Custom Security Plugins & User-Defined Procedures in Neo4j Enterprise Edition [Security Series, Part 5]

Neo4j Enterprise Edition provides tightly controlled access and permission to execute user-defined procedures, using custom security plugins and fine-grained access control. Authentication and authorization plugin interfaces support real-world deployment scenarios not covered by native users or built-in configuration-based LDAP connector. Custom-built plugins have access to the `neo4j.conf` configuration file and can write to the security event log, while a combined plugin provides both authentication and authorization in a single method. The feature allows mapping specific user-defined procedures with the list of roles that have explicit permission to execute it, enabling fine-grained access control. This is especially valuable if the procedure reads or modifies only a portion of the graph, allowing for sub-graph access based on custom roles. Authorizing roles to execute user-defined procedures is an evolving feature, and when deploying in production, it's recommended to follow standard database security best practices, including deploying Neo4j on a safe server, using secure authentication providers, protecting data-at-rest and in-transit, and managing access to logs and backups.