You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc
+19-11Lines changed: 19 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -28,7 +28,7 @@ It is assumed that you have two separate DBMS instances: a local *DBMS A* and a
28
28
29
29
By creating a remote database alias, you define:
30
30
31
-
* Which user of the remote *DBMS B* can access the remote alias.
31
+
* Which user credentials of the remote *DBMS B* can access the remote database alias.
32
32
* Where the remote database is located.
33
33
* How to connect to the remote database using driver settings.
34
34
@@ -56,25 +56,32 @@ See xref:authentication-authorization/dbms-administration/index.adoc[DBMS privil
56
56
57
57
_Carol_ can use her own regular credentials to access the remote database `db1` in *DBMS B* after _Bob_ creates a user profile for her and shares the credentials with _Alice_.
58
58
Then, _Alice_ will be able to grant _Carol_ access to the remote database alias `db1-remote-alias` that connects to `db1` on *DBMS B* using the shared credentials.
59
-
This configuration will also allow _Carol_ to access `db2` in *DBMS B*, if _Bob_ grants the necessary privileges to the user profile shared with _Alice_.
60
-
See xref:authentication-authorization/index.adoc[Authentication and authorization] for further information.
59
+
//This configuration will also allow _Carol_ to access `db2` in *DBMS B*, if _Bob_ grants the necessary privileges to the user profile shared with _Alice_.
60
+
//See xref:authentication-authorization/index.adoc[Authentication and authorization] for further information.
61
61
62
-
=== Configure the remote DBMS (_Bob_)
62
+
=== Configure the remote DBMS B (_Bob_)
63
63
64
64
As _Bob_, you are responsible for the remote *DBMS B*.
65
65
You can create and delete users and grant or deny privileges on the databases managed by *DBMS B*.
66
66
67
67
In this example, you create a user called `alias_user`, which will be used by the remote database alias to connect to `db1`, and shares the credentials with _Alice_.
68
68
69
-
. Create the user profile to share with _Alice_.
70
-
. Define the permissions for the user.
71
-
(If you do not want this user to access `db2`, here is where you set it.)
69
+
. Create the user profile to share with _Alice_:
72
70
+
73
-
.Example setup administrator B
74
71
[source, Cypher]
75
72
----
76
73
CREATE USER alias_user SET PASSWORD 'secretpassword'
74
+
----
75
+
. Create a custom role to track all users shared on a remote connection, so that they remain trackable:
76
+
+
77
+
[source, Cypher]
78
+
----
77
79
CREATE ROLE remote
80
+
----
81
+
. Grant the necessary privileges on `db1` to the custom role and assign the role to the user profile created for the remote database alias:
=== Configure the local DBMS A and grant access to Carol (_Alice_)
291
298
292
299
As _Alice_, you are responsible for setting up the local *DBMS A*.
293
300
You can create and delete the database aliases and grant or deny users' access to them.
@@ -333,7 +340,8 @@ However, if you want to disable the secure URL scheme, you can set the driver se
333
340
CREATE ALIAS `db1-remote-alias` FOR DATABASE `db1` AT "neo4j+s://location:7687" OIDC CREDENTIAL FORWARDING
334
341
----
335
342
336
-
. Grant the xref:authentication-authorization/database-administration.adoc#access-control-database-administration-access[`ACCESS` privileges] to use the remote database alias to _Carol_:
343
+
. Create a role to grant access to the remote database alias and assign it to _Carol_.
344
+
See the xref:authentication-authorization/database-administration.adoc#access-control-database-administration-access[`ACCESS` privileges] for more information.
0 commit comments