Our company is considering Neo4j for a database solution. We're using to Oracle dbs, and have relied upon their built in user authentication management to control who can connect to the db, who has read or write access, and what they are allowed to view in the db.
With Neo4j, most of these security options are missing. While we don't necessarily need to control visibility of nodes and relationships on a per-user level, the lack of multiple user accounts and the inability to control read/write access per account could be a dealbreaker. While application access of Neo4j should be well-contained and secure, we want to allow read-only accounts via the browser client to our developers (at least in our dev and qa environments).
The only solution that's jumped out at us so far has been GraphAware's Enterprise Security offering. I'd like to know if there are any other solutions out there that are compatible with Neo4j 3.0. At the moment we are not considering using the Neo4j REST API.
答案 0 :(得分:2)
GraphAware Enterprise Security与3.0兼容,据我们所知,没有其他解决方案。也就是说,从Github活动来看,我认为Neo4j 3.1中的安全机制将得到增强,包括多个用户和LDAP集成。我们必须等待3.1才能出局。 GraphAware Enterprise将与Neo4j 3.1兼容,并尽可能使用其原生安全功能。
免责声明:我在GraphAware工作。
答案 1 :(得分:1)
我确实找到了另外一个部分解决方案,尽管它有自己的设置可用。
对于企业版,在集群环境中,可以将节点配置为只读从属节点,并使用自己的登录/传递进行配置以供开发使用。