You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/ROOT/pages/authentication-authorization/manage-users.adoc
+10-5Lines changed: 10 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -800,10 +800,11 @@ With `ENCRYPTED`, the password string is expected to be in the format of `<encry
800
800
A home database will be resolved if it is either pointing to a database or a database alias.
801
801
If no home database is set, the DBMS default database is used as the home database for the user.
802
802
[role=label--new-5.24]
803
-
* One or more `SET AUTH` clauses can be used to set xref:authentication-authorization/auth-providers.adoc[Auth Providers], which define authentication / authorization providers for the user. This might be used to configure external auth providers like LDAP or OIDC, but can also be used as an alternative way to set the native (password-based) auth settings like `SET PASSWORD` and `SET PASSWORD CHANGE REQUIRED`.
803
+
* One or more `SET AUTH` clauses can be used to set xref:authentication-authorization/auth-providers.adoc[Auth Providers], which define authentication / authorization providers for the user.
804
+
This might be used to configure external auth providers like LDAP or OIDC, but can also be used as an alternative way to set the native (password-based) auth settings like `SET PASSWORD` and `SET PASSWORD CHANGE REQUIRED`.
804
805
Examples can be found below for `native`, xref:authentication-authorization/sso-integration.adoc#auth-sso-auth-providers[here] for OIDC and xref:authentication-authorization/ldap-integration.adoc#auth-ldap-auth-providers[here] for LDAP.
805
806
* It is mandatory to specify at least either a `SET PASSWORD` or a `SET AUTH` clause because users must have at least one Auth Provider.
806
-
* The `SET PASSWORD CHANGE [NOT] REQUIRED`, `SET STATUS`, `SET AUTH`, and `SET HOME DATABASE` clauses can be applied in any order.
807
+
* The `SET` clauses can be applied in any order.
807
808
808
809
[NOTE]
809
810
====
@@ -866,7 +867,9 @@ SET AUTH 'native' {
866
867
867
868
[NOTE, role=label--enterprise-edition]
868
869
====
869
-
The `SET STATUS {ACTIVE | SUSPENDED}`, `SET HOME DATABASE` parts of the commands are only available in Neo4j Enterprise Edition. The `SET AUTH` clause for external providers is only available in Neo4j Enterprise Edition. However, `SET AUTH 'native'` can be used in Neo4j Community Edition.
870
+
The `SET STATUS {ACTIVE | SUSPENDED}`, `SET HOME DATABASE` parts of the commands are only available in Neo4j Enterprise Edition.
871
+
The `SET AUTH` clause for external providers is only available in Neo4j Enterprise Edition.
872
+
However, `SET AUTH 'native'` can be used in Neo4j Community Edition.
870
873
====
871
874
872
875
The `CREATE USER` command is optionally idempotent, with the default behavior to throw an exception if the user already exists.
@@ -1019,7 +1022,7 @@ This results in the DBMS default database being used as the home database for th
1019
1022
[role=label--new-5.24]
1020
1023
* `REMOVE AUTH` is used to remove one or many xref:authentication-authorization/auth-providers.adoc[Auth Provider(s)] from a user. It cannot be used in a way that would mean a user has no Auth Providers.
1021
1024
* `REMOVE ALL AUTH` is used to remove all existing xref:authentication-authorization/auth-providers.adoc[Auth Providers] from a user. It must be used in conjunction with at least one `SET AUTH` clause in order to meet the requirement that a user always has at least one auth provider.
1022
-
* The `SET PASSWORD CHANGE [NOT] REQUIRED`, `SET STATUS`, `SET AUTH`, and `SET HOME DATABASE` clauses can be applied in any order, as can their `REMOVE` counterparts where applicable. However, all `REMOVE` clauses must come before the first `SET` clause.
1025
+
* All of the `SET` and `REMOVE` clauses can be applied in any order among themselves. However, all `REMOVE` clauses must come before the first `SET` clause.
1023
1026
1024
1027
1025
1028
.Modify the user `bob` with a new password and active status, and remove the requirement to change his password:
@@ -1084,7 +1087,9 @@ For example, leaving out the `CHANGE [NOT] REQUIRED` part of the query will leav
1084
1087
1085
1088
[NOTE, role=label--enterprise-edition]
1086
1089
====
1087
-
The `SET STATUS {ACTIVE | SUSPENDED}`, `SET HOME DATABASE`, `REMOVE HOME DATABASE`, and `REMOVE AUTH` parts of the command are only available in Neo4j Enterprise Edition. The `SET AUTH` clause for external providers is only available in Neo4j Enterprise Edition. However, `SET AUTH 'native'` can be used in Neo4j Community Edition.
1090
+
The `SET STATUS {ACTIVE | SUSPENDED}`, `SET HOME DATABASE`, `REMOVE HOME DATABASE`, and `REMOVE AUTH` parts of the command are only available in Neo4j Enterprise Edition.
1091
+
The `SET AUTH` clause for external providers is only available in Neo4j Enterprise Edition.
1092
+
However, `SET AUTH 'native'` can be used in Neo4j Community Edition.
1088
1093
====
1089
1094
1090
1095
The changes to the user will appear on the list provided by `SHOW USERS`:
0 commit comments