On 11/30/16 7:26 AM, Olivier Filangi wrote: > sorry, but I write a mistake on my first mail. > > the problem come from the load request : > > LOAD <http://localhost:6543/ttl/tmp_Personneeep0ehlj.ttl> INTO GRAPH > <urn:sparql:Personne_1480508368.7381034> > > I do the load request just next this sparql request : > > PREFIX : <http://www.semanticweb.org/INRA/igepp/ontologies/2016/1#> > PREFIX dc: <http://purl.org/dc/elements/1.1/> > PREFIX xsd: <http://www.w3.org/2001/XMLSchema#> > PREFIX owl: <http://www.w3.org/2002/07/owl#> > PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> > PREFIX rdfg: <http://www.w3.org/2004/03/trix/rdfg-1/> > PREFIX prov: <http://www.w3.org/ns/prov#> > PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> > PREFIX askomicsns: <http://www.semanticweb.org/askomicsns/setting#> > > INSERT DATA { > GRAPH <http://symbiose/igepp.inra.fr/public/user> > { > <urn:sparql:Personne_1480508368.7381034> rdfg:subGraphOf > <http://symbiose/igepp.inra.fr/public/user> . > } > } > > Olivier > > > Le 30/11/2016 à 11:58, Olivier Filangi a écrit : >> Dear all, >> >> I'm currently testing permissions graph using isql in virtuoso for a GUI >> project (https://github.com/askomics/askomics/) at front of a TPS. >> >> I would like know, if it's possible to give rights permissions >> (load/upload) dynamically on a subgraph (which is inside a graph with >> write permission). >> >> I set up vituoso with following command : >> >> ## by defaut without authentifcation, all is hidden >> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0); >> >> ## 'user' and 'admin' is two kind of user with select permission by default >> DB.DBA.USER_CREATE ('user', 'user'); >> GRANT SPARQL_UPDATE TO "user"; >> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('user', 1); >> >> DB.DBA.USER_CREATE ('admin', 'admin'); >> GRANT SPARQL_UPDATE TO "admin"; >> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('admin', 1); >> >> >> #I create two main graphs (a public and a private) for manage visibility >> and insertion of data >> DB.DBA.RDF_GRAPH_GROUP_CREATE >> ('http://symbiose/igepp.inra.fr/public/user', 1); >> DB.DBA.RDF_GRAPH_GROUP_CREATE >> ('http://symbiose/igepp.inra.fr/private/user', 1); >> >> #the public graph is reachable from anyone and can be manage by the admin >> DB.DBA.RDF_GRAPH_USER_PERMS_SET >> ('http://symbiose/igepp.inra.fr/public/user','nobody', 1); >> DB.DBA.RDF_GRAPH_USER_PERMS_SET >> ('http://symbiose/igepp.inra.fr/public/user','admin', 7); >> >> #the private graph is only available by the user (with write rights) >> DB.DBA.RDF_GRAPH_USER_PERMS_SET >> ('http://symbiose/igepp.inra.fr/private/user','nobody', 0); >> DB.DBA.RDF_GRAPH_USER_PERMS_SET >> ('http://symbiose/igepp.inra.fr/private/user','user', 7); >> >> >> I would like to insert with the askomics GUI new graphs inside the >> private or public graph according the authentification (admin or user) >> but actually it does not work. >> "Error SR619: SPARUL LOAD access denied: database user 111 (admin) has >> no write permission on graph urn:sparql:connait_1480502257.403878" >> appear when admin want to insert the graph >> "urn:sparql:connait_1480502257.403878" in >> "'http://symbiose/igepp.inra.fr/public/user";. >> here the request: >> >> PREFIX : <http://www.semanticweb.org/INRA/igepp/ontologies/2016/1#> >> PREFIX xsd: <http://www.w3.org/2001/XMLSchema#> >> PREFIX askomicsns: <http://www.semanticweb.org/askomicsns/setting#> >> PREFIX dc: <http://purl.org/dc/elements/1.1/> >> PREFIX rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> >> PREFIX prov: <http://www.w3.org/ns/prov#> >> PREFIX rdfs: <http://www.w3.org/2000/01/rdf-schema#> >> PREFIX rdfg: <http://www.w3.org/2004/03/trix/rdfg-1/> >> PREFIX owl: <http://www.w3.org/2002/07/owl#> >> >> INSERT DATA { >> GRAPH <http://symbiose/igepp.inra.fr/public/user> >> { >> <urn:sparql:connait_1480502257.403878> prov:generatedAtTime >> ""^^xsd:dateTime . >> <urn:sparql:connait_1480502257.403878> dc:creator "ofilangi"^^xsd:string . >> <urn:sparql:connait_1480502257.403878> prov:wasDerivedFrom >> "connait"^^xsd:string . >> <urn:sparql:connait_1480502257.403878> dc:hasVersion "2.0"^^xsd:string . >> <urn:sparql:connait_1480502257.403878> prov:describesService >> ""^^xsd:string . >> } >> } >> >> Thanks for you future answer ! >> Olivier F. >> >> >> > -- Filangi Olivier +33 (0)2 23 48 51 48 Biodiversity and Polyploidy > team - UMR1349 IGEPP - INRA - Agrocampus Ouest +33 (0)2 99 84 74 22 > GenOuest Bioinformatics Platform - IRISA
To achieve the kind of declarative ACLs you seek, scoped to entities (identified by WebIDs), you will need our Attribute-based ACLs (ABAC) functionality which is part of the commercial edition of Virtuoso. [1] https://medium.com/openlink-software-blog/simple-youid-browser-extension-usage-exercise-57fa3ff6c6b7#.ivw4sf1xg [2] https://medium.com/openlink-software-blog/verifiable-identity-controlled-by-you-at-web-scale-3d66399cb114 [3] https://medium.com/virtuoso-blog/web-logic-sentences-and-the-magic-of-being-you-e2a719d01f73 Regards, Kingsley Idehen Founder & CEO OpenLink Software (Home Page: http://www.openlinksw.com) Weblogs (Blogs): Legacy Blog: http://www.openlinksw.com/blog/~kidehen/ Blogspot Blog: http://kidehen.blogspot.com Medium Blog: https://medium.com/@kidehen Profile Pages: Pinterest: https://www.pinterest.com/kidehen/ Quora: https://www.quora.com/profile/Kingsley-Uyi-Idehen Twitter: https://twitter.com/kidehen Google+: https://plus.google.com/+KingsleyIdehen/about LinkedIn: http://www.linkedin.com/in/kidehen Web Identities (WebID): Personal: http://kingsley.idehen.net/dataspace/person/kidehen#this : http://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------
_______________________________________________ Virtuoso-users mailing list Virtuoso-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/virtuoso-users
