWORD
, which could be in aGRANT
orDENY
statement. This would be incompatible withCHANGE REQUIRED
.Note that I don't want to disable authentication altogether, since this is an enterprise DB, where I need to control access to other databases too.
The text was updated successfully, but these errors were encountered: