From 44515fc384c13ee142c8bcaac9f272005a6f1d09 Mon Sep 17 00:00:00 2001 From: Therese Magnusson Date: Wed, 25 Sep 2024 09:59:10 +0200 Subject: [PATCH 1/3] Update the column descriptions for SHOW ROLES to be more visible as tables and not just part of the text, this is what most show commands does also make the examples proper examples --- .../manage-roles.adoc | 41 +++++++++++++++---- 1 file changed, 33 insertions(+), 8 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/manage-roles.adoc b/modules/ROOT/pages/authentication-authorization/manage-roles.adoc index d6d48e55e..da1ea637f 100644 --- a/modules/ROOT/pages/authentication-authorization/manage-roles.adoc +++ b/modules/ROOT/pages/authentication-authorization/manage-roles.adoc @@ -131,7 +131,7 @@ Lists the privileges granted to the specified roles. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. -For more information, see xref:authentication-authorization/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. +The `SHOW ROLE name PRIVILEGES` command is described in xref:authentication-authorization/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. | Required privilege a| @@ -340,8 +340,21 @@ For more information, see xref:authentication-authorization/dbms-administration. Available roles can be seen using `SHOW ROLES`. -This returns a single column `role` of type `STRING`, containing the role name. +This returns a single column. +[options="header", width="100%", cols="2a,4,2m"] +|=== +| Column +| Description +| Type + +| role +| Role name +| STRING +|=== + +.List all roles +==== [source, cypher, role=noplay] ---- SHOW ROLES @@ -363,6 +376,7 @@ This is the same command as `SHOW ALL ROLES`. 1+a|Rows: 6 |=== +==== When first starting a Neo4j DBMS, there are a number of built-in roles: @@ -379,9 +393,21 @@ More information about the built-in roles and their privileges can be found in x There are multiple versions of this command, the default being `SHOW ALL ROLES`. To only show roles that are assigned to users, the command is `SHOW POPULATED ROLES`. To see which users are assigned to which roles, `WITH USERS` can be added to the command. -This will return an additional `STRING` column, `member`, containing the username. +The command produces a row per role per user and yields the following column in addition to the one output by `SHOW ROLES`: +[options="header", width="100%", cols="2a,4,2m"] +|=== +| Column +| Description +| Type + +| member +| User name +| STRING +|=== Since this gives a result with one row for each user, if a role is assigned to two users it will show up twice. +.Show roles with users +==== [source, cypher, role=noplay] ---- SHOW POPULATED ROLES WITH USERS @@ -415,9 +441,12 @@ The table of results will show information about the role and what database it b 2+a|Rows: 6 |=== +==== -It is also possible to filter and sort the results by using `YIELD`, `ORDER BY` and `WHERE`: +It is also possible to filter and sort the results by using `YIELD`, `ORDER BY` and `WHERE`. +.Show roles with ordering and filtering +==== [source, cypher, role=noplay] ---- SHOW ROLES YIELD role @@ -443,10 +472,6 @@ It is also possible to use `SKIP` and `LIMIT` to paginate the results. 1+a|Rows: 3 |=== - -[NOTE] -==== -The `SHOW ROLE name PRIVILEGES` command is found in xref:authentication-authorization/manage-privileges.adoc#access-control-list-privileges[Listing privileges]. ==== From 5d5215181d8ce7d7fdd7c11352845fb135843a4d Mon Sep 17 00:00:00 2001 From: Therese Magnusson Date: Wed, 25 Sep 2024 10:28:27 +0200 Subject: [PATCH 2/3] Update the column description for SHOW PRIVILEGES AS COMMANDS to be more visible as tables and not just part of the text, this is what most show commands does --- .../manage-privileges.adoc | 22 +++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc b/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc index 5fa9c9c0e..2a772460c 100644 --- a/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc +++ b/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc @@ -439,9 +439,25 @@ Other users' privileges cannot be listed when using a non-native auth provider. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. For an easy overview of the existing privileges, it is recommended to use the `AS COMMANDS` version of the `SHOW` command. -This returns the column `command` of type `STRING` containing the privileges as the commands that are granted or denied. +This returns two columns: +[options="header", width="100%", cols="2a,4,2m"] +|=== +| Column +| Description +| Type + +| command +| The privilege as the command that is granted or denied. +Or in the `AS REVOKE COMMANDS` case, the command to revoke the privilege. label:default-output[] +| STRING + +| immutable +| Whether or not the privilege is immutable. +| BOOLEAN +|=== -When omitting the `AS COMMANDS` clause, results will include multiple columns describing privileges: +When omitting the `AS COMMANDS` clause, results will include multiple columns describing privileges instead. +They are all returned by default. [options="header", width="100%", cols="4m,6a,2m"] |=== @@ -475,8 +491,6 @@ E.g., the entire DBMS, a specific database, a graph, or sub-graph access. | immutable | Whether or not the privilege is immutable. - -This column is also available for the `AS COMMAND` variant using `YIELD`. | BOOLEAN | user From d0033de315b1b39de662611e829981faccf09175 Mon Sep 17 00:00:00 2001 From: Therese Magnusson Date: Mon, 30 Sep 2024 15:36:08 +0200 Subject: [PATCH 3/3] address review comments --- .../manage-privileges.adoc | 10 ++++++---- .../authentication-authorization/manage-roles.adoc | 9 ++++++--- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc b/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc index 2a772460c..f5af368e5 100644 --- a/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc +++ b/modules/ROOT/pages/authentication-authorization/manage-privileges.adoc @@ -438,8 +438,9 @@ Other users' privileges cannot be listed when using a non-native auth provider. When using the `RETURN` clause, the `YIELD` clause is mandatory and must not be omitted. -For an easy overview of the existing privileges, it is recommended to use the `AS COMMANDS` version of the `SHOW` command. -This returns two columns: +For an easy overview of the existing privileges, it is recommended to use the `AS COMMANDS` version of the `SHOW` command, which returns two columns. + +.`SHOW PRIVILEGES AS COMMANDS` output [options="header", width="100%", cols="2a,4,2m"] |=== | Column @@ -456,9 +457,10 @@ Or in the `AS REVOKE COMMANDS` case, the command to revoke the privilege. label: | BOOLEAN |=== -When omitting the `AS COMMANDS` clause, results will include multiple columns describing privileges instead. -They are all returned by default. +Alternatively, you can omit the `AS COMMANDS` clause and get the full details of the privileges returned in multiple columns. +They are all returned by default without requiring a `YIELD`. +.`SHOW PRIVILEGES` output [options="header", width="100%", cols="4m,6a,2m"] |=== | Column | Description | Type diff --git a/modules/ROOT/pages/authentication-authorization/manage-roles.adoc b/modules/ROOT/pages/authentication-authorization/manage-roles.adoc index da1ea637f..a14679676 100644 --- a/modules/ROOT/pages/authentication-authorization/manage-roles.adoc +++ b/modules/ROOT/pages/authentication-authorization/manage-roles.adoc @@ -339,9 +339,9 @@ For more information, see xref:authentication-authorization/dbms-administration. == Listing roles -Available roles can be seen using `SHOW ROLES`. +You can view all available roles using the Cypher command `SHOW ROLES`, which returns a single column. -This returns a single column. +.`SHOW ROLES` output [options="header", width="100%", cols="2a,4,2m"] |=== | Column @@ -394,6 +394,8 @@ There are multiple versions of this command, the default being `SHOW ALL ROLES`. To only show roles that are assigned to users, the command is `SHOW POPULATED ROLES`. To see which users are assigned to which roles, `WITH USERS` can be added to the command. The command produces a row per role per user and yields the following column in addition to the one output by `SHOW ROLES`: + +.`SHOW POPULATED ROLES WITH USERS` output [options="header", width="100%", cols="2a,4,2m"] |=== | Column @@ -404,7 +406,8 @@ The command produces a row per role per user and yields the following column in | User name | STRING |=== -Since this gives a result with one row for each user, if a role is assigned to two users it will show up twice. + +Since this gives a result with one row for each user, it shows up twice if a role is assigned to two users. .Show roles with users ====