On 10/28/13 4:07 PM, Roland Cornelissen wrote:
Hi,I have a VOS7 setup where a certain graph is restricted to public access. FCT is installed and search results show information from the restricted graph. Is this a hole in the security model or do I need to config something additionally in FCT? Thanks, Roland
What rule have you actually set? Here's an example:DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs','{Named-Graph-IRI}') ;
-- Setting Rules for specific SQL role/user accounts -- Call Signature: -- DB.DBA.RDF_DEFAULT_USER_PERMS_SET (uname, perms, set_private_flag) -- Example: -- To ensure user 'nobody' doesn't have access to private graphs execute: DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0, 1);-- To ensure that services running under user/role account 'SPARQL' don't have access to private graphs (denoted using 1). Note: 0 denotes public public graphs
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('SPARQL', 0, 1); -- If this command fails run: update SYS_USERS set U_ACCOUNT_DISABLED = 0 where U_NAME = 'SPARQL';-- To ensure a specific SQL user/role account 'rww' is given access to private graphs:
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 1, 1);-- To ensure SQL user/role account 'rww' only has read, write, and sponge privileges on non private graphs i.e., opposite of the rule above
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 7, 0); -- Troubleshoot your ACLs e.g., when your settings don't match expectations RDF_GRAPH_SECURITY_AUDIT ( 0 ) ;-- Unilaterally remove ACL settings for a user e.g., when a problem is too hard to track down:
DB.DBA.RDF_ALL_USER_PERMS_DEL ('rww') ;-- Catering for the fact that some datasets are supposed to be confidential, thus the whole quad storage is set to confidential. Then specific privileges can be assigned to specific graphs for specific users
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0); Kingsley
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users
-- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users