Not logged in : Login

About: VirtSpongerLinkedDataHooksIntoSPARQLEx45     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : atom:Entry, within Data Space : www.openlinksw.com associated with source document(s)
QRcode icon
http://www.openlinksw.com/describe/?url=http%3A%2F%2Fwww.openlinksw.com%2Fdataspace%2Fdav%2Fwiki%2FVOS%2FVirtSpongerLinkedDataHooksIntoSPARQLEx45

AttributesValues
has container
Date Created
maker
topic
described by
seeAlso
Date Modified
link
id
  • 14b090dfd9ffd88570a35cfdb7fddf87
content
  • %META:TOPICPARENT{name="VirtSpongerLinkedDataHooksIntoSPARQL"}% --+Example Performing Sponging on a entirely confidential database using get:private pragma The following example demonstrates how private sponging using get:private pragma works for entirely confidential database. Note: Please take in mind that the steps from below will change the security of any existing database, thus the example scenario should be performed on a empty db. 1 Create few users in alphabetical order: DB.DBA.USER_CREATE ('Anna', 'Anna'); DB.DBA.USER_CREATE ('Brad', 'Brad'); DB.DBA.USER_CREATE ('Carl', 'Carl'); 1 Set to Anna, Brad and Carl SPARQL SELECT, UPDATE and SPONGE permissions: grant SPARQL_SELECT to "Anna"; grant SPARQL_SELECT to "Brad"; grant SPARQL_SELECT to "Carl"; grant SPARQL_UPDATE to "Anna"; grant SPARQL_UPDATE to "Brad"; grant SPARQL_UPDATE to "Carl"; grant SPARQL_SPONGE to "Anna"; grant SPARQL_SPONGE to "Brad"; grant SPARQL_SPONGE to "Carl"; 1 Set specific privileges to given graphs for specifics users: Catering for the fact that some datasets are supposed to be confidential, thus the whole quad storage is set to confidential. Then specific privileges can be assigned to specific graphs for specific users: DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0); 1 Set specific privileges: assuming for users Anna, Brad and Carl none of these individual has any kind of global access to graphs: DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Anna', 0); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Brad', 0); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Carl', 0); 1 Assuming the following four sorts of access that are specified by four bits of an integer "permission bit-mask", following plain old UNIX style: * Bit 1 permits read access. * Bit 2 permits write access via SPARUL and is basically useless without bit 1 set. * Bit 4 permits write access via "RDF Network Resource Fetch" methods and is basically useless without bits 1 and 2 set. * Bit 8 allows retrieval of the list of members of a graph group. An IRI can be used as a graph IRI and as a graph group IRI at the same time, so bit 8 can be freely combined with any of bits 1, 2 or 4. * In the statements from below should be considered: * "15 = 8+4+2+1 " -- i.e. combining all the four sorts of access FROM above * "9 = 8 + 1" -- i.e. read access + access to retrieve the list of members for a given graph group -- Create Graph Group for Anna and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Anna:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Anna', 15); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Brad', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Carl', 9); -- Create Graph Group for Brad and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Brad:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Anna', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Brad', 15); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Carl', 9); -- Create Graph Group for Carl and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Carl:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Anna', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Brad', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Carl', 15); 1 Examples with invalid graph group names: 1 Example with Non-existing Graph Group: -- An error for non-existing Graph group will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Example with "virtrdf:PrivateGraphs" graph group which is reserved for system usage: -- An error for attempt to add a graph to special graph group will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private virtrdf:PrivateGraphs SELECT * FROM WHERE { ?s ?p ?o }; 1 Example with "virtrdf:rdf_repl_graph_group" graph group which is reserved for system usage: -- An error for attempt to add a graph to special graph group will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private virtrdf:rdf_repl_graph_group SELECT * FROM WHERE { ?s ?p ?o }; 1 Examples to check Anna's sponging permissions on different graph groups: 1 Example for adding graph to Anna's graph group <urn:Anna:Sponged:Data>: -- No error will be raised as Anna has the efficient rights for graph group reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Example for adding graph to Brad's graph group <urn:Brad:Sponged:Data>: -- An error will be raised because "Anna" has not enough rights on that group reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Example for adding graph to Carl's graph group <urn:Carl:Sponged:Data>: -- An error will be raised because "Anna" has not enough rights on that group reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Examples check Brad's sponging permissions on different graph groups: 1 Example for adding graph to Anna's graph group <urn:Anna:Sponged:Data>: -- An error will be raised because "Brad" has not enough rights on that group reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Example for adding graph to Brad's graph group <urn:Brad:Sponged:Data>: -- No error will be raised as Brad has the efficient rights for graph group reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Example for adding graph to Carl's graph group <urn:Carl:Sponged:Data>: -- An error will be raised because "Brad" has not enough rights on that group reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Examples check Carl's sponging permissions on different graph groups: 1 Example for adding graph to Anna's graph group <urn:Anna:Sponged:Data>: -- An error will be raised because "Carl" has not enough rights on that group reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Example for adding graph to Brad's graph group <urn:Brad:Sponged:Data>: -- An error will be rased because "Carl" has not enough rights on that group reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 Example for adding graph to Carl's graph group <urn:Carl:Sponged:Data>: -- No error will be raised as Carl has the efficient rights for graph group reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; 1 User Carl performs private sponging: reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM WHERE { ?s ?p ?o }; -- Should return for ex. 365 rows. SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT COUNT(*) FROM WHERE { ?s ?p ?o }; SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT * FROM NAMED FROM NAMED WHERE { graph ?g { ?s ?p ?o } }; -- Should return for ex. 1317 rows. SPARQL DEFINE get:soft "replacing" DEFINE get:private SELECT COUNT(*) FROM NAMED FROM NAMED WHERE { graph ?g { ?s ?p ?o } }; 1 Viewing Graph Groups shows Carl's graph group <urn:Carl:Sponged:Data> contains total 4 graphs: SQL> SELECT id_to_iri (RGGM_GROUP_IID), id_to_iri(RGGM_MEMBER_IID) FROM DB.DBA.RDF_GRAPH_GROUP_MEMBER ORDER BY 1,2; id_to_iri id_to_iri__1 VARCHAR VARCHAR __________________________________________________________ .... urn:Anna:Sponged:Data http://anna-example.com/ urn:Brad:Sponged:Data http://brad-example.com/ urn:Carl:Sponged:Data http://carl-example.com/ urn:Carl:Sponged:Data http://www.openlinksw.com/data/turtle/licenses.ttl urn:Carl:Sponged:Data http://www.openlinksw.com/data/turtle/products.ttl urn:Carl:Sponged:Data http://www.openlinksw.com/data/turtle/software.ttl ---++Sponger Usage Examples * [[http://docs.openlinksw.com/virtuoso/virtuososponger.html#virtuosospongerusageprocessorex][SPARQL Processor Usage Example]] * [[http://docs.openlinksw.com/virtuoso/virtuososponger.html#virtuosospongerusageproxyex2][RDF Proxy Service Example]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtDeployingLinkedDataGuide_BrowsingNorthwindRdfView#AncMozToc2][Browsing & Exploring RDF View Example Using ODE]] * [[http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtDeployingLinkedDataGuide_BrowsingNorthwindRdfView#AncMozToc3][Browsing & Exploring RDF View Example Using iSPARQL]] * [[http://docs.openlinksw.com/virtuoso/rdfinsertmethods.html#rdfinsertmethodplapissimpleexample][Basic Sponger Cartridge Example]] * [[http://docs.openlinksw.com/virtuoso/virtuososponger.html#virtuosospongerusagebriefex][HTTP Example for Extracting Metadata using CURL]] * [[http://docs.openlinksw.com/virtuoso/virtuososponger.html#virtuosospongercartridgetypesmetarestexamples][RESTFul Interaction Examples]] * [[http://docs.openlinksw.com/virtuoso/sect5_virtuosospongercreatecustcartrrgstflickr.html][Flickr Cartridge Example]] * [[http://docs.openlinksw.com/virtuoso/virtuososponger.html#virtuosospongercreatecustcartrexmp][MusicBrainz Metadatabase Example]] * [[VirtTipsAndTricksGuideAddTriplesNamedGraph][SPARQL Tutorial -- Magic of SPARUL and Sponger]] ---++Related * [[VirtSpongerLinkedDataHooksIntoSPARQLEx46][Example Performing Sponging with Private Graphs Using get:private pragma]] * [[VirtSpongerLinkedDataHