In a Neo4j cluster, "neo4j" users are not synchronized between all servers. This means that if you change a user's password, the change will not be reflected to all servers in the cluster. For more details and ways to synchronize, please see section 8.4.3 of the pdf documentation (or online).
The user database is located in the
NEOJ_HOME/data/dbms of Neo4j. As mentioned in the Neo4j documentation, we can consider several solutions to synchronize the user base:
You are free to choose the implementation.
SECollab will not work if its Neo4j user "secollab" is not the same on each server in the cluster.
By default, there is only one user on a Neo4j database. This one has the role "admin" and its identifiers are "neo4j" for the login and "neo4j" for the password. This account is not usable because it is mandatory to change the default password to use it. For that, we will use the command-line utility "neo4j-admin".
neo4j-admin set-initial-password aV3ryChall3ngingPassw0rd Changed password for user 'neo4j'
Related documentation is available in section 4.4 of the pdf (or online).
To work SECollab needs an account with an "architect" role. To create a user, we will use the client
cypher-shell to connect to the Neo4j database and pass user management queries (the cypher-shell tool is available in the
NEO4J_HOME/bin of the Neo4j installation folder). To do this, follow these instructions:
NEO4J_HOME/bin/cypher-shell --address bolt://localhost:7687 --username neo4j --password aV3ryChall3ngingPassw0rd --encryption true
Connected to Neo4j 3.5.0 at bolt://localhost:7687 as user neo4j. Type :help for a list of available commands or :exit to exit the shell. Note that Cypher queries must end with a semicolon. neo4j>
neo4j> CALL dbms.security.createUser('secollab', 'an0therDifficultP4ssw0rd', false); 0 rows available after 89 ms, consumed after another 0 ms
neo4j> CALL dbms.security.addRoleToUser('architect', 'secollab'); 0 rows available after 18 ms, consumed after another 0 ms
With the same method, you can create a new user, give them a role "admin" and delete the user "neo4j" present by default to the installation of Neo4j.
For more information, see section 8.4 of the pdf documentation (or online).
For authorization of network flows, see section 4.3 of the pdf documentation (or online).