Thanks,So I added the graph group as suggested and included the private graph to the group. But still the data in the graph is presented as search result in FCT for unauthorized access. Nothing changed, except for an additional error message when issued RDF_GRAPH_SECURITY_AUDIT ( 0 ) ;
Like this:
RDF_GRAPH_SECURITY_AUDIT ( 0 ) ; SEVERITY GRAPH_IID GRAPH_IRI USER_ID USER_NAME MESSAGE VARCHAR VARCHAR VARCHAR INTEGER VARCHAR VARCHAR _______________________________________________________________________________NULL NULL NULL NULL Inspecting caches of IRI_IDs of IRIs mentioned in security data... NULL NULL NULL NULL Inspecting completeness of IRI cache for graph groups... NULL NULL NULL NULL Inspecting completeness of IRI cache for graph group members... NULL NULL NULL NULL Check for mismatches between graph group IRIs and graph group IRI_IDs...
*** Error 22023: [Virtuoso Driver][Virtuoso Server]SR007: Function sprintf needs a string or UNAME or NULL as argument 2, not an arg of type IRI_ID (243)
at line 8 of Top-Level: RDF_GRAPH_SECURITY_AUDIT ( 0 ) Inspecting caching of list of private graphs...Something gone wrong in the "Inspecting caching of list if private graphs...".
Mismatch in fieldtype, IRI_ID must be UNAME? I'm in the blind here. Thanks, Roland On 04-11-13 13:43, Hugh Williams wrote:
Hi Roland,The private graphs group is not created automatically and needs to be added with the function :DB.DBA.RDF_GRAPH_GROUP_CREATE ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs' <http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs%27>, 0);Best Regards Hugh Williams Professional Services OpenLink Software, Inc. // http://www.openlinksw.com/ Weblog -- http://www.openlinksw.com/blogs/ LinkedIn -- http://www.linkedin.com/company/openlink-software/ Twitter -- http://twitter.com/OpenLink Google+ -- http://plus.google.com/100570109519069333827/ Facebook -- http://www.facebook.com/OpenLinkSoftware Universal Data Access, Integration, and Management Technology ProvidersOn 29 Oct 2013, at 18:46, Roland Cornelissen <metamatter...@gmail.com <mailto:metamatter...@gmail.com>> wrote:Thanks Kingsley for the extensive answer.I spelled every word of it but didn't manage to get it working following your instructions. The rules I initially set were derived from the wiki [1], following 6.3 to 6.7. I did not use graph_groups however.Now when issue:DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs','http://data.metamatter.nl/test/') ;I get this error:*** Error RDF99: [Virtuoso Driver][Virtuoso Server]Graph group <http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs> does not existat line 1 of Top-Level:DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs','http://data.metamatter.nl/test/')I asume this is a predefined group for security purposes (?) that is missing from my install?Can I check this somehow or recreate this group? Thanks, Roland[1] http://www.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtRDFGraphsSecurityOn 28-10-13 22:12, Kingsley Idehen wrote:On 10/28/13 4:07 PM, Roland Cornelissen wrote:Hi,I have a VOS7 setup where a certain graph is restricted to public access. FCT is installed and search results show information from the restrictedgraph. Is this a hole in the security model or do I need to config something additionally in FCT? Thanks, RolandWhat rule have you actually set? Here's an example:DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs','{Named-Graph-IRI}') ;-- Setting Rules for specific SQL role/user accounts -- Call Signature: -- DB.DBA.RDF_DEFAULT_USER_PERMS_SET (uname, perms, set_private_flag) -- Example:-- To ensure user 'nobody' doesn't have access to private graphs execute:DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0, 1);-- To ensure that services running under user/role account 'SPARQL' don't have access to private graphs (denoted using 1). Note: 0 denotes public public graphsDB.DBA.RDF_DEFAULT_USER_PERMS_SET ('SPARQL', 0, 1); -- If this command fails run: update SYS_USERS set U_ACCOUNT_DISABLED = 0 where U_NAME = 'SPARQL';-- To ensure a specific SQL user/role account 'rww' is given access to private graphs:DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 1, 1);-- To ensure SQL user/role account 'rww' only has read, write, and sponge privileges on non private graphs i.e., opposite of the rule aboveDB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('rww', 7, 0);-- Troubleshoot your ACLs e.g., when your settings don't match expectationsRDF_GRAPH_SECURITY_AUDIT ( 0 ) ;-- Unilaterally remove ACL settings for a user e.g., when a problem is too hard to track down:DB.DBA.RDF_ALL_USER_PERMS_DEL ('rww') ;-- Catering for the fact that some datasets are supposed to be confidential, thus the whole quad storage is set to confidential. Then specific privileges can be assigned to specific graphs for specific usersDB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0); Kingsley------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keepAndroid apps secure.http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk_______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk _______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users------------------------------------------------------------------------------Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keepAndroid apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk_______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users
------------------------------------------------------------------------------ Android is increasing in popularity, but the open development platform that developers love is also attractive to malware creators. Download this white paper to learn more about secure code signing practices that can help keep Android apps secure. http://pubads.g.doubleclick.net/gampad/clk?id=65839951&iu=/4140/ostg.clktrk
_______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users
