Recreate admin role is incomplete

modules/ROOT/pages/authentication-authorization/built-in-roles.adoc

@@ -875,57 +875,79 @@ If the built-in `admin` role has been altered or dropped and needs to be restore
 [[access-control-built-in-roles-admin-recreate]]
 === Recreating the `admin` role
 
-To restore the role to its original capabilities two steps are needed.
-First, execute `DROP ROLE admin`.
-Secondly, run these queries:
+To recreate the `admin` role with its original capabilities, follow these steps:
 
-// cannot test as it would require deleting the role the test user is logged with
-[source, cypher, role=noplay test-skip]
+. Using a client such as xref:cypher-shell.adoc[Cypher Shell] or the Neo4j Browser, connect to the `system` database with a user that has the rights to manage roles and privileges.
++
+[source, shell]
 ----
-CREATE ROLE admin
+bin/cypher-shell -d system -u <username> -p <password>
 ----
-
+. Run the following command to list the privileges that are currently granted to the `admin` role as commands:
++
 [source, cypher, role=noplay]
 ----
-GRANT ALL DBMS PRIVILEGES ON DBMS TO admin
-----
-
-[source, cypher, role=noplay]
+SHOW ROLE admin PRIVILEGES AS COMMANDS;
 ----
-GRANT TRANSACTION MANAGEMENT ON DATABASE * TO admin
++
+[result]
 ----
++-------------------------------------------------------------+
+| command                                                     |
++-------------------------------------------------------------+
+| "GRANT ACCESS ON DATABASE * TO `admin`"                     |
+| "GRANT ALL DBMS PRIVILEGES ON DBMS TO `admin`"              |
+| "GRANT CONSTRAINT MANAGEMENT ON DATABASE * TO `admin`"      |
+| "GRANT INDEX MANAGEMENT ON DATABASE * TO `admin`"           |
+| "GRANT LOAD ON ALL DATA TO `admin`"                         |
+| "GRANT MATCH {*} ON GRAPH * NODE * TO `admin`"              |
+| "GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `admin`"      |
+| "GRANT NAME MANAGEMENT ON DATABASE * TO `admin`"            |
+| "GRANT SHOW CONSTRAINT ON DATABASE * TO `admin`"            |
+| "GRANT SHOW INDEX ON DATABASE * TO `admin`"                 |
+| "GRANT START ON DATABASE * TO `admin`"                      |
+| "GRANT STOP ON DATABASE * TO `admin`"                       |
+| "GRANT TRANSACTION MANAGEMENT (*) ON DATABASE * TO `admin`" |
+| "GRANT WRITE ON GRAPH * TO `admin`"                         |
++-------------------------------------------------------------+
 
-[source, cypher, role=noplay]
-----
-GRANT START ON DATABASE * TO admin
+14 rows
+ready to start consuming query after 39 ms, results consumed after another 0 ms
 ----
 
-[source, cypher, role=noplay]
+. Drop the existing `admin` role:
++
+[source, cypher]
 ----
-GRANT STOP ON DATABASE * TO admin
+DROP ROLE admin;
 ----
-
-[source, cypher, role=noplay]
+. Create a new `admin` role:
++
+[source, cypher]
 ----
-GRANT MATCH {*} ON GRAPH * TO admin
+CREATE ROLE admin;
 ----
-
-[source, cypher, role=noplay]
-----
-GRANT WRITE ON GRAPH * TO admin
-----
-
-[source, cypher, role=noplay]
-----
-GRANT LOAD ON ALL DATA TO admin
-----
-
-[source, cypher, role=noplay]
-----
-GRANT ALL ON DATABASE * TO admin
+. Run the commands from step 2 to recreate the `admin` role with its original capabilities:
++
+[source, cypher, role=noplay test-skip]
 ----
-
+GRANT ACCESS ON DATABASE * TO `admin`;
+GRANT ALL DBMS PRIVILEGES ON DBMS TO `admin`;
+GRANT CONSTRAINT MANAGEMENT ON DATABASE * TO `admin`;
+GRANT INDEX MANAGEMENT ON DATABASE * TO `admin`;
+GRANT LOAD ON ALL DATA TO `admin`;
+GRANT MATCH {*} ON GRAPH * NODE * TO `admin`;
+GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `admin`;
+GRANT NAME MANAGEMENT ON DATABASE * TO `admin`;
+GRANT SHOW CONSTRAINT ON DATABASE * TO `admin`;
+GRANT SHOW INDEX ON DATABASE * TO `admin`;
+GRANT START ON DATABASE * TO `admin`;
+GRANT STOP ON DATABASE * TO `admin`;
+GRANT TRANSACTION MANAGEMENT (*) ON DATABASE * TO `admin`;
+GRANT WRITE ON GRAPH * TO `admin`;
+----
++
 The resulting `admin` role now has the same effective privileges as the original built-in `admin` role.
 
-Additional information about restoring the `admin` role can be found in the xref:authentication-authorization/password-and-user-recovery.adoc[ Recover the admin role].
+Additional information about restoring the `admin` role can be found in the xref:authentication-authorization/password-and-user-recovery.adoc[Recover the admin role].
 

modules/ROOT/pages/authentication-authorization/password-and-user-recovery.adoc

@@ -188,13 +188,20 @@ If you have specified a non-default port for your `bolt` connector, add `-a neo4
 [source, cypher]
 ----
 CREATE ROLE admin;
-GRANT ALL DBMS PRIVILEGES ON DBMS TO admin;
-GRANT TRANSACTION MANAGEMENT ON DATABASE * TO admin;
-GRANT START ON DATABASE * TO admin;
-GRANT STOP ON DATABASE * TO admin;
-GRANT MATCH {*} ON GRAPH * TO admin;
-GRANT WRITE ON GRAPH * TO admin;
-GRANT ALL ON DATABASE * TO admin;
+GRANT ACCESS ON DATABASE * TO `admin`;
+GRANT ALL DBMS PRIVILEGES ON DBMS TO `admin`;
+GRANT CONSTRAINT MANAGEMENT ON DATABASE * TO `admin`;
+GRANT INDEX MANAGEMENT ON DATABASE * TO `admin`;
+GRANT LOAD ON ALL DATA TO `admin`;
+GRANT MATCH {*} ON GRAPH * NODE * TO `admin`;
+GRANT MATCH {*} ON GRAPH * RELATIONSHIP * TO `admin`;
+GRANT NAME MANAGEMENT ON DATABASE * TO `admin`;
+GRANT SHOW CONSTRAINT ON DATABASE * TO `admin`;
+GRANT SHOW INDEX ON DATABASE * TO `admin`;
+GRANT START ON DATABASE * TO `admin`;
+GRANT STOP ON DATABASE * TO `admin`;
+GRANT TRANSACTION MANAGEMENT (*) ON DATABASE * TO `admin`;
+GRANT WRITE ON GRAPH * TO `admin`;
 ----
 . Grant the admin user role to an existing user.
 +