[Virtuoso-users] rights permissions on subgraph

2016-11-30 Thread Olivier Filangi
Dear all,

I'm currently testing permissions graph using isql in virtuoso for a GUI 
project (https://github.com/askomics/askomics/) at front of a TPS.

I would like know, if it's possible to give rights permissions 
(load/upload) dynamically on a subgraph (which is inside a graph with 
write permission).

I set up vituoso with following command :

## by defaut without authentifcation, all is hidden
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0);

## 'user' and 'admin' is two kind of user with select permission by default
DB.DBA.USER_CREATE ('user', 'user');
GRANT SPARQL_UPDATE TO "user";
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('user', 1);

DB.DBA.USER_CREATE ('admin', 'admin');
GRANT SPARQL_UPDATE TO "admin";
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('admin', 1);


#I create two main graphs (a public and a private) for manage visibility 
and insertion of data
DB.DBA.RDF_GRAPH_GROUP_CREATE 
('http://symbiose/igepp.inra.fr/public/user', 1);
DB.DBA.RDF_GRAPH_GROUP_CREATE 
('http://symbiose/igepp.inra.fr/private/user', 1);

#the public graph is reachable from anyone and can be manage by the admin
DB.DBA.RDF_GRAPH_USER_PERMS_SET 
('http://symbiose/igepp.inra.fr/public/user','nobody', 1);
DB.DBA.RDF_GRAPH_USER_PERMS_SET 
('http://symbiose/igepp.inra.fr/public/user','admin', 7);

#the private graph is only available by the user (with write rights)
DB.DBA.RDF_GRAPH_USER_PERMS_SET 
('http://symbiose/igepp.inra.fr/private/user','nobody', 0);
DB.DBA.RDF_GRAPH_USER_PERMS_SET 
('http://symbiose/igepp.inra.fr/private/user','user', 7);


I would like to insert with the askomics GUI new graphs inside the 
private or public graph according the authentification (admin or user) 
but actually it does not work.
"Error SR619: SPARUL LOAD access denied: database user 111 (admin) has 
no write permission on graph urn:sparql:connait_1480502257.403878" 
appear when admin want to insert the graph 
"urn:sparql:connait_1480502257.403878" in 
"'http://symbiose/igepp.inra.fr/public/user";.
here the request:

PREFIX : 
PREFIX xsd: 
PREFIX askomicsns: 
PREFIX dc: 
PREFIX rdf: 
PREFIX prov: 
PREFIX rdfs: 
PREFIX rdfg: 
PREFIX owl: 

INSERT DATA {
 GRAPH 
 {
 prov:generatedAtTime 
""^^xsd:dateTime .
 dc:creator "ofilangi"^^xsd:string  .
 prov:wasDerivedFrom 
"connait"^^xsd:string .
 dc:hasVersion "2.0"^^xsd:string .
 prov:describesService 
""^^xsd:string .
 }
 }

Thanks for you future answer !
Olivier F.



-- 
Filangi Olivier
+33 (0)2 23 48 51 48
Biodiversity and Polyploidy team - UMR1349 IGEPP - INRA - Agrocampus Ouest
+33 (0)2 99 84 74 22
GenOuest Bioinformatics Platform - IRISA


--
___
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users


Re: [Virtuoso-users] rights permissions on subgraph

2016-11-30 Thread Olivier Filangi
sorry, but I write a mistake on my first mail.

the problem come from the load request  :

LOAD  INTO GRAPH 


I do the load request just next this sparql request :

PREFIX : 
PREFIX dc: 
PREFIX xsd: 
PREFIX owl: 
PREFIX rdfs: 
PREFIX rdfg: 
PREFIX prov: 
PREFIX rdf: 
PREFIX askomicsns: 

