Keeper Security: Node & Edge Schema
This connection integrates privileged access and password management data into the SlashID identity graph from Keeper Security. It models users, teams, credentials, and their sharing/access relationships.
Node Types
| Node Type | Description |
|---|---|
KeeperUser | A standard user account in Keeper |
KeeperPAMUser | A privileged access (PAM) user in Keeper |
KeeperTeam | A team or group of users |
KeeperRole | A Keeper-defined role |
Credential | A stored password, secret, or credential |
Application | An application node (used for context or linking) |
Resource | A Keeper-managed resource or vault entry |
Edge Relationships
| Edge Type | From Node | To Node | Description |
|---|---|---|---|
IS_MEMBER_OF | KeeperUser | KeeperTeam | Indicates user membership in a team |
HAS_MEMBER | KeeperTeam | KeeperUser | Reverse of IS_MEMBER_OF |
HAS_ROLE | KeeperUser | KeeperRole | Associates user with a role |
ASSIGNED_TO | Credential | KeeperUser or Team | Indicates who owns or manages a credential |
OWNS | KeeperUser | Resource | User owns the resource |
IS_OWNED_BY | Resource | KeeperUser | Reverse of OWNS |
HAS_CREDENTIAL | KeeperUser | Credential | User possesses a credential |
IS_CREDENTIAL_OF | Credential | KeeperUser | Reverse of HAS_CREDENTIAL |
CAN_ACCESS | KeeperUser or KeeperTeam | Resource | Entity is allowed access |
CAN_BE_ACCESSED | Resource | KeeperUser or KeeperTeam | Reverse of CAN_ACCESS |
CAN_SHARE | KeeperUser | Resource | User can share this resource |
CAN_BE_SHARED_BY | Resource | KeeperUser | Reverse of CAN_SHARE |
CAN_WRITE | KeeperUser | Resource | User can write to resource |
CAN_BE_WRITTEN_BY | Resource | KeeperUser | Reverse of CAN_WRITE |
Examples
(KeeperUser)-[:IS_MEMBER_OF]->(KeeperTeam)
(KeeperUser)-[:HAS_ROLE]->(KeeperRole)
(KeeperUser)-[:HAS_CREDENTIAL]->(Credential)
(KeeperUser)-[:CAN_SHARE]->(Resource)
(Resource)-[:CAN_BE_WRITTEN_BY]->(KeeperUser)