User management for Aura Console (Enterprise tier only)

To work on your Aura Enterprise Instances (AuraDB and AuraDS), you have multiple ways to grant access to your team, depending on their role.

Aura Console access ( http://console.neo4j.io/ ) 

A user with Aura Console access is essentially an administrator of the Aura Instances with the following privileges:

• Create an Aura Instance 
• Delete an Aura Instance 
• Clone an Aura Instance 
• Pause an Aura Instance 
• Download a Dump/Export of an Aura Instance's content
• Resize an Aura Instance 
• Rename an Aura Instance 
• Import data from a Dump (drag and drop) 
• Restore an Aura Instance from a backup (in Aura storage)

Consequently, we believe this is an elevated level of permissions, and as such, this should be restricted to a limited number of your team.

To add users with Console access currently, you will need to raise a support ticket and provide clearly their First and last name as well as their email address.

Aura Instance access ( neo4j+s://*.databases.neo4j.io ) 

Aura Instance access is granted at the Aura Instance level, and it is in no way providing access to the console.

Typically an administrator with Console access would have created the Aura Instance and obtained the initial Aura Instance password for the default superuser neo4j. That superuser access is required to create further users on that same Aura Instance.

A user with Aura Instance access has limited rights, and these are defined by creating users and roles (or leveraging existing default ones) and associating users with roles that have defined permissions.
For a comprehensive description, please refer to the fine-grained access control or RBAC.
For the in depth description of all you can do in Cypher, please see this: Cypher Manual - Access Control 

What if I need to remove access for one member of my team?

For Console access, you should let us know immediately so we can revoke their access.
If the users have Google Authentication, then as you control their email, by not having access to that same email, their access would, in effect, already be impossible.
Nevertheless, please contact us by raising a support ticket regardless, and we'll also revoke their access.

For Aura Instance access, you (using the neo4j user or similar with full admin privilege) would have to go to all individual Aura Instances and revoke their access using the REVOKE Cypher ( see this full guide) or DROP their user.