INSERT DATA {
 GRAPH 
 {
 rdfg:subGraphOf 
 .
 }
 }

Olivier


Le 30/11/2016 à 11:58, Olivier Filangi a écrit :
> Dear all,
>
> I'm currently testing permissions graph using isql in virtuoso for a GUI
> project (https://github.com/askomics/askomics/) at front of a TPS.
>
> I would like know, if it's possible to give rights permissions
> (load/upload) dynamically on a subgraph (which is inside a graph with
> write permission).
>
> I set up vituoso with following command :
>
> ## by defaut without authentifcation, all is hidden
> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0);
>
> ## 'user' and 'admin' is two kind of user with select permission by default
> DB.DBA.USER_CREATE ('user', 'user');
> GRANT SPARQL_UPDATE TO "user";
> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('user', 1);
>
> DB.DBA.USER_CREATE ('admin', 'admin');
> GRANT SPARQL_UPDATE TO "admin";
> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('admin', 1);
>
>
> #I create two main graphs (a public and a private) for manage visibility
> and insertion of data
> DB.DBA.RDF_GRAPH_GROUP_CREATE
> ('http://symbiose/igepp.inra.fr/public/user', 1);
> DB.DBA.RDF_GRAPH_GROUP_CREATE
> ('http://symbiose/igepp.inra.fr/private/user', 1);
>
> #the public graph is reachable from anyone and can be manage by the admin
> DB.DBA.RDF_GRAPH_USER_PERMS_SET
> ('http://symbiose/igepp.inra.fr/public/user','nobody', 1);
> DB.DBA.RDF_GRAPH_USER_PERMS_SET
> ('http://symbiose/igepp.inra.fr/public/user','admin', 7);
>
> #the private graph is only available by the user (with write rights)
> DB.DBA.RDF_GRAPH_USER_PERMS_SET
> ('http://symbiose/igepp.inra.fr/private/user','nobody', 0);
> DB.DBA.RDF_GRAPH_USER_PERMS_SET
> ('http://symbiose/igepp.inra.fr/private/user','user', 7);
>
>
> I would like to insert with the askomics GUI new graphs inside the
> private or public graph according the authentification (admin or user)
> but actually it does not work.
> "Error SR619: SPARUL LOAD access denied: database user 111 (admin) has
> no write permission on graph urn:sparql:connait_1480502257.403878"
> appear when admin want to insert the graph
> "urn:sparql:connait_1480502257.403878" in
> "'http://symbiose/igepp.inra.fr/public/user";.
> here the request:
>
> PREFIX : 
> PREFIX xsd: 
> PREFIX askomicsns: 
> PREFIX dc: 
> PREFIX rdf: 
> PREFIX prov: 
> PREFIX rdfs: 
> PREFIX rdfg: 
> PREFIX owl: 
>
> INSERT DATA {
>   GRAPH 
>   {
>  prov:generatedAtTime
> ""^^xsd:dateTime .
>  dc:creator "ofilangi"^^xsd:string  .
>  prov:wasDerivedFrom
> "connait"^^xsd:string .
>  dc:hasVersion "2.0"^^xsd:string .
>  prov:describesService
> ""^^xsd:string .
>   }
>   }
>
> Thanks for you future answer !
> Olivier F.
>
>
>

-- 
Filangi Olivier
+33 (0)2 23 48 51 48
Biodiversity and Polyploidy team - UMR1349 IGEPP - INRA - Agrocampus Ouest
+33 (0)2 99 84 74 22
GenOuest Bioinformatics Platform - IRISA


