diff --git a/modules/ROOT/content-nav.adoc b/modules/ROOT/content-nav.adoc index a85501ede..78f107ea9 100644 --- a/modules/ROOT/content-nav.adoc +++ b/modules/ROOT/content-nav.adoc @@ -76,6 +76,7 @@ Generic Start ** xref:query/introduction.adoc[What is Query?] ** xref:query/visual-tour.adoc[Visual tour] ** xref:query/operations.adoc[Query operations] +** xref:query/procedures.adoc[Procedures] * xref:apoc.adoc[APOC support] diff --git a/modules/ROOT/pages/index.adoc b/modules/ROOT/pages/index.adoc index a5867a3c4..a8e403694 100644 --- a/modules/ROOT/pages/index.adoc +++ b/modules/ROOT/pages/index.adoc @@ -9,7 +9,7 @@ It brings together the capabilties of several tools, services, and operations fr To get started with Neo4j Aura, log in at link:https://console-preview.neo4j.io/account/profile[], or click "Get Started Free" at the top of the page. The Neo4j Aura console, or **console** for short, is the new UI experience for Neo4j Aura users. -Use the console to import and interact with your data — from visualizing nodes and relationships to executing queries with the Cypher query language. +Use the console to import and interact with your data - from visualizing nodes and relationships to executing queries with the Cypher query language. You can monitor your instances and databases via metrics and logs to get insight into various aspects, such as performance, resource usage, and overall system health. The Aura environment starts with an organization which can contain multiple projects with multiple users associated. diff --git a/modules/ROOT/pages/query/procedures.adoc b/modules/ROOT/pages/query/procedures.adoc new file mode 100644 index 000000000..9c52b8dd5 --- /dev/null +++ b/modules/ROOT/pages/query/procedures.adoc @@ -0,0 +1,164 @@ += Aura Built-in Procedures Reference + +This page provides a reference for built-in procedures supported in Neo4j Aura (including both AuraDB and AuraDS). +Aura restricts access to certain administrative and custom capabilities due to its fully managed, secure architecture. +This guide highlights what is available, how to use them, and which procedures are not supported. + +The full list of Neo4j procedures is available at https://neo4j.com/docs/operations-manual/current/procedures/ + +To check which procedures are available in your Aura instance, run the following Cypher command in the query editor or Cypher shell: + +.List available procedures with default output columns +[source,cypher] +---- +SHOW PROCEDURES; +---- + +.All procedures must be called with the CALL keyword, e.g. +[source,cypher] +---- +CALL db.labels(); +---- + +== Supported Built-in Procedures + +The following procedures are available in Aura by default: + +== Schema and Metadata + +`CALL db.labels();` +List all labels used in the database. + +`CALL db.relationshipTypes();` +Show all relationship types. + +`CALL db.propertyKeys();` +Returns all property keys in use. + +`CALL db.schema.visualization();` +Provides a visual representation of the database schema. + +`CALL db.schema.nodeTypeProperties();` +Lists properties by node type. + +== Index and Query Management + +`CALL db.awaitIndex('MyIndex', 300);` +Wait for a specific index to come online. + +`CALL db.awaitIndexes(300);` +Wait for all indexes to come online. + +`CALL db.index.fulltext.awaitEventuallyConsistentIndexRefresh();` + +`CALL db.index.fulltext.listAvailableAnalyzers();` + +`CALL db.index.fulltext.queryNodes('index', 'query');` +(requires 2+ parameters) + +`CALL db.index.fulltext.queryRelationships()` + +`CALL db.resampleIndex();` + +`CALL db.resampleOutdatedIndexes();` + +`CALL db.clearQueryCaches();` + +== System and Admin + +`CALL db.checkpoint();` +Triggers a manual checkpoint. Temporarily bypasses IOPS limit for faster completion. + +`CALL db.ping();` +Ping the DB (for latency/debugging). + +`CALL dbms.info();` +Returns version and system metadata. + +`CALL dbms.listCapabilities();` + +`CALL dbms.listPools();` + +`CALL cdc.current();` +Lists current change data capture state (if CDC is enabled). + +`CALL cdc.earliest();` +Returns earliest CDC state (if enabled). + +`CALL dbms.showCurrentUser();` + +== Restricted or Partially Supported Procedures + +The following are known to be restricted in Aura (e.g. due to permission, cluster, or filesystem constraints). + +`CALL db.info()` +Used for system-level diagnostics (❌ Not supported in Aura Free ✅ Supported in Aura Pro) + +`CALL db.stats.status()` +Restricted access. + +`CALL dbms.procedures()` / `CALL dbms.functions()` +Do not return full results - admin-level visibility is blocked. + +`CALL dbms.listConfig()` +Forbidden + +`CALL dbms.checkConfigValue()` +Permission denied. + +`CALL dbms.security.clearAuthCache()` +Not allowed for user-level roles. + +`CALL dbms.security.reloadTLS()` +Same as above - admin permissions required. + +`CALL