Hi Gang Fu,
On 03-Feb-15 3:47 PM, Gang Fu wrote:
Hi Rumi,
I looked at the source code of libsrc/Wi/sparql_io.sql for procedure
WS.WS <http://WS.WS>."/!sparql/":
create procedure WS.WS."/!sparql/"(inout pathvarchar, inout params
any, inout lines any)
I am not sure whether the user as "SPARQL" for /sparql endpoint are
set by default here:
user_id :=connection_get ('SPARQLUserId', 'SPARQL');
set_user_id (user_id, 1);
I have tried to grant SPARQL_UPDATE to user "SPARQL", then the /sparql
endpoint is not read-only....
And when I tried to grant another role, I got
The object "SPARQL_LOAD_SERVICE_DATA" does not exist.
But it does not allow me to expose /sparql endpoint using vsp_user
"SPARQL". What I am really interested in is how to expose sparql
endpoint using vsp users other than dba.
Hm, I would say you grant the roles to another vsp user as this is what
you want to achieve is this correct?
As now you granted them to "SPARQL" instead?
Additionally, did you try the steps from the guide
http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtSPARQLProtectSQLDigestAuthentication
?
Best Regards,
Rumi Kocis
Best,
Gang
On Tue, Feb 3, 2015 at 8:10 AM, Rumi <rtsek...@openlinksw.com
<mailto:rtsek...@openlinksw.com>> wrote:
Hi Gang Fu,
On 03-Feb-15 1:15 PM, Gang Fu wrote:
Hi,
I am using function vhost_define() to expose read-only sparql
endpoint through another port (different from 8890) for security
concern.
I have two questions:
1) how can I expose a sparql endpoint using account other than
'dba'. I have tried to using vsp_user=>'SPARQL', but I got '404
cannot access' error when I tried the url. I also set the
opts->(executable, 'yes'), this option seems to allow any vsp
user to have execute permission, but it still does not work. I
also tried to set user 'SPARQL' to administrator role, but still
cannot work....
Please try the steps from this guide: "Secure SPARQL Endpoint via
SQL Accounts -- usage path digest authentication"
Link:
http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtSPARQLProtectSQLDigestAuthentication
Related:
-- Securing SPARQL endpoints:
http://virtuoso.openlinksw.com/dataspace/doc/dav/wiki/Main/VirtTipsAndTricksGuideSPARQLEndpoints
-- Securing your SPARQL Endpoint via OAuth:
http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtOAuthSPARQL
-- Securing your SPARQL Endpoint via WebID:
http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtSPARQLSecurityWebID
2) how can I know and configure the user account to use '/sparql'
endpoint by default. The system table 'DB.DBA.HTTP_PATH' only
shows that the vsp_user is 'dba', but it does not show the
default user of that endpoint is 'SPARLQ' (ID=106). The
documentation says the user is 'SPARLQ' for both '/sparql' and
'/sparql-graph-crud', but I cannot find any system table for
that. Our system team wants to audit that information.
The name 'SPARQL' is a constant in the code of SPARQL web service
endpoint pages ( /sparql and /sparql-auth ).
Another name can be used if authentication function sets
connection variable 'SPARQLUserId' to that name, for ex., placing
inside authentication call:
connection_set ('SPARQLUserId', 'SOME_USER_NAME');
What you could try is to grant more roles to the user if needed,
such as:
SPARQL_LOAD_SERVICE_DATA or SPARQL_UPDATE, by granting directly to
the user or, better, to SPARQL_SELECT, since the endpoint page
will require that the user is member of SPARQL_SELECT group --
that's the minimal practical permission, however one can grant
more permissions.
Best Regards,
Rumi Kocis
Best,
Gang
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now.http://goparallel.sourceforge.net/
_______________________________________________
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
<mailto:Virtuoso-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/virtuoso-users
------------------------------------------------------------------------------
Dive into the World of Parallel Programming. The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users
