@@ -10,6 +10,8 @@ The following are all Neo4j notifications, grouped by category, when they are re
1010* <<_unrecognized_notifications, `UNRECOGNIZED` category>>
1111* <<_unsupported_notifications, `UNSUPPORTED` category>>
1212* <<_deprecated_notifications, `DEPRECATION` category>>
13+ * <<_security_notifications, `SECURITY` category>>
14+ * <<_topology_notifications, `TOPOLOGY` category>>
1315* <<_generic, `GENERIC` category>>
1416
1517
@@ -938,6 +940,329 @@ m|WARNING
938940m|DEPRECATION
939941|===
940942
943+ [#_security_notifications]
944+ == `SECURITY` category
945+
946+ Security notifications indicate that the result of the query or command might have a potential security issue.
947+ Verify that this is the intended behavior of your query or command.
948+
949+ [#_neo_clientnotification_security_commandhasnoeffect]
950+ === CommandHasNoEffect
951+
952+ .Notification details
953+ [cols="<1s,<4"]
954+ |===
955+ |Code
956+ m|Neo.ClientNotification.Security.CommandHasNoEffect
957+ |Title
958+ a|`<command>` has no effect.*
959+ |Severity
960+ m|INFORMATION
961+ |Category
962+ m|SECURITY
963+ |===
964+
965+ *_`<command>` could be either the full command given by the user or a subset of the given command._
966+
967+ .Granting a role to a user who already has that role
968+ ====
969+ Command::
970+ +
971+ [source, cypher]
972+ ----
973+ GRANT ROLE admin TO john
974+ ----
975+
976+ Full title of the returned code::
977+ `GRANT ROLE admin TO john` has no effect.
978+
979+ Description of the returned code::
980+ The user already has the role. See Status Codes documentation for more information.
981+
982+ Suggestions for improvement::
983+ Verify that this is the intended role and user.
984+ ====
985+
986+ .Revoking a role from a user who does not have that role
987+ ====
988+ Command::
989+ +
990+ [source, cypher]
991+ ----
992+ REVOKE ROLE admin, reader FROM jane
993+ ----
994+
995+ Full title of the returned code::
996+ `REVOKE ROLE reader FROM jane` has no effect.
997+
998+ Description of the returned code::
999+ The user does not have the role. See Status Codes documentation for more information.
1000+
1001+ Suggestions for improvement::
1002+ Verify that this is the intended role and user.
1003+ ====
1004+
1005+ .Granting or denying a privilege to a role that already has that privilege
1006+ ====
1007+ // This command returns 2 notifications, one for NODES and one for RELATIONSHIPS.
1008+ Command::
1009+ +
1010+ [source, cypher]
1011+ ----
1012+ GRANT TRAVERSE ON GRAPH * TO reader
1013+ ----
1014+
1015+ Full title of the returned code::
1016+ `GRANT TRAVERSE ON GRAPH * NODE * TO reader` has no effect.
1017+
1018+ Description of the returned code::
1019+ The role already has the privilege. See Status Codes documentation for more information.
1020+
1021+ Suggestions for improvement::
1022+ Verify that this is the intended privilege and role.
1023+ ====
1024+
1025+ .Revoking a privilege from a role that does not have that privilege
1026+ ====
1027+ Command::
1028+ +
1029+ [source, cypher]
1030+ ----
1031+ REVOKE WRITE ON GRAPH * FROM reader
1032+ ----
1033+
1034+ Full title of the returned code::
1035+ `REVOKE DENY WRITE ON GRAPH * FROM reader` has no effect.
1036+
1037+ Description of the returned code::
1038+ The role does not have the privilege. See Status Codes documentation for more information.
1039+
1040+ Suggestions for improvement::
1041+ Verify that this is the intended privilege and role.
1042+ ====
1043+
1044+ [#_neo_clientnotification_security_impossiblerevokecommand]
1045+ === ImpossibleRevokeCommand
1046+
1047+ .Notification details
1048+ [cols="<1s,<4"]
1049+ |===
1050+ |Code
1051+ m|Neo.ClientNotification.Security.ImpossibleRevokeCommand
1052+ |Title
1053+ a|`<command>` has no effect.*
1054+ |Severity
1055+ m|WARNING
1056+ |Category
1057+ m|SECURITY
1058+ |===
1059+
1060+ *_`<command>` could be either the full command given by the user or a subset of the given command._
1061+
1062+ .Revoking a non-existing role from a user
1063+ ====
1064+ Command::
1065+ +
1066+ [source, cypher]
1067+ ----
1068+ REVOKE ROLE manager, reader FROM jane
1069+ ----
1070+
1071+ Full title of the returned code::
1072+ `REVOKE ROLE manager FROM jane` has no effect.
1073+
1074+ Description of the returned code::
1075+ Role does not exist. Make sure nothing is misspelled.
1076+ This notification will become an error in a future major version.
1077+ See Status Codes documentation for more information.
1078+
1079+ Suggestions for improvement::
1080+ Verify that this is the intended role and that it is spelled correctly.
1081+ ====
1082+
1083+ .Revoking a role from a non-existing user
1084+ ====
1085+ Command::
1086+ +
1087+ [source, cypher]
1088+ ----
1089+ REVOKE ROLE reader FROM alice
1090+ ----
1091+
1092+ Full title of the returned code::
1093+ `REVOKE ROLE reader FROM alice` has no effect.
1094+
1095+ Description of the returned code::
1096+ User does not exist. Make sure nothing is misspelled.
1097+ This notification will become an error in a future major version.
1098+ See Status Codes documentation for more information.
1099+
1100+ Suggestions for improvement::
1101+ Verify that this is the intended user and that it is spelled correctly.
