User management
User management is a feature within Aura that allows admins to invite users and set their roles within an isolated environment.
You can view and manage roles from Users pages, accessible via the console sidebar. An organization has one Users page for managing organization-level roles. Each project has a Users page for managing project-specific roles.
|
Users can only be invited on the project-level.
Regardless of which project-role is specified in the invitation, the user is added to the organization as an |
Organization-level roles
Roles at the organization level determine what administrative capabilities a user has across all projects within the organization.
The following roles are available at the org level:
-
Owner
-
Admin
-
Member
| Capability | Owner | Admin | Member |
|---|---|---|---|
List org |
|||
List org projects |
|||
Update org |
|||
Invite users to projects |
|||
List existing organization settings |
|||
Add organization settings |
|||
List organization settings on project-level |
|||
Update organization settings on project-level |
|||
Delete organization settings on project-level |
|||
Invite non-owner users to org |
|||
List users |
|||
List roles |
|||
List members of a project |
|||
Invite owners to org |
|||
Add owner |
|||
Delete owners |
|||
Transfer projects to and from the org |
|||
1. An admin can only list members of projects the admin is also a member of. 2. An owner needs to permission for both the source and destination orgs. |
|||
Project-level roles
Users within a project can be assigned one of the following roles:
-
Project Viewer
-
Metrics Reader
-
Project Member
-
Project Admin
|
Each project must have at least one Project Admin, but it is also possible for projects to have multiple Project Admins. |
Metrics reader role
The metrics reader role can be assigned to any user or service account.
It has the same permissions as the project viewer role, but with some extra permissions specifically for reading metrics via an API endpoint.
The role allows access to metrics for all instances in a project.
Accessing metric endpoints requires Aura API Credentials and the metrics reader role enables the creation of these credentials.
The metrics reader role can view and open instances in the console, however, login to the instance is required to interact with it, with access to Explore and Query defined by the instance’s RBAC settings.
| Capability | Project Viewer | Metrics reader | Member | Admin |
|---|---|---|---|---|
View users and their roles |
||||
View and open instances |
||||
Access the Neo4j Customer Support Portal |
||||
Perform all actions on instances [3] |
||||
Clone data to new and existing instances |
||||
Take on-demand snapshots |
||||
Restore from snapshots |
||||
Edit the project name |
||||
Invite new users to the project |
||||
Edit existing users' roles |
||||
Delete existing users from the project |
||||
View and edit billing information |
||||
3. Actions include creating, deleting, pausing, resuming, and editing instances. |
||||
|
User management within the Aura console does not replace built-in roles or fine-grained RBAC at the database level. |
Invite users
-
As an Admin, go to Users from within a project, and select Invite users. You need to provide an email address for the new user and decide which project-level role to assign them.
-
The invited user will receive an email with a link to accept the invitation and their status is Pending until they accept the invitation. Note that on accepting the invite, the invited user automatically gets an
ORG_MEMBERrole in the organization the project is part of. If needed, you can edit the organization-level role after the invite is accepted.
