To work on your AuraDB Enterprise Instances you have multiple ways to grant access to your team depending on their role.
Aura Console access ( http://console.neo4j.io/ )
A user with Aura Console access is essentially an administrator of the AuraDB Instances, with the following privileges:
- Create an Aura DB Instance
- Delete an Aura DB Instance
- Clone an Aura DB Instance
- Pause an Aura DB Instance
- Download a Dump/Export of an Aura DB Instance's content
- Resize an Aura DB Instance
- Rename an Aura DB Instance
- Import data from a Dump (drag and drop)
- Restore an Aura DB Instance from a backup (in Aura storage)
Consequently we believe this is an elevated level of permissions and as such this should be restricted to a limited number of your team.
To add users with Console access currently you will need to raise a support ticket and provide clearly their First and last name as well as their email address.
Aura DB Instance access ( neo4j+s://*.databases.neo4j.io )
Aura DB Instance access is granted at the Aura DB Instance level and it is in no way providing access to the console.
Typically an administrator with Console access would have created the Aura DB Instance and obtained the initial Aura DB Instance password for the default superuser neo4j. That superuser access is required to create further users on that same Aura DB Instance.
A user with Aura DB Instance access has limited rights and these are defined by creating users and roles (or leveraging existing default ones) and associating users with roles that have defined permissions.
For a comprehensive description, please refer to the fine-grained access control or RBAC.
For the in depth description of all you can do in Cypher please see this: Cypher Manual - Access Control
What if I need to remove access for one member of my team ?
For Console access, you should let us know immediately so we can revoke their access.
If the users have Google Authentication then as you control their email, by not having access to that same email their access would in effect already be impossible. Nevertheless, please contact us by raising a support ticket regardless and we'll also revoke their access.
For Aura DB Instance access you (using the neo4j user or similar with full admin privilege) would have to go to all individual Aura DB Instances and revoke their access using the REVOKE Cypher ( see this full guide) or DROP their user.