1102+ ====
1103+
1104+ .Revoking a privilege from a non-existing role
1105+ ====
1106+ Command::
1107+ +
1108+ [source, cypher]
1109+ ----
1110+ REVOKE GRANT WRITE ON GRAPH * FROM manager
1111+ ----
1112+
1113+ Full title of the returned code::
1114+ `REVOKE GRANT WRITE ON GRAPH * FROM manager` has no effect.
1115+
1116+ Description of the returned code::
1117+ Role does not exist. Make sure nothing is misspelled.
1118+ This notification will become an error in a future major version.
1119+ See Status Codes documentation for more information.
1120+
1121+ Suggestions for improvement::
1122+ Verify that this is the intended role and that it is spelled correctly.
1123+ ====
1124+
1125+ .Revoking a privilege on a non-existing graph from a role
1126+ ====
1127+ Command::
1128+ +
1129+ [source, cypher]
1130+ ----
1131+ REVOKE GRANT WRITE ON GRAPH neo3j FROM editor
1132+ ----
1133+
1134+ Full title of the returned code::
1135+ `REVOKE GRANT WRITE ON GRAPH neo3j FROM editor` has no effect.
1136+
1137+ Description of the returned code::
1138+ // We use 'Database' here for multiple reasons
1139+ // - The user fixes the issue by doing 'create database', not 'create graph'.
1140+ // - This matches the existing behaviour when granting the privilege.
1141+ // - It is easier to implement this way.
1142+ Database 'neo3j' does not exist. Make sure nothing is misspelled.
1143+ This notification will become an error in a future major version.
1144+ See Status Codes documentation for more information.
1145+
1146+ Suggestions for improvement::
1147+ Verify that this is the intended graph and that it is spelled correctly.
1148+ ====
1149+
1150+ .Revoking a privilege on a non-existing database from a role
1151+ ====
1152+ Command::
1153+ +
1154+ [source, cypher]
1155+ ----
1156+ REVOKE GRANT ACCESS ON DATABASE neo3j FROM editor
1157+ ----
1158+
1159+ Full title of the returned code::
1160+ `REVOKE GRANT ACCESS ON DATABASE neo3j FROM editor` has no effect.
1161+
1162+ Description of the returned code::
1163+ Database 'neo3j' does not exist. Make sure nothing is misspelled.
1164+ This notification will become an error in a future major version.
1165+ See Status Codes documentation for more information.
1166+
1167+ Suggestions for improvement::
1168+ Verify that this is the intended database and that it is spelled correctly.
1169+ ====
1170+
1171+ .Revoking a privilege from a role with wildcard graph parameter
1172+ ====
1173+ Parameter::
1174+ +
1175+ [source, javascript]
1176+ ----
1177+ {
1178+ "graph": "*"
1179+ }
1180+ ----
1181+ Command::
1182+ +
1183+ [source, cypher]
1184+ ----
1185+ REVOKE GRANT CREATE ON GRAPH $graph FROM PUBLIC
1186+ ----
1187+
1188+ Full title of the returned code::
1189+ `REVOKE GRANT CREATE ON GRAPH $graph FROM PUBLIC` has no effect.
1190+
1191+ Description of the returned code::
1192+ Parameterized database and graph names do not support wildcards.
1193+ Make sure nothing is misspelled.
1194+ This notification will become an error in a future major version.
1195+ See Status Codes documentation for more information.
1196+
1197+ Suggestions for improvement::
1198+ Use `GRAPH *` without the parameter to revoke the privilege on all graphs.
1199+ ====
1200+
1201+ .Revoking a privilege from a role with wildcard database parameter
1202+ ====
1203+ Parameter::
1204+ +
1205+ [source, javascript]
1206+ ----
1207+ {
1208+ "database": "*"
1209+ }
1210+ ----
1211+ Command::
1212+ +
1213+ [source, cypher]
1214+ ----
1215+ REVOKE GRANT ACCESS ON DATABASE $database FROM PUBLIC
1216+ ----
1217+
1218+ Full title of the returned code::
1219+ `REVOKE GRANT ACCESS ON DATABASE $database FROM PUBLIC` has no effect.
1220+
1221+ Description of the returned code::
1222+ Parameterized database and graph names do not support wildcards.
1223+ Make sure nothing is misspelled.
1224+ This notification will become an error in a future major version.
1225+ See Status Codes documentation for more information.
1226+
1227+ Suggestions for improvement::
1228+ Use `DATABASE *` without the parameter to revoke the privilege on all databases.
1229+ ====
1230+
1231+ [#_topology_notifications]
1232+ == `TOPOLOGY` category
1233+
1234+ Topology notifications provide additional information related to managing databases and servers.
1235+
1236+ [#_neo_clientnotification_cluster_serveralreadyenabled]
1237+ === ServerAlreadyEnabled
1238+
1239+ .Notification details
1240+ [cols="<1s,<4"]
1241+ |===
1242+ |Code
1243+ m|Neo.ClientNotification.Cluster.ServerAlreadyEnabled
1244+ |Title
1245+ a| `<command>` has no effect.
1246+ |Severity
1247+ m|INFORMATION
1248+ |Category
1249+ m|TOPOLOGY
1250+ |===
1251+
1252+ .Enabling an already enabled server
1253+ ====
1254+ Command::
1255+ +
1256+ [source, cypher]
1257+ ----
1258+ ENABLE SERVER "123e4567-e89b-12d3-a456-426614174000"
1259+ ----
1260+
1261+ Description of the returned code::
1262+ Server `123e4567-e89b-12d3-a456-426614174000` is already enabled.
1263+ Verify that this is the intended server.
1264+
1265+ ====
9411266
9421267[#_generic]
9431268== `GENERIC` category
0 commit comments