search

SpecterOps / BloodHound

Six Degrees of Domain Admin
https://bloodhoundenterprise.io/
Apache License 2.0
1.11k stars 109 forks source link

[Feature Request] Disable write access protections from cypher #91

Closed cmprmsd closed 5 months ago

cmprmsd commented 1 year ago

Feature Description:

As stated at Black Hat there is currently a kind of safe mode in the UI that prevents people from messing with the Neo4j db in order to update properties etc. from the BHCE UI. This was a design decision to protect enterprise customers from destroying their persistent databases afaik.

Current Behavior:

No write access to DB for no/any user role.

Desired Behavior:

The Admin user and certain roles should be able to update stuff in neo4j from the UI via cypher queries without having to connect to the db directly.

Use Case:

As consultants our use of the neo4j db is quite temporary. There is no need to protect us from ourselves in this case.

Implementation Suggestions:

You could add it to the role model or add a ENV var to the docker-compose definition file.

StephenHinck commented 5 months ago

This was resolved with https://github.com/SpecterOps/BloodHound/pull/571 and will be available in our forthcoming release in ~3 weeks.

cmprmsd commented 5 months ago

Awesome, thank you!