Merge branch dev into cypher-25

Author: NataliaIvakina

.backportrc.json

@@ -0,0 +1,5 @@
+{
+    "repoOwner": "Neo4j",
+    "repoName": "docs-operations",
+    "prTitle": "[Cherry-pick][{{targetBranch}}] {{commitMessages}}"
+  }

.github/workflows/auto-backport.yml

@@ -0,0 +1,30 @@
+name: auto-cherry-pick
+on:
+  pull_request_target:
+    types: ["closed"]
+
+jobs:
+  backport:
+    name: Cherry-pick PR
+    runs-on: [ubuntu-latest]
+    if: |
+      github.event.pull_request.merged == true
+      && contains(github.event.pull_request.labels.*.name, 'auto-cherry-pick')
+      && github.event.action == 'closed'
+    steps:
+      - name: Cherry-pick action
+        uses: sorenlouv/backport-github-action@929f69d04adbc196d982e60f02837b6cc00b3129
+        with:
+          github_token: ${{ secrets.DOCS_AUTO_CP_TOKEN }}
+          auto_backport_label_prefix: auto-cherry-pick-to-
+          add_original_reviewers: false
+
+      - name: Info log
+        if: ${{ success() }}
+        run: cat ~/.backport/backport.info.log
+
+      - name: Debug log
+        if: ${{ failure() }}
+        run: cat ~/.backport/backport.debug.log
+
+        

README.adoc

@@ -35,3 +35,34 @@ When you run `npm start`, the project is monitored for updates to asciidoc files
 
 If a change to an asciidoc file is detected the site is automatically rebuilt.
 
+== Enable automatic cherry-picking on a PR
+
+To enable automatic cherry-picking on a PR, add the label `auto-cherry-pick` to it.
+Without it, the responsible GitHub action is not going to be triggered.
+
+To select the target branches you would like to cherry-pick your PR to, add labels of the following structure: `auto-cherry-pick-to-<targetBranch>`.
+For example: `auto-cherry-pick-to-main` to cherry-pick it to the branch `main` or `auto-cherry-pick-to-5.x` for the branch `5.x`.
+You may even add new labels for branches that do not have such a label yet.
+
+The feature is triggered by either merging a PR with the `auto-cherry-pick` label or by adding the `auto-cherry-pick` label to an already closed and merged PR.
+In the latter case, ensure that you first add the labels containing the target branches and then finally the `auto-cherry-pick` label.
+Otherwise the automation starts without any target branches.
+
+=== Details
+
+The PRs created by this GitHub action will have their heading prefixed with `[Cherry-pick][<targetBranch>]`.
+So, for example, for `main` as the target branch and `some changes` as the original PR heading, it results in `[Cherry-pick][main] some changes` as the heading for the cherry-picked PR.
+In case an assignee was set for the original PR, the cherry-picked PRs will also receive the same assignee.
+You must add reviewers manually after the cherry-picked PRs have been created.
+
+The creation of cherry-picked PRs can take a few minutes.
+If you are an assignee of the original PR, you receive an email notification once the cherry-picked PRs have been created.
+The original PR is updated with a comment that contains links to the newly created cherry-picked PRs.
+
+In case of a merge conflict while cherry-picking to a specific release branch, the branch will be skipped.
+Information on skipped branches is also included in the comment added to the original PR.
+In that case you have to take care of cherry-picking manually and resolve the conflicts.
+This is not going to influence the other release branches as long as they do not have conflicts.
+
+
+

antora.yml

@@ -1,14 +1,14 @@
 name: operations-manual
 title: Operations Manual
-version: '2025.04'
+version: '2025.06'
 current: true
 start_page: ROOT:index.adoc
 nav:
 - modules/ROOT/content-nav.adoc
 asciidoc:
   attributes:
-    neo4j-version: '2025.04'
-    neo4j-version-minor: '2025.04'
-    neo4j-version-exact: '2025.04.0'
-    neo4j-buildnumber: '2025.04'
-    neo4j-debian-package-version: '1:2025.04.0@'
+    neo4j-version: '2025.06'
+    neo4j-version-minor: '2025.06'
+    neo4j-version-exact: '2025.06.0'
+    neo4j-buildnumber: '2025.06'
+    neo4j-debian-package-version: '1:2025.06.0@'

models/hospital/access-control-old.adoc

@@ -5,7 +5,7 @@
 
 When creating a database, administrators may want to establish which users have the ability to access certain information.
 
-As described in xref:authentication-authorization/built-in-roles/auth-built-in-roles[Built-in roles], Neo4j already offers preset roles configured to specific permissions (i.e. read, edit, or write).
+As described in xref:authentication-authorization/built-in-roles.adoc[Built-in roles], Neo4j already offers preset roles configured to specific permissions (i.e. read, edit, or write).
 While these built-in roles cover many common daily scenarios, it is also possible to create custom roles for specific needs.
 
 This page contains an example that illustrates various aspects of security and fine-grained access control.
@@ -85,7 +85,7 @@ This allows users to be created entirely within the database security model, a s
 For more information, see link:{neo4j-docs-base-uri}/cypher-manual/current/access-control/[Cypher Manual -> Access control].
 
