Within a single AuraDB Enterprise database instance it is possible to house multiple copies of the same graph, to segregate and use for differing reasons. One such possible use case for doing so might be to combine all of your non-production environments into a single AuraDB database instance to house the differing stages of the development lifecycle (Development, Staging, User Acceptance Test).
The following example illustrates such a use case, as we house a development and staging movie graph in a single AuraDB database instance.
We start with a database we have created and populated with our initial data load, we will update the existing node labels to become the development graph. Once that process has been completed we repeat the data load exercise to create a second graph in the same instance, which we then update the node labels to become the staging graph. Finally we create roles and users within the database instance, to manage access to the development and staging graphs.
Updating original dataset to be marked as DEV
Add new DEV label to existing nodes
Remove ‘old’ Movie label from existing nodes
MATCH (n:DEV_Movie) REMOVE n:Movie;
MATCH (n:DEV_Person) REMOVE n:Person;
Load second dataset into same AuraDB instance
We then create the second copy of our graph in the same instance, from a file.
Update second dataset to be marked as STG
Add new STG label to existing nodes
MATCH (n:Movie) SET n:STG_Movie;
MATCH (n:Person) SET n:STG_Person;
Remove ‘old’ Movie label from existing nodes
MATCH (n:STG_Movie) REMOVE n:Movie;
MATCH (n:STG_Person) REMOVE n:Person;
How to handle Multi-Graph with RBAC
Roles / users
Roles
Here we are creating a new role called devrole that is a copy of the built-in reader role.
CREATE ROLE devrole AS COPY OF reader;
Privileges
We now modify the privileges in the role to deny the devrole access to the staging graph.
DENY READ {*} ON GRAPH neo4j NODES STG_Person TO devrole;
DENY READ {*} ON GRAPH neo4j NODES STG_Movie TO devrole;
DENY TRAVERSE ON GRAPH neo4j NODES `STG_Person` TO devrole;
DENY TRAVERSE ON GRAPH neo4j NODES `STG_Movie` TO devrole;
Users
Create a new database user who will have access to the development environment.
CREATE USER ajs_dev
SET PASSWORD 'test123' CHANGE REQUIRED
SET STATUS ACTIVE
SET HOME DATABASE neo4j;
Grant roles to users
GRANT role devrole to ajs_dev;
Test Queries
We now connect to the database instance using the newly created development user and try to query the staging graph.
Querying the STAGING Nodes - should return no data
MATCH (n:STG_Movie) RETURN n AS node;
MATCH (n:STG_Person) RETURN n AS node;
Querying the Dev Nodes - should return data
MATCH (n:DEV_Movie) RETURN n AS node;
MATCH (n:DEV_Person) RETURN n AS node;
Comments
0 comments
Please sign in to leave a comment.