To work on your Aura Enterprise Instances (AuraDB and AuraDS), you have multiple ways to grant access to your team, depending on their role.
Aura Console access ( http://console.neo4j.io/ )
A user with Aura Console access can be a Member or an Admin.
A Member Console User has the following privileges:
- Create an Aura Instance
- Delete an Aura Instance
- Clone an Aura Instance
- Pause an Aura Instance
- Download a Dump/Export of an Aura Instance's content
- Resize an Aura Instance
- Rename an Aura Instance
- Import data from a Dump (drag and drop)
- Restore an Aura Instance from a backup (in Aura storage)
Consequently, we believe this is an elevated level of permissions, and as such, this should be restricted to a limited number of your team.
An Admin Console user has all the privileges of a Member but can also perform user management for the console.
|More information on console user management is available at https://neo4j.com/docs/aura/platform/user-management/|
Aura Instance access ( neo4j+s://*.databases.neo4j.io )
Aura Instance access is granted at the Aura Instance level, and it is in no way providing access to the console.
Typically an administrator with Console access would have created the Aura Instance and obtained the initial Aura Instance password for the default superuser neo4j. That superuser access is required to create further users on that same Aura Instance.
A user with Aura Instance access has limited rights, and these are defined by creating users and roles (or leveraging existing default ones) and associating users with roles that have defined permissions.
For a comprehensive description, please refer to the fine-grained access control or RBAC.
For the in depth description of all you can do in Cypher, please see this: Cypher Manual - Access Control
What if I need to remove access for one member of my team?
For Console access, a Console Admin on your team can revoke access. You ma also contact Aura Support so we can revoke their access. NOTE: If the user(s) have Google Authentication, then as you control their email, by not having access to that same email, their access would, in effect, already be impossible.
For Aura Instance access, you (using the neo4j user or similar with full admin privilege) would have to go to all individual Aura Instances and revoke their access using the REVOKE Cypher ( see this full guide) or DROP their user.