Neo4j RBAC Roles

Current state

Currently there are 2 roles used in Hyperion's Neo4j database:

• TM-Analyst role with:
  • Read-only access to the Hyperion database
  • Write access to HiveAlert nodes
  • Priviledge to run the apoc.load.json procedure used to initiate web requests to enrichment APIs
  • Priviledge to run the apoc.search.* procedures - reserved for future use.
  • Priviledge to run point.withinBBox() and point.distance() functions for geospatial queries.
  • No read access to meta properties used by ETL pipelines (such as last_geoip_time).
    • This is meant to provide an easier experience for the analyst and avoid bloating their screens with dozens of timestamps.
• admin role with full access

Future roles

• SI-Analyst role:
  • Limited access to InfoSec data such as Hive alerts, Okta logon telemetry etc.
• EXT-Analyst role:
  • No access to any nodes labelled CLL (i.e. sourced from within CLL)