ABAC documentation part three

[HannesSandberg]

Next part of documentation of ABAC, builds on top off: #2827

SHOW AUTH RULES AS COMMANDS
SHOW ROLES WITH AUTH RULES

ALTER AUTH RULE
RENAME AUTH RULE

separate sub-privileges of AUTH RULE MANAGEMENT:
CREATE AUTH RULE
SHOW AUTH RULE
RENAME AUTH RULE
DROP AUTH RULE
ALTER AUTH RULE

[renetapopova]

Hey @HannesSandberg, I see that you have 3 PRs that build on top of each other. Why haven't you just created a branch? I am not sure how we are supposed to review all of these.

[renetapopova]

Would you like me to create a branch from dev, review these PRs, and merge them there? We can keep this branch in sync with dev, and when it's time to release ABAC, we'll merge it into dev. What do you think?

[HannesSandberg]

Hello @renetapopova. That is because this feature is still behind a feature flag and not ready for GA. So there is one PR for every release since the Early Access Program started.

The plan is to merge the entire thing when the feature is ready to be released.

How to review this, I think it can be either be done after everything is implemented and documented. Then the last PR in the chain of PR would be the only one that's needs to be reviewed and I can tell you when it is time to review. The other option is to review them when they appear.

Read your second message now:

Would you like me to create a branch from dev, review these PRs, and merge them there? We can keep this branch in sync with dev, and when it's time to release ABAC, we'll merge it into dev. What do you think?

I think that sounds like a good idea if the PR's to that branch also contains the preview from the neo4j-docops-agent. It is very nice to have that webpage.

[renetapopova]

I think that sounds like a good idea if the PR's to that branch also contains the preview from the neo4j-docops-agent. It is very nice to have that webpage.

Let me see if that's possible. I'll give it a try tomorrow.

[HannesSandberg]

Hello @lidiazuin, here is the PR where I would want some changes to privileges-grant-and-deny-syntax-dbms-privileges.svg and privileges-hierarchy-dbms.svg.

privileges-grant-and-deny-syntax-dbms-privileges.svg:

Add a new square with privileges underneath IMPERSONATE, in this square add these:

AUTH RULE MANAGEMENT
CREATE AUTH RULE
DROP AUTH RULE
RENAME AUTH RULE
ALTER AUTH RULE
SHOW AUTH RULE

privileges-hierarchy-dbms.svg:

Somewhere close to role or user management, there should be a new square with the text AUTH RULE MANAGEMENT connected to ALL [[DBMS] PRIVILEGES], this square should then have multiple small ones connected to it, similar to the ROLE MANAGEMENT one. The smaller light grey ones should be:

CREATE AUTH RULE
DROP AUTH RULE
RENAME AUTH RULE
ALTER AUTH RULE
SHOW AUTH RULE

Does this makes sense? If you have questions, feel free to ping me here or on slack.

Thanks 😃

[lidiazuin]

Let me know if there are any changes that you need :)

[Hunterness]

✨ Comments ✨

[Hunterness]

New cluster of comments

[Hunterness]

Just the leftover comment on reordering the file and a small typo left now

[Hunterness]

Might be a bit odd with the combined examples that now show bits that haven't been covered yet

[neo4j-docops-agent]

This PR includes documentation updates
View the updated docs at https://neo4j-docs-operations-2879.surge.sh

New pages:

• Attribute-based access control
• The DBMS AUTH RULE MANAGEMENT privileges

Updated pages:

• Administrator role privileges
• The DBMS ROLE MANAGEMENT privileges
• DBMS privileges
• Role-based access control
• Manage roles

[HannesSandberg]

Add a introduced in version label. See this comment: #2827 (comment)