On 10/29/13 2:46 PM, Roland Cornelissen wrote:
Thanks Kingsley for the extensive answer.I spelled every word of it but didn't manage to get it working following your instructions. The rules I initially set were derived from the wiki [1], following 6.3 to 6.7. I did not use graph_groups however.Now when issue:DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs','http://data.metamatter.nl/test/') ;I get this error:*** Error RDF99: [Virtuoso Driver][Virtuoso Server]Graph group <http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs> does not existat line 1 of Top-Level:DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs','http://data.metamatter.nl/test/')I asume this is a predefined group for security purposes (?) that is missing from my install?Can I check this somehow or recreate this group?
Please create the graph group manually using:DB.DBA.RDF_GRAPH_GROUP_CREATE ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs' <http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs%27>, 0);
Kingsley
Thanks, Roland[1] http://www.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtRDFGraphsSecurityOn 28-10-13 22:12, Kingsley Idehen wrote:On 10/28/13 4:07 PM, Roland Cornelissen wrote:Hi,I have a VOS7 setup where a certain graph is restricted to public access. FCT is installed and search results show information from the restrictedgraph. Is this a hole in the security model or do I need to config something additionally in FCT? Thanks, RolandWhat rule have you actually set? Here's an example:DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs','{Named-Graph-IRI}') ;-- Setting Rules for specific SQL role/user accounts -- Call Signature: -- DB.DBA.RDF_DEFAULT_USER_PERMS_SET (uname, perms, set_private_flag) -- Example:-- To ensure user 'nobody' doesn't have access to private graphs execute:DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0, 1);-- To ensure that services running under user/role account 'SPARQL' don't have access to private graphs (denoted using 1). Note: 0 denotes public public graphsDB.DBA.RDF_DEFAULT_USER_PERMS_SET ('SPARQL', 0, 1); -- If this command fails run: update SYS_USERS set U_ACCOUNT_DISABLED = 0 where U_NAME = 'SPARQL';-- To ensure a specific SQL user/role account 'rww' is given access to private graphs:DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 1, 1);-- To ensure SQL user/role account 'rww' only has read, write, and sponge privileges on non private graphs i.e., opposite of the rule aboveDB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 7, 0);-- Troubleshoot your ACLs e.g., when your settings don't match expectationsRDF_GRAPH_SECURITY_AUDIT ( 0 ) ;-- Unilaterally remove ACL settings for a user e.g., when a problem is too hard to track down:DB.DBA.RDF_ALL_USER_PERMS_DEL ('rww') ;-- Catering for the fact that some datasets are supposed to be confidential, thus the whole quad storage is set to confidential. Then specific privileges can be assigned to specific graphs for specific usersDB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0); Kingsley------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keepAndroid apps secure.http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk_______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users
-- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users