Neo4j
Home
Feedback
Changelog
Back to changelog
Powered by Canny

new

AuraDB Professional

New database roles and seamless access to Aura instances

We’re excited to announce the release of two new features:
predefined roles
and
tool authentication with Aura users
for AuraDB Professional. These changes will enhance collaboration, querying and exploring data with graph tools by enabling one-click access to Aura instances using console roles.
Predefined roles
What are they?
Predefined roles are database roles which permit varying levels of access to your Aura instance. The roles are immutable (cannot be changed) and apply to all AuraDB instances automatically.
Previously, there was only one database role (
public
) for AuraDB Free and Professional users. With this change, Administrator, Member, and Viewer predefined roles are available. You can create a new database user and grant a predefined role, which now allows for the possibility of read-only database users on AuraDB Professional.
RBAC and built-in roles are also available for Business Critical and VDC users.
Who does this impact?
  • AuraDB Free and Professional users (Business Critical and AuraDS to follow in the next few weeks)
  • Version 5 instances only
How do they work?
All users (whether via the console or directly accessing via a DB username and password) use
roles
which contain
privileges
to allow the users to perform actions on the instance. See details on roles and their privileges here.
What are the changes that I will see?
For all Version 5 Aura instances on Free or Professional tiers, the following changes will apply:
All applicable tiers:
  • New roles will be added to all instances
  • The public role which is granted to all users has been limited to include only baseline permissions
AuraDB Free
  • CREATE user is no longer available in Cypher. This feature did not have any practical benefit to Aura usage, as all users previously had the same (
    public
    ) role. Aura users will be able to access the Free instance with predefined roles, based on their console role using Tool authentication.
AuraDB Professional
  • From 4th August each new native (username/password) database user will need to be assigned a role before being able to use the instance. Until then, all new native database users will be assigned the console_admin role
AuraDS Professional / AuraDB Business Critical
  • Predefined roles will be added in the next few weeks
Tool authentication with Aura users
This new setting provides a simple and secure method to allow Console users in your project with access to instances within the project. Your user role in the Aura Console links to a predefined role within the database.
How can I use it?
Tool authentication is OFF by default on all existing instances, with the exception of AuraDB Free.
Organization owners and admins
can switch on the tool authentication with these steps:
  1. Navigate to the Organization settings menu (click on the org icon)
  2. Click the security item in the left navigation
  3. Select ‘Tool authentication with Aura users’
Once the setting is enabled on an instance, all users will be able to access your instances either by using the left navigation to explore or query, or from the instances screen with the ‘Open in’ buttons.
What privileges does each console role have in an Aura instance?
See our documentation on predefined roles for this.
How can I change tool connection settings?
Tool authentication via user accounts is an optional feature, and can be enabled or disabled per instance or at the project level.
How can I change the role of a user within my project?
Click on the user management menu item and edit the role of the user.
What happens when I turn tool connection settings OFF after having them ON first?
All users within the project will not be able to access this particular instance unless using database username/password authentication.
How long does it take for a console role change to apply to instance access using automatic tool authentication?
After changing a user’s console role, there will be a short period (typically < 5 minutes) after which the predefined role associated with the Aura user will change across all instances.
Is there anything I need to know if I also use SSO?
If you use SSO for instance level access, then Tool authentication is unlikely to be necessary. Please be aware that enabling this setting will grant all users of the project access to the instances with their privileges determined by the role, and will be in addition to SSO access.
We’re collecting feedback on this release - please let us know your thoughts here.