 The following examples show two different approaches to using Neo4j security features to support the _healthcare_ database application.
-The first approach uses xref:authentication-authorization/built-in-roles/auth-built-in-roles[Built-in roles], whereas the second uses more advanced resources with fine-grained privileges for <<auth-access-control-using-privileges, sub-graph access control>>.
+The first approach uses xref:authentication-authorization/built-in-roles.adoc[Built-in roles], whereas the second uses more advanced resources with fine-grained privileges for <<auth-access-control-using-privileges, sub-graph access control>>.
 
 In this example, consider five users of the _healthcare_ database:
 

modules/ROOT/pages/authentication-authorization/dbms-administration.adoc

@@ -159,7 +159,7 @@ CREATE ROLE customAdministrator
 ----
 GRANT ALL DBMS PRIVILEGES ON DBMS TO customAdministrator
 ----
-. And explicitly deny the privilege to manage databases and aliases:
+. And explicitly deny the privilege to manage databases:
 +
 [source, cypher, role=noplay]
 ----
@@ -172,7 +172,7 @@ DENY DATABASE MANAGEMENT ON DBMS TO customAdministrator
 GRANT TRANSACTION MANAGEMENT (*) ON DATABASE * TO customAdministrator
 ----
 
-The resulting role has privileges that include all DBMS privileges except creating, dropping, and modifying databases and aliases, as well as managing transactions.
+The resulting role has privileges that include all DBMS privileges except creating, dropping, and modifying databases, as well as managing transactions.
 Use the following query to list all privileges for the role `customAdministrator` as commands:
 
 [source, cypher, role=noplay]
@@ -864,19 +864,19 @@ For more details about the syntax descriptions, see xref:database-administration
 GRANT [IMMUTABLE] CREATE DATABASE
   ON DBMS
   TO role[, ...]
-| Enables the specified roles to create new standard databases and aliases.
+| Enables the specified roles to create new standard databases.
 
 | [source, syntax, role=noheader]
 GRANT [IMMUTABLE] DROP DATABASE
   ON DBMS
   TO role[, ...]
-| Enables the specified roles to delete standard databases and aliases.
+| Enables the specified roles to delete standard databases.
 
 | [source, syntax, role=noheader]
 GRANT [IMMUTABLE] ALTER DATABASE
   ON DBMS
   TO role[, ...]
-| Enables the specified roles to modify standard databases and aliases.
+| Enables the specified roles to modify standard databases.
 
 | [source, syntax, role=noheader]
 GRANT [IMMUTABLE] SET DATABASE ACCESS
@@ -906,20 +906,20 @@ GRANT COMPOSITE DATABASE MANAGEMENT
 GRANT [IMMUTABLE] DATABASE MANAGEMENT
   ON DBMS
   TO role[, ...]
-| Enables the specified roles to create, delete, and modify databases and aliases.
+| Enables the specified roles to create, delete, and modify databases.
 
 |===
 
 
-The ability to create standard databases and aliases can be granted via the `CREATE DATABASE` privilege.
+The ability to create standard databases can be granted via the `CREATE DATABASE` privilege.
 See an example:
 
 [source, cypher, role=noplay]
 ----
 GRANT CREATE DATABASE ON DBMS TO databaseAdder
 ----
 
-The resulting role has privileges that only allow creating standard databases and aliases.
+The resulting role has privileges that only allow creating standard databases.
 List all privileges for the role `databaseAdder` as commands by using the following query:
 
 [source, cypher, role=noplay]
@@ -959,15 +959,15 @@ SHOW ROLE compositeDatabaseAdder PRIVILEGES AS COMMANDS
 a|Rows: 1
 |===
 
-The ability to delete standard databases and aliases can be granted via the `DROP DATABASE` privilege.
+The ability to delete standard databases can be granted via the `DROP DATABASE` privilege.
 See an example:
 
 [source, cypher, role=noplay]
 ----
 GRANT DROP DATABASE ON DBMS TO databaseDropper
 ----
 
-The resulting role has privileges that only allow deleting standard databases and aliases.
+The resulting role has privileges that only allow deleting standard databases.
 List all privileges for the role `databaseDropper` as commands by using the following query:
 
 [source, cypher, role=noplay]
@@ -1007,15 +1007,15 @@ SHOW ROLE compositeDatabaseDropper PRIVILEGES AS COMMANDS
 a|Rows: 1
 |===
 
-The ability to modify standard databases and aliases can be granted via the `ALTER DATABASE` privilege.
+The ability to modify standard databases can be granted via the `ALTER DATABASE` privilege.
 See an example:
 
 [source, cypher, role=noplay]
 ----
 GRANT ALTER DATABASE ON DBMS TO databaseModifier
 ----
 
-The resulting role has privileges that only allow modifying standard databases and aliases.
+The resulting role has privileges that only allow modifying standard databases.
 List all privileges for the role `databaseModifier` as commands by using the following query:
 
 [source, cypher, role=noplay]
@@ -1079,7 +1079,7 @@ SHOW ROLE compositeDatabaseManager PRIVILEGES AS COMMANDS
 a|Rows: 1
 |===
 
-The ability to create, delete, and modify databases and aliases can be granted via the `DATABASE MANAGEMENT` privilege.
+The ability to create, delete, and modify databases can be granted via the `DATABASE MANAGEMENT` privilege.
 See an example:
 
 [source, cypher, role=noplay]

modules/ROOT/pages/authentication-authorization/index.adoc

@@ -28,7 +28,7 @@ For more information, see xref:authentication-authorization/password-and-user-re
 When triggered, Neo4j logs an error containing a timestamp and the message `failed to log in: too many failed attempts` in the _security.log_.
 ====
 +
-For the relevant Cypher commands, see xref:authentication-authorization/manage-users.adoc#access-control-user-syntax[Manage users syntax], xref:authentication-authorization/manage-roles.adoc#access-control-role-syntax[Manage roles syntax], and xref:authentication-authorization/manage-privileges.adoc#access-control-privileges-syntax[Manage privileges syntax].
+For the relevant Cypher commands, see xref:authentication-authorization/manage-users.adoc#access-control-user-syntax[Manage users syntax], xref:authentication-authorization/manage-roles.adoc#access-control-role-syntax[Manage roles syntax], and xref:authentication-authorization/manage-privileges.adoc[Manage privileges syntax].
 Various scenarios that illustrate the use of the native auth provider are available in xref:tutorial/access-control.adoc[].
 
 *User auth providers*::
@@ -47,7 +47,7 @@ The configuration steps are described in xref:authentication-authorization/sso-i
 *Custom-built plugin auth providers*::
 A plugin option for building custom integrations.
 It is recommended that this option is used as part of a custom delivery as negotiated with link:https://neo4j.com/professional-services/[Neo4j Professional Services].
-For more information, see link:{neo4j-docs-base-uri}/java-reference/{page-version}/extending-neo4j/security-plugins#extending-neo4j-security-plugins[Java Reference -> Authentication and authorization plugins].
+For more information, see link:{neo4j-docs-base-uri}/java-reference/{page-version}/extending-neo4j/security-plugins[Java Reference -> Authentication and authorization plugins].
 
 *Kerberos authentication and single sign-on*::
 In addition to LDAP, native, and custom providers, Neo4j supports Kerberos for authentication and single sign-on.

modules/ROOT/pages/authentication-authorization/ldap-integration.adoc

@@ -65,7 +65,7 @@ this LDAP group will fail authentication, even if their credentials are correct.
 |===
 
 All settings are defined at server startup time in the default configuration file _xref:configuration/neo4j-conf.adoc[neo4j.conf]_ or can be modified at
-runtime using xref:procedures.adoc#procedure_dbms_setconfigvalue[`dbms.setConfigValue()`].
+runtime using xref:procedures.adoc#procedure_dbms_setConfigValue[`dbms.setConfigValue()`].
 
 
 [[auth-ldap-configure-provider]]
@@ -470,7 +470,7 @@ SET AUTH 'ldap' { SET ID 'cn=alice,ou=sales,dc=example,dc=com' }
 You can verify that your LDAP configuration is correct, and that the LDAP server responds, by using the LDAP command-line tool `ldapsearch`.
 
 The `ldapsearch` command accepts the LDAP configuration setting values as input and verifies both the authentication (using the `simple` mechanism) and authorization of a user.
-See the https://docs.ldap.com/ldap-sdk/docs/tool-usages/ldapsearch.html[ldapsearch official documentation^] for more advanced usage and how to use SASL authentication mechanisms.
+See the link:https://docs.ldap.com/ldap-sdk/docs/tool-usages/ldapsearch.html[ldapsearch official documentation] for more advanced usage and how to use SASL authentication mechanisms.
 
 . Verify the authentication and authorization of a user.
 For example, `john`.

modules/ROOT/pages/authentication-authorization/limitations.adoc

@@ -390,8 +390,10 @@ So due to the additional data access required by the security checks, this opera
 
 [[property-based-access-control-limitations]]
 === Property-based access control limitations
-Extra node-level security checks are necessary when adding security rules based on property rules, and these can have a significant performance impact.
-The following example shows how the database behaves when adding security rules to roles `restricted` and `unrestricted`:
+Extra node or relationship-level security checks are necessary when adding security rules based on property rules, and these can have a significant performance impact.
+
+The following example shows how the database behaves when adding security rules for nodes to roles `restricted` and `unrestricted`. 
+The same limitations apply to relationships.
 
 [source, cypher]
 ----

modules/ROOT/pages/authentication-authorization/manage-execute-permissions.adoc

@@ -15,7 +15,7 @@ The elevated privileges only apply within the procedure or user-defined function
 --
 The steps below assume that the procedure or user-defined function is already developed and installed.
 
-Please refer to link:{neo4j-docs-base-uri}/java-reference/{page-version}/extending-neo4j#extending-neo4j[Java Reference -> Extending Neo4j] for a description of creating and using user-defined procedures and functions.
+Please refer to link:{neo4j-docs-base-uri}/java-reference/{page-version}/extending-neo4j/[Java Reference -> Extending Neo4j] for a description of creating and using user-defined procedures and functions.
 --