Neo4j – Ermitteln der Rechte eines Account -ACE-Pfades

match u<-[:rel_ace]-(n:ACE)-[:rel_right0 {explicit:1}]->m where n.ace='1441792' and n.ace_flags='3' return id(m),u.name,m.path;

 

 

 

 

Abfragen der Rechte eines Users mit Auflösung des Rechtes:

 

optional MATCH (User)<-[:rel_member*0..]-(Group)<-[:rel_ace]-(ace)-[:rel_right0 {explicit:1}]->(Path)

WHERE User.sAMAccountName ="domain users"  or User.objectSID="S-1-1-0" or User.objectSID="S-1-5-11" 
and not Group.name=User.name RETURN distinct Path.sourcepath, User.sAMAccountName, User.name,   CASE

WHEN ace.ace = "278" OR ace.ace = "1048854" THEN "write"

WHEN ace.ace = "131209" OR ace.ace= "1179785" THEN "read"

WHEN ace.ace = "131241" OR ace.ace ="1179817" THEN "read + execute"

WHEN ace.ace = "131487" OR ace.ace= "1180063" THEN "read + write"

WHEN ace.ace = "131519" OR ace.ace= "1180095" THEN "read + execute + write"

WHEN ace.ace = "1245631" OR ace.ace= "197055" THEN "modify"

WHEN ace.ace = "1180159" THEN "modify plus"

WHEN ace.ace = "2032127" THEN "fullcontrol"

ELSE "Special Permission"

END AS Permission, CASE

WHEN ace.ace_flags = "0" OR ace.ace_flags = "16" THEN "100"

WHEN ace.ace_flags = "1" THEN "101"

WHEN ace.ace_flags = "2" OR ace.ace_flags = "6" OR ace.ace_flags = "18" THEN "110"

WHEN ace.ace_flags = "3" OR ace.ace_flags = "7" OR ace.ace_flags = "19" THEN "111"

WHEN ace.ace_flags = "9" OR ace.ace_flags = "13" OR ace.ace_flags = "25" THEN "001"

WHEN ace.ace_flags = "10" OR ace.ace_flags = "14" THEN "010"

WHEN ace.ace_flags = "11" OR ace.ace_flags = "15" OR ace.ace_flags = "27" THEN "011"

END AS Propagation, Group.name AS Access_over ORDER BY Path.sourcepath;

 

 

 

 

 

 

278   WRITE
131209   READ
131241   READ AND EXECUTE
131487   READ AND WRITE
131519   Read And Execute, Write
197055   MODIFY
1048854   WRITE mit Synchronize
1179785   READ mit Synchronize
1179817   READ AND EXECUTE mit Synchronize
1180063   READ AND WRITE mit Synchronize
1180095   Read And Execute, Write mit Synchronize
1180159   ModifyPlus
1245631   MODIFY mit Synchronize
2032127   FullControl

 

Aus <http://help.migraven.com/datenbank-abfrage/#more-4634>