I was hoping to allow an administrative function in our app where the creation of a new client would mean they get their own database, which I can do and works by simply running a CREATE DATABASE cypher instruction.
Now I am running into two issues when accessing these databases (I'm on neo4j enterprise v4.1.3)
My JDBC driver does not like me prepending queries with USE <database_name(client_name)>. Probably not the biggest deal.
Even when I switch to the neo4j native driver I get this
[Neo.ClientError.Statement.SyntaxError]:Dynamic graph lookup not allowed here. This feature is only available in a Fabric database
Attempted to access graph $1
"USE $1 MATCH (n) RETURN n.name as name"
Again, enabling fabric is not going to kill me but when I looked into how to do this, it seems that each database needs to be upfront declared in the conf file a la this before it can participate in this USE command. Is that right, or is there a way I can just have fabric 'switched on' and after that when I add new databases I can USE them in my queries?
Basically I don't want client on-boarding to require config changes and application releases.
Related
i have several databases running in RDS Service.
I'd like to know the best pratice to grant access to developers to these DB.
I tought a solution using jenkins but i dont think this is the best option.
I am trying to avoid give some password to developers.
Hope you can help me.
As #ceejayoz mentioned you can create a few users with restricted privileges, for example an user who only can run selects on few schemas, another user who can update registers in a few tables.
I can share what we do and what I've seen. We do A and use B where it is easy.
A) Standard Users
For all databases, we have 3 standard users with the following suffixes (_dba, _rw, _ro). Those all have their own passwords using a strong password generator.
_dba is used to deploy scheme and has all rights
_rw is used by the application (CRUD on all tables, but can't modify scheme)
_ro only has R on all tables and generally given to developers
Note: Developers have access to a bastion used for port forwarding and proxycap. They can query the RDS endpoints from their own machines (DB Tools) going through socks proxy and bastion.
This is lazy method - since creation of users is done programmatically and we feel comfortable giving some developers read only access. They could write a bad query and slow down system, but they could do that with a specific user so not much different and the bastion logs tell me who really was in if I had to investigate.
B) UI
Simple web app with login (ideally MFA) - that provides a way to run queries. If only for reporting, ideally against R/O copy of system. Stackoverflow offers one themselves (https://data.stackexchange.com/).
What would be nice is if RDS offered this themselves (linked to your IAM roles). They offer this on RDS Serverless (https://docs.aws.amazon.com/AmazonRDS/latest/AuroraUserGuide/query-editor.html) and it may be a feature in other RDS versions. That allows fine control or even lazy control (IAM groups).
I am planning to create a desktop app (Java or C# WPF) which would be used by multiple users. The requirements are such that a Graph DB like Neo4j fits perfectly into the scheme of things. I have done some investigations and it looks really good. I am working on the community edition. Now here is the problem. From what I have observed, I am able to make only one connection to the database. The moment I try to make a connection from another instance I get an error. Even accessing on localhost:7474 gives an error.
Is this by design? I understand that in a web App, I can still use a static reference to a single DB instance and work with it. But in a desktop app scenario how do I ensure that multiple users are able to access the database from their apps?
Your app instances can access the same neo4j server through its REST API. There is no need to directly connect to the DB.
Here is a page that shows you how to do that in Java.
I know that we can get access to Neo4j db remotely by adding IP addresses. I am wondering if Neo4j supports account verification like username and password to double increase the db security even though we log in at trusted IP.
In addition, can we set mulitple databases and switch them before we query some stuff? I know Neo4jCP can do it but it only supports windows. Is there any way else to do it and is it possible that Neo4j intergrates this feature?
Thank you!
Unfortunately out of the box Neo4j doesn't support multiple databases or user management or data level security.
You can add something like that in your application layer, or use a framework like http://structr.org which provides user-management and data level security.
While using the Neography gem to implement a Neo4j database on a Rails app, it so appears that the database is local to that particular Rails app's embedded Neo4j server. I wish to share a common Neo4j DB between two Rails apps, just the way you could do with a MySQL database through entries into database.yml. Is this impossible while using Neography? If so, what could be my possible alternatives which don't involve JRuby(i.e. using neo4j.rb).
Neography is a wrapper to query a neo4j server through the REST protocol. In that case, you should be able to query from anywhere you want, once you have started the server, even with a simple curl command.
You want especially to uncomment this line in conf/neo4j-server.properties if your apps are on 2 different servers :
org.neo4j.server.webserver.address=0.0.0.0
Make sure however to protect your database, you can read here how to : http://docs.neo4j.org/chunked/stable/security-server.html
It is required to run multiple application on same neo4j db. But when I try to do that, I am meeting a problem about locking.
Neo4j is locking itself when an application is using it. Multiple application can't be run.
The exception is like,
Unable to lock store [/opt/neo4j-lojika-db/neostore.relationshiptypestore.db.names], this is usually a result of some other Neo4j kernel running using the same store
Is there a way to run multiple web application with same embedded neo4j db.
Thank you!
You can't do this way. You have two options
Use Neo4j HA or
Run Neo4j in server mode rather than embedded mode. If your application is simple then you can use the REST api provided by Neo4j out of box. If your service layer is more involved then, put a service layer on top of a single Neo4j embedded instance and let each application talk to Neo4j through this service layer.