dbms.scheduler.failedJobs()` +Not supported - relates to job monitoring in cluster mode. + +`CALL dbms.scheduler.groups()` +Same - cluster job management only. + +`CALL dbms.scheduler.jobs()` +Same - unavailable in single-instance deployments. + +`CALL dbms.cluster.checkConnectivity()` +Requires clustered deployment - not available in AuraDB. + +`CALL dbms.setDefaultDatabase()` +Requires elevated access - restricted in Aura. + +`CALL dbms.quarantineDatabase(databaseName, status)` +Requires at least 2 arguments. Not permitted in Aura. + +`CALL dbms.unquarantineDatabase()` +Same as above - forbidden in managed deployments. + +`CALL dbms.upgrade()` / `CALL dbms.upgradeStatus()` +Forbidden for client roles - handled by Neo4j infrastructure. + +== Usable, But With Caveats + +`CALL dbms.listActiveLocks('queryId')` +Requires a valid queryId. Will return syntax error if called without arguments. + +`CALL dbms.killConnection()` / `CALL dbms.killConnections()` +Likely supported, but requires correct usage and roles. Syntax errors may occur if misused. + +`CALL dbms.routing.getRoutingTable({context})` +Requires a map input. Fails with 0 arguments. Used internally for routing in clustered setups. + +== Unsupported Capabilities in Aura + +Neo4j Aura is a fully managed, cloud-hosted platform, and for security and stability reasons it does not support: + +* User-defined procedures +(i.e., uploading or registering your own Java procedures or extensions) + +* APOC Full +(such as apoc.trigger, apoc.load.jdbc, apoc.custom.*, etc.) + +* Filesystem-level access +Any procedure that attempts to read from or write to the local disk is restricted. + +* `dbms.security.procedures*` +Generally locked down, especially those involving user auth, certificates, TLS reloads, or credential cache clearing. diff --git a/modules/ROOT/pages/security/encryption.adoc b/modules/ROOT/pages/security/encryption.adoc index ed93b956e..71d94ee9e 100644 --- a/modules/ROOT/pages/security/encryption.adoc +++ b/modules/ROOT/pages/security/encryption.adoc @@ -83,7 +83,7 @@ Below are the details and possible errors that you may encounter depending on th When using a Customer Managed Key within Aura to encrypt one or more Aura database instances, it cannot be removed from Aura. If you no longer need to use this Customer Managed Key to encrypt Aura databases, first delete the Aura database instances that are encrypted with the key, then you can remove the key from Aura. -Keep in mind that this process only breaks the link between the key and Aura —- it does not delete the actual key from the Cloud KMS. +Keep in mind that this process only breaks the link between the key and Aura -- it does not delete the actual key from the Cloud KMS. == AWS keys diff --git a/modules/ROOT/pages/security/secure-connections.adoc b/modules/ROOT/pages/security/secure-connections.adoc index 921e4bc94..ecb06f791 100644 --- a/modules/ROOT/pages/security/secure-connections.adoc +++ b/modules/ROOT/pages/security/secure-connections.adoc @@ -270,7 +270,7 @@ Note that similarly to the individual records, this wildcard record must also be [IMPORTANT] ==== -If users have regions with different private link endpoints, but have linked those endpoints to one client VPC , then the wildcard record would direct all traffic for custom endpoints to only one region—whichever is associated with the IP address used in the DNS records. +If users have regions with different private link endpoints, but have linked those endpoints to one client VPC , then the wildcard record would direct all traffic for custom endpoints to only one region-whichever is associated with the IP address used in the DNS records. This breaks routing for custom endpoints located in the other regions, and therefore, if you do not have a simple private link setup, it is recommended to use the individual custom endpoint records, rather than the wildcard. ==== diff --git a/modules/ROOT/pages/visual-tour/index.adoc b/modules/ROOT/pages/visual-tour/index.adoc index a68e5bf3e..5f73cfb19 100644 --- a/modules/ROOT/pages/visual-tour/index.adoc +++ b/modules/ROOT/pages/visual-tour/index.adoc @@ -151,7 +151,7 @@ Access, permissions, and billing are managed at the project level. Users are associated with a project and can have various roles and permissions. New users can be invited from the users' page. From there, you can manage accounts, permissions, and control access levels to ensure secure and appropriate instance use. -Individuals can have access to a project for administrative work, or to the instances for data work — you can also assign more specific permissions. +Individuals can have access to a project for administrative work, or to the instances for data work - you can also assign more specific permissions. See xref:user-management.adoc[User management] for more information. === Billing