Security functionsCypher 25 only
Security functions are used to evaluate user attributes in the condition of an attribute-based access control (ABAC) auth rule.
|
The functions on this page cannot be called directly in queries.
They can only be used in the condition of a |
abac.native.user_tags()Cypher 25 onlyIntroduced in Neo4j 2026.06
Syntax |
|
||
Description |
Returns the list of tags for the native user. |
||
Returns |
|
||
|
The function returns an empty list if the user has no tags. |
When evaluating the function in conjunction with external authentication, the function will return an empty list if the native user is not found (unless |
The following auth rule grants its role when the native user has the admin tag.
CREATE AUTH RULE nativeAdminRule
SET CONDITION 'admin' IN abac.native.user_tags()abac.oidc.user_attribute()Cypher 25 onlyIntroduced in Neo4j 2026.03
Syntax |
|
||
Description |
Returns the value of the specified user attribute from the OIDC claims. Returns |
||
Arguments |
Name |
Type |
Description |
|
|
The key of the OIDC claim whose value is returned. |
|
Returns |
|
||
|
The returned value can be an arbitrarily nested map object that represents the value of the user’s |
|
The following auth rule grants its role when the department claim in the user’s OIDC token is equal to sales.
CREATE AUTH RULE salesRule
SET CONDITION abac.oidc.user_attribute('department') = 'sales'