5.x cherry picks for 5.13 part 2 (#1135)

Cherry-picks #1046, #1044, and #1063

---------

Co-authored-by: Gemma Lamont <[email protected]>
Co-authored-by: Therese Magnusson <[email protected]>
Co-authored-by: Matthew Parnell <[email protected]>

Author: 4 people

modules/ROOT/pages/authentication-authorization/access-control.adoc

@@ -116,12 +116,12 @@ There are two different ways of doing this, either by using the built-in roles,
 
 Neo4j comes with built-in roles that cover a number of common needs:
 
-* `PUBLIC` - All users have this role, can by default access the home database, and run all procedures and user-defined functions.
+* `PUBLIC` - All users have this role, can by default access the home database, load data, and run all procedures and user-defined functions.
 * `reader` - Can read data from all databases.
 * `editor` - Can read and update all databases, but not expand the schema with new labels, relationship types or property names.
 * `publisher` - Can read and edit, as well as add new labels, relationship types, and property names.
 * `architect` - Has all the capabilities of the publisher as well as the ability to manage indexes and constraints.
-* `admin` - Can perform architect actions as well as manage databases, users, roles, and privileges.
+* `admin` - Can perform architect actions as well as load data and manage databases, users, roles, and privileges.
 
 Consider Charlie from the example of users.
 As a researcher, they do not need write access to the database, so they are assigned the `reader` role.
@@ -252,6 +252,7 @@ SHOW ROLE itadmin PRIVILEGES AS COMMANDS;
 | "GRANT STOP ON DATABASE * TO `itadmin`"                                 |
 | "GRANT TRANSACTION MANAGEMENT (*) ON DATABASE * TO `itadmin`"           |
 | "GRANT ALL DBMS PRIVILEGES ON DBMS TO `itadmin`"                        |
+| "GRANT LOAD ON ALL DATA TO `itadmin`"                                   |
 | "DENY READ {ssn} ON GRAPH `healthcare` NODE Patient TO `itadmin`"       |
 | "DENY CREATE ON GRAPH `healthcare` RELATIONSHIP DIAGNOSIS TO `itadmin`" |
 +-------------------------------------------------------------------------+
@@ -407,6 +408,7 @@ neo4j@system> SHOW USER charlie PRIVILEGES AS COMMANDS;
 | "GRANT ACCESS ON DATABASE `healthcare` TO $role"                      |
 | "GRANT EXECUTE PROCEDURE * ON DBMS TO $role"                          |
 | "GRANT EXECUTE FUNCTION * ON DBMS TO $role"                           |
+| "GRANT LOAD ON ALL DATA TO $role"                                     |
 | "GRANT MATCH {*} ON GRAPH `healthcare` NODE * TO $role"               |
 | "GRANT MATCH {*} ON GRAPH `healthcare` RELATIONSHIP * TO $role"       |
 | "DENY TRAVERSE ON GRAPH `healthcare` RELATIONSHIP DIAGNOSIS TO $role" |
@@ -781,6 +783,7 @@ SHOW USER daniel PRIVILEGES AS COMMANDS;
 | "GRANT ACCESS ON DATABASE `healthcare` TO $role"                          |
 | "GRANT EXECUTE PROCEDURE * ON DBMS TO $role"                              |
 | "GRANT EXECUTE FUNCTION * ON DBMS TO $role"                               |
+| "GRANT LOAD ON ALL DATA TO $role"                                         |
 | "GRANT TRAVERSE ON GRAPH `healthcare` NODE * TO $role"                    |
 | "GRANT TRAVERSE ON GRAPH `healthcare` RELATIONSHIP * TO $role"            |
 | "GRANT READ {*} ON GRAPH `healthcare` NODE * TO $role"                    |
@@ -936,6 +939,7 @@ neo4j@system> SHOW USER daniel PRIVILEGES AS COMMANDS;
 | "GRANT ACCESS ON DATABASE `healthcare` TO $role"                    |
 | "GRANT EXECUTE PROCEDURE * ON DBMS TO $role"                        |
 | "GRANT EXECUTE FUNCTION * ON DBMS TO $role"                         |
+| "GRANT LOAD ON ALL DATA TO $role"                                   |
 | "GRANT TRAVERSE ON GRAPH `healthcare` NODE * TO $role"              |
 | "GRANT TRAVERSE ON GRAPH `healthcare` RELATIONSHIP * TO $role"      |
 | "GRANT READ {*} ON GRAPH `healthcare` NODE * TO $role"              |
@@ -1042,6 +1046,7 @@ neo4j@system> SHOW USER tina PRIVILEGES AS COMMANDS;
 | "GRANT ACCESS ON DATABASE `healthcare` TO $role" |
 | "GRANT EXECUTE PROCEDURE * ON DBMS TO $role"     |
 | "GRANT EXECUTE FUNCTION * ON DBMS TO $role"      |
+| "GRANT LOAD ON ALL DATA TO $role"                |
 | "GRANT ROLE MANAGEMENT ON DBMS TO $role"         |
 | "GRANT USER MANAGEMENT ON DBMS TO $role"         |
 | "GRANT SHOW PRIVILEGE ON DBMS TO $role"          |
@@ -1072,6 +1077,7 @@ SHOW USER sally PRIVILEGES AS COMMANDS;
 | "GRANT ACCESS ON DATABASE `healthcare` TO $role"                     |
 | "GRANT EXECUTE PROCEDURE * ON DBMS TO $role"                         |
 | "GRANT EXECUTE FUNCTION * ON DBMS TO $role"                          |
+| "GRANT LOAD ON ALL DATA TO $role"                                    |
 | "GRANT MATCH {*} ON GRAPH `healthcare` NODE Patient TO $role"        |
 | "GRANT SET PROPERTY {*} ON GRAPH `healthcare` NODE Patient TO $role" |
 | "GRANT CREATE ON GRAPH `healthcare` NODE Patient TO $role"           |

modules/ROOT/pages/authentication-authorization/built-in-roles.adoc

@@ -13,6 +13,7 @@ Neo4j provides built-in roles with default privileges. The built-in roles and th
 * Access to the home database.
 * Allows executing procedures with the users own privileges.
 * Allows executing user-defined functions with the users own privileges.
+* Allows loading data.
 `reader`::
 * Access to all databases.
 * Traverse and read on the data graph (all nodes, relationships, properties).
@@ -34,6 +35,7 @@ In other words, the `editor` role cannot add to the schema but can only make cha
 `admin`::
 * Access to all databases.
 * Traverse, read, and write on the data graph.
+* Allows loading data.
 * Create/drop/show indexes and constraints along with any other future schema constructs.
 * Allows executing procedures with the users own privileges or boosted privileges.
 * Allows executing admin procedures.
@@ -380,6 +382,15 @@ The subset of the functionality which is available with Community Edition is als
 |
 | {check-mark}
 
+| Load data
+|
+|
+|
+|
+| {check-mark}
+| {check-mark}
+| {check-mark}
+
 | Execute procedures
 |
 |