You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/ROOT/pages/database-administration/aliases/remote-database-alias-configuration.adoc
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -123,7 +123,7 @@ It must not be accessible to any user except for the administrator and `neo4j`,
123
123
====
124
124
125
125
In a cluster, you must share the same keystore file among all servers.
126
-
For example, these would be valid additions to the config when using the suggested keytool command:
126
+
For example, these would be valid additions to the configuration when using the suggested keytool command:
127
127
128
128
[parameters]
129
129
----
@@ -149,7 +149,7 @@ chmod 640 conf/neo4j.conf
149
149
bin/neo4j start --expand-commands
150
150
----
151
151
152
-
=== Manage remote database aliases
152
+
=== Manage remote database aliases (_Carol_)
153
153
154
154
To be able to manage remote database aliases, you must have either xref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-database-management[database management]
155
155
or xref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-alias-management[alias management] privileges.
To be able to manage remote database aliases, you must have either xref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-database-management[database management]
289
289
or xref:authentication-authorization/dbms-administration.adoc#access-control-dbms-administration-alias-management[alias management] privileges.
290
290
291
-
For example, the following command grants the permission to create an alias to the `administrator` role:
291
+
For example, the following command grants the permission to create an alias to the `admin` role, which _Carol_ is a member of:
292
292
293
293
[source, Cypher]
294
294
----
295
-
GRANT CREATE ALIAS ON DBMS TO administrator
295
+
GRANT CREATE ALIAS ON DBMS TO admin
296
296
----
297
297
298
298
And here is how to grant the xref:authentication-authorization/database-administration.adoc#access-control-database-administration-access[`ACCESS` privileges] to use the remote database alias:
@@ -362,4 +362,4 @@ In the case of using `STORED NATIVE CREDENTIALS`, the same credentials are used
362
362
This will result in the stored native user being logged in the audit trails on the remote DBMS for all queries using the remote database alias.
363
363
When using `OIDC CREDENTIAL FORWARDING`, the actual end-user's credentials and permissions are used, resulting in per-user audit trails being logged on the remote DBMS.
364
364
365
-
* When using a remote database alias with OIDC credential forwarding, the user needs to be logged in to the local DBMS with OIDC, otherwise there is no token to forward, and the access to the remote database will be denied with GQLSTATUS link:https://neo4j.com/docs/status-codes/current/errors/gql-errors/42NFF/[`42NFF`].
365
+
* When using a remote database alias with OIDC credential forwarding, the user needs to be logged into the local *DBMS A* with OIDC, otherwise there is no token to forward, and the access to the remote database will be denied with GQLSTATUS link:https://neo4j.com/docs/status-codes/current/errors/gql-errors/42NFF/[`42NFF`].
0 commit comments