Skip to content

Commit 3f51e57

Browse files
Update the definition of the authenticatedUser entry (#3099) (#3164)
1 parent e2e85e2 commit 3f51e57

1 file changed

Lines changed: 8 additions & 5 deletions

File tree

modules/ROOT/pages/monitoring/logging.adoc

Lines changed: 8 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -782,11 +782,11 @@ The following information is available in the JSON format:
782782
This field is optional and thus will not be populated for all security events.
783783

784784
| executingUser
785-
| The name of the user triggering the security event.
785+
| The username of the user triggering the security event.
786786
Either same as `authenticatedUser` or an impersonated user.
787787

788788
| authenticatedUser
789-
| The name of the user who authenticated and is connected to the security event.
789+
| The username of the user who authenticated and is connected to the security event.
790790

791791
| message
792792
| The log message.
@@ -1301,11 +1301,14 @@ Included when xref:configuration/configuration-settings.adoc#config_db.logs.quer
13011301
| The database name on which the query is run. This field will be `<none>` if the query cannot be parsed and routed to a database.
13021302

13031303
| executingUser
1304-
| The name of the user executing the query.
1304+
| The username of the user executing the query.
13051305
Either same as `authenticatedUser` or an impersonated user.
13061306

1307-
| authenticatedUser
1308-
| The name of the user who authenticated and is executing the query.
1307+
| authenticatedUser footnote:[When SSO is enabled, the username is determined by the xref:configuration/configuration-settings.adoc#config_dbms.security.oidc.-provider-.claims.username[`dbms.security.oidc.<provider>.claims.username`] setting.
1308+
If LDAP is configured, Neo4j determines the username string using one of two settings: xref:configuration/configuration-settings.adoc#config_dbms.security.ldap.authentication.user_dn_template[`dbms.security.ldap.authentication.user_dn_template`] or xref:configuration/configuration-settings.adoc#config_dbms.security.ldap.authentication.attribute[`dbms.security.ldap.authentication.attribute`].
1309+
For both OIDC and LDAP, if local user mapping is required (`dbms.security.require_local_user=true`), the log records the mapped local username instead of the external identity string.
1310+
If authentication is controlled on a user level via Cypher statements, the username is defined directly inside the `system` database using native user creation queries: `CREATE USER 'name'`.]
1311+
| The username used to authenticate the session, whether managed natively by Neo4j or externally via an identity provider like LDAP or OIDC/SSO.
13091312

13101313
| query
13111314
| The query text.

0 commit comments

Comments
 (0)