Abstract
Neo4j is a popular graph database that offers two versions; a paid enterprise edition and a free community edition. The enterprise edition offers customizable Role-Based Access Control (RBAC) features through custom developed procedures, while the community edition does not offer any access control support. Being a graph database, Neo4j is a natural application for Relationship-Based Access Control (ReBAC), an access control paradigm where authorization decisions are based on relationships between subjects and resources in the system. In this paper we present AReBAC, an attribute-supporting ReBAC model for Neo4j (applicable to both editions) that provides finer grained access control. AReBAC employs Nano-Cypher, a declarative policy language based on Neo4j»s Cypher query language, the result of which allows us to weave database queries with access control policies and evaluate both simultaneously. Evaluating the combined query and policy produces a result that i) matches the search criteria, and ii) the requesting subject has access to. Our experiments show that our evaluation algorithm performs faster than Neo4j»s query evaluation engine when evaluating queries that are expressible using Nano-Cypher.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