--
___
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users


Re: [Virtuoso-users] rights permissions on subgraph

2016-11-30 Thread Kingsley Idehen
On 11/30/16 7:26 AM, Olivier Filangi wrote:
> sorry, but I write a mistake on my first mail.
>
> the problem come from the load request  :
>
> LOAD  INTO GRAPH 
> 
>
> I do the load request just next this sparql request :
>
> PREFIX : 
> PREFIX dc: 
> PREFIX xsd: 
> PREFIX owl: 
> PREFIX rdfs: 
> PREFIX rdfg: 
> PREFIX prov: 
> PREFIX rdf: 
> PREFIX askomicsns: 
>
> INSERT DATA {
>  GRAPH 
>  {
>  rdfg:subGraphOf 
>  .
>  }
>  }
>
> Olivier
>
>
> Le 30/11/2016 à 11:58, Olivier Filangi a écrit :
>> Dear all,
>>
>> I'm currently testing permissions graph using isql in virtuoso for a GUI
>> project (https://github.com/askomics/askomics/) at front of a TPS.
>>
>> I would like know, if it's possible to give rights permissions
>> (load/upload) dynamically on a subgraph (which is inside a graph with
>> write permission).
>>
>> I set up vituoso with following command :
>>
>> ## by defaut without authentifcation, all is hidden
>> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0);
>>
>> ## 'user' and 'admin' is two kind of user with select permission by default
>> DB.DBA.USER_CREATE ('user', 'user');
>> GRANT SPARQL_UPDATE TO "user";
>> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('user', 1);
>>
>> DB.DBA.USER_CREATE ('admin', 'admin');
>> GRANT SPARQL_UPDATE TO "admin";
>> DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('admin', 1);
>>
>>
>> #I create two main graphs (a public and a private) for manage visibility
>> and insertion of data
>> DB.DBA.RDF_GRAPH_GROUP_CREATE
>> ('http://symbiose/igepp.inra.fr/public/user', 1);
>> DB.DBA.RDF_GRAPH_GROUP_CREATE
>> ('http://symbiose/igepp.inra.fr/private/user', 1);
>>
>> #the public graph is reachable from anyone and can be manage by the admin
>> DB.DBA.RDF_GRAPH_USER_PERMS_SET
>> ('http://symbiose/igepp.inra.fr/public/user','nobody', 1);
>> DB.DBA.RDF_GRAPH_USER_PERMS_SET
>> ('http://symbiose/igepp.inra.fr/public/user','admin', 7);
>>
>> #the private graph is only available by the user (with write rights)
>> DB.DBA.RDF_GRAPH_USER_PERMS_SET
>> ('http://symbiose/igepp.inra.fr/private/user','nobody', 0);
>> DB.DBA.RDF_GRAPH_USER_PERMS_SET
>> ('http://symbiose/igepp.inra.fr/private/user','user', 7);
>>
>>
>> I would like to insert with the askomics GUI new graphs inside the
>> private or public graph according the authentification (admin or user)
>> but actually it does not work.
>> "Error SR619: SPARUL LOAD access denied: database user 111 (admin) has
>> no write permission on graph urn:sparql:connait_1480502257.403878"
>> appear when admin want to insert the graph
>> "urn:sparql:connait_1480502257.403878" in
>> "'http://symbiose/igepp.inra.fr/public/user";.
>> here the request:
>>
>> PREFIX : 
>> PREFIX xsd: 
>> PREFIX askomicsns: 
>> PREFIX dc: 
>> PREFIX rdf: 
>> PREFIX prov: 
>> PREFIX rdfs: 
>> PREFIX rdfg: 
>> PREFIX owl: 
>>
>> INSERT DATA {
>>   GRAPH 
>>   {
>>  prov:generatedAtTime
>> ""^^xsd:dateTime .
>>  dc:creator "ofilangi"^^xsd:string  .
>>  prov:wasDerivedFrom
>> "connait"^^xsd:string .
>>  dc:hasVersion "2.0"^^xsd:string .
>>  prov:describesService
>> ""^^xsd:string .
>>   }
>>   }
>>
>> Thanks for you future answer !
>> Olivier F.
>>
>>
>>
> -- Filangi Olivier +33 (0)2 23 48 51 48 Biodiversity and Polyploidy
> team - UMR1349 IGEPP - INRA - Agrocampus Ouest +33 (0)2 99 84 74 22
> GenOuest Bioinformatics Platform - IRISA

To achieve the kind of declarative ACLs you seek, scoped to entities
(identified by WebIDs), you will need our Attribute-based ACLs (ABAC)
functionality which is part of the commercial edition of Virtuoso.


[1]
https://medium.com/openlink-software-blog/simple-youid-browser-extension-usage-exercise-57fa3ff6c6b7#.ivw4sf1xg

[2]
https://medium.com/openlink-software-blog/verifiable-identity-controlled-by-you-at-web-scale-3d66399cb114

[3]
https://medium.com/virtuoso-blog/web-logic-sentences-and-the-magic-of-being-you-e2a719d01f73


Regards,

Kingsley Idehen   
Founder & CEO 
OpenLink Software   (Home Page: http://www.openlinksw.com)

Weblogs (Blogs):
Legacy Blog: http://www.openlinksw.com/blog/~kidehen/
Blogspot Blog: http://kidehen.bl