Many thank's Andy. I missed the page https://jena.apache.org/documentation/fuseki2/data-access-control#graph-acl I will explore the possibilities offered by a graph by graph control.
For my original problem, I found a solution by avoiding the standard UI of fuseki. I installed Yasgui as UI and then, datasets freely accessible are accessible in the Yasgui UI while they aren't in the standard Fuseki UI. -- Jean-Claude Moissinac Le dim. 24 nov. 2019 à 18:11, Andy Seaborne <[email protected]> a écrit : > > > On 24/11/2019 11:51, Claude Warren wrote: > > If you want to restrict access to datasets alone you can probably do that > > in Fuseki. If you want to grant access to specific models within a > dataset > > you will probably need to use the Permissions layer. > > The permissions layer will allow you to restrict access to graphs or even > > down to the triple level. > > Fuseki has per-graph-access control: > > https://jena.apache.org/documentation/fuseki2/data-access-control#graph-acl > > If it is TBD1 or TDB2, it's done by filtering the data as it's read out > of the indexes. > > Otherwise it's a rewritten dataset with only the accessible graphs. > > DefaultUnionGraph works. > > The only policy modes are "read" or "write", combined with the ACL > description in Fuskei configuration file. > > After that, for parts of a graph (triple level, e.g. by predicate), or > for policies other than "read" or "write" based on ACLs, you do need the > permissions layer. > > Andy > > > > > Restricting access to models in a dataset using Shiro would be a fairly > > straight forward extension of the ShiroExampleEvaluator to map users to > the > > models they can see. > > > > Claude > > > > On Fri, Nov 22, 2019 at 4:41 PM Jean-Claude Moissinac < > > [email protected]> wrote: > > > >> Dear Marco, > >> > >> I think my previous reading of this documentation was right. > >> My understanding is that the proposed solution is to develop specific > Java > >> code (like the ShiroExampleEvaluator) to implement the permissions. > >> I would like just to configure and use fuseki, not start a Java > development > >> I doesn't see clearly , by doing such code, > >> * if i get something more efficient than what I do with shiro, following > >> the documentation here > >> https://jena.apache.org/documentation/fuseki2/fuseki-security.html > >> > >> * if I will be able to manage correctly the user interface while having > >> some free datasets and some protected dataset > >> now, a window to enter a login/pwd is always displayed when I call the > user > >> interface, so I'm not able to give a free access to free datasets > >> through the user interface > >> In the section [urls] of shiro.ini, I have the following line to access > the > >> user interface > >> / = anon > >> > >> > >> > >> > >> -- > >> Jean-Claude Moissinac > >> > >> > >> > >> Le jeu. 21 nov. 2019 à 16:05, Marco Neumann <[email protected]> a > >> écrit : > >> > >>> please take a look at > >>> > >>> https://jena.apache.org/documentation/permissions/index.html > >>> > >>> > >>> On Thu 21. Nov 2019 at 14:00, Jean-Claude Moissinac < > >>> [email protected]> wrote: > >>> > >>>> Hello > >>>> > >>>> I would like to give free access to some datasets in my fuseki server > >> and > >>>> control access to other datasets. > >>>> With shiro, I'm able to control the sparql access points like > >>>> https://myserver/dm/sparql > >>>> but I'm not able to give a controlled access to the datasets user > >>> interface > >>>> https://myserver/dataset.html?tab=query&ds=/controlleddataset > >>>> or > >>>> https://myserver/dataset.html?tab=query&ds=/freedataset > >>>> or > >>>> https://myserver/ > >>>> > >>>> Is there some good practices about the access control in fuseki > >>> instances? > >>>> > >>>> Thank's in advance for any advice > >>>> -- > >>>> Jean-Claude Moissinac > >>>> > >>> -- > >>> > >>> > >>> --- > >>> Marco Neumann > >>> KONA > >>> > >> > > > > >
