Neo4j – Optimierung der Berechtigungsmigration

Durch vorheriger Bereinigung der Datenbank von überflüssigen Berechtigungen

  1. Alle Rechten mit Propagations ohne „Dateien“

Bezieht sich auf den ACE Knoten -> Umbenennung der Kante zum Knoten:rel_right_obsolet

Alle ace_flags die nicht in [1,3,7,9,11,13,15,19,25,27]

 

call apoc.periodic.iterate("MATCH (n:ACE) where not tointeger(n.ace_flags) in [1,3,9,11,13,15,19,25,27] return n ", "DETACH DELETE n", {batchSize:1000, parallel:true,retries:3}) yield batches, total return batches, total

 

 

  1. Bereinigung von Expl./Vererbt Kombinationen in einer ACL für den selben Account wenn

Bezieht sich auf den ACE Knoten -> Umbenennung der Kante zum Knoten:rel_right_obsolet

  1. Expl < als Vererbt
  2. Expl = Vererbt
call apoc.periodic.iterate("MATCH (:Project)-[:rel_child_ini]->(n)-[:rel_child0*0..]->(v)<-[ra:rel_right0]-() where tointeger(ra.explicit)=1 with v match (v)<-[ra:rel_right0]-(explizit)-[:rel_ace]->(u) match (v)<-[ra1:rel_right0]-(vererbt)-[:rel_ace]->(u1) where tointeger(ra.explicit)=1 and tointeger(ra1.explicit)=0 and u.name=u1.name and  (tointeger(vererbt.ace)=tointeger(explizit.ace) or tointeger(vererbt.ace)>tointeger(explizit.ace)) return explizit ", "DETACH DELETE explizit", {batchSize:1000, parallel:true,retries:3}) yield batches, total return batches, total

 

 

 

 

ace
0
2 Create Files
32 Execute File
65536 Delete
65600 Delete + DeleteSubdirectories
131072 Read Permissions
131243 Read + Execute + Create Files
197055 Read + Delete + Write + Execute
590166 Ownership + Delete + Write
983551 Ownership + Change Permission + Read Permissions + Delete
1048577 Synchronize + Read
1048640 Synchronize + Delete Subdirectories
1048851 Synchronize + Write Atributes + Write Extendes Atributes + Create Files + Read
1179650 Synchronize + Read Permissions + Create Files
1179680 Synchronize + Read Permissions + Create Files + Write/Read Extended + AppendData + Creat Files
1179776 Synchronize + Read Permissions + Read Attributes
1179785 Read
1179787 Synchronize + Read Permissions + Read Attributes + ReadExtendesAttributes + ReadData + Create Files
1179789 Synchronize + Read Permissions + Read Attributes + ReadExtendesAttributes + ReadData + AppendData
1179785 Read
1179817 Read and Execute
1179819 Synchronize + Read Permissions + Read Attributes + ReadExtendesAttributes + ReadData + ExecuteFile + Create Files
1179821 Synchronize + Read Permissions + Read Attributes  + Execute File + ReadExtendesAttributes + ReadData + AppendData
1179823 Synchronize + Read Permissions + Read Attributes + Execute File + ReadExtendesAttributes + AppendData + CreateFiles + ReadData
1179849 Synchronize + Read Permissions + Read Attributes + Delete Subdirectories + ReadExtendesAttributes + ReadData
1179926 Synchronize + Read Permissions + WriteAttributes + WriteExtendesAttributes + AppendData + CreateFiles
1180063 Read and Write
1180095 Read and Execute and Write
1180159 ModifyPlus
1245599 Synchronize + Read Permissions + Delete + WriteAttributes + ReadAttributes + WriteExtendesAttributes + ReadExtendesAttributes + AppendData + CreateFiles + ReadData
1245631 Modify
1245695 Synchronize + ReadPermissions + Delete + WriteAttributes + ReadAttributes + DeleteSubdirectories + ExecuteFile + WriteExtendedAttributes + ReadExtendedAttributes + AppendData + CreateFIle + ReadData
1507775 Synchronize + ChangePermissions + ReadPermissions + Delete + WriteAttributes + ReadAttributes + ExecuteFile +  WriteExtendedAttributes + ReadExtendedAttributes + AppendData + CreateFIle + ReadData
1966591 Synchronize + TakeOwnership + ChangePermissions + ReadPermissions + WriteAttributes + ReadAttributes + ExecuteFile +  WriteExtendedAttributes + ReadExtendedAttributes + AppendData + CreateFIle + ReadData
2032031 Synchronize + TakeOwnership + ChangePermissions + ReadPermissions + Delete + WriteAttributes + ReadAttributes + ExecuteFile +  WriteExtendedAttributes + ReadExtendedAttributes + AppendData + CreateFIle + ReadData
2032095 Synchronize + TakeOwnership + ChangePermissions + ReadPermissions + Delete + WriteAttributes + ReadAttributes + DeleteSubdirectories + WriteExtendedAttributes + ReadExtendedAttributes + AppendData + CreateFIle + ReadData
2032127 Full Control
Translate »