neo4j · renetapopova · Apr 15, 2025 · Apr 10, 2025 · Apr 10, 2025 · Apr 10, 2025
diff --git a/modules/ROOT/pages/authentication-authorization/property-based-access-control.adoc b/modules/ROOT/pages/authentication-authorization/property-based-access-control.adoc
@@ -12,7 +12,7 @@ CREATE ROLE regularUsers;
 [[property-based-access-control]]
 = Property-based access control
 
-Property-based access control grants permissions to users to read node properties based on property/value conditions.
+Property-based access control grants permissions to users to read element properties based on property/value conditions.
 Each property-based privilege can only be restricted by a single property.
 For information about read privileges and their syntax, see xref:authentication-authorization/privileges-reads.adoc[Read privileges].
 
@@ -40,7 +40,9 @@ To specify the property/value conditions of the read privilege, you can use the
       | FOR {
 
 ([var][:label["|" ...]] "{" property: value "}") 
-  | (var[:label["|" ...]]) 
+  | (var[:label["|" ...]])
+  | ()[<]-"["[var][:type["|" ...]] "{" property: value "}" "]"-[>]()
+  | ()[<]-"["var[:type["|" ...]]"]"-[>]()
       WHERE [NOT] var.property { { = | <> | > | >= | < | <= } value | IS NULL | IS NOT NULL | IN { "["[value[, ...]]"]" | listParam } }
   | (var[:label["|" ...]] 
 WHERE [NOT] var.property { { = | <> | > | >= | < | <= } value | IS NULL | IS NOT NULL | IN { "["[value[, ...]]"]" | listParam } } ) 
@@ -57,7 +59,7 @@ See xref:authentication-authorization/limitations.adoc#property-based-access-con
 
 When having property rules, the following factors can worsen the impact on performance:
 
-* The number of properties on the nodes concerned (more properties = greater performance impact).
+* The number of properties on the elements concerned (more properties = greater performance impact).
 * The number of property-based privileges (more property-based privileges = greater performance impact).
 * The type of the privilege: `TRAVERSE` property-based privileges have greater performance impact than `READ` property-based privileges.
 * The type of storage medium in operation. The impact of the property-based privileges on performance is considerably amplified by accessing disc storage.
@@ -81,7 +83,7 @@ GRANT privilege-name ON GRAPH graph-name FOR pattern TO role-name
 The user role does not need to have `READ` privilege for the property used by the property-based privilege.
 ====
 
-=== Grant a property-based privilege on a specific property using its value
+=== Grant a property-based privilege on a specific property using the value of another property
 
 The following example shows how to grant permission to `READ` the `address` property on `Email` or `Website` nodes with domain `exampledomain.com` to role `regularUsers`:
 
@@ -97,6 +99,14 @@ Alternatively, you can use the following syntax:
 GRANT READ { address } ON GRAPH * FOR (:Email|Website {domain: 'exampledomain.com'}) TO regularUsers
 ----
 
+=== Grant a property-based privilege on a specific property using the value of that same property
+
+The following example shows how to grant permission to `READ` the `since` property on `OWNS` relationships having `since` equal to `2025-01-01` to role `regularUsers`:
+
+[source, syntax, role="noheader"]
+----
+GRANT READ { since } ON GRAPH * FOR ()-[o:OWNS]-() WHERE o.since = date("2025-01-01") TO regularUsers
+----
 
 === Grant a property-based privilege using `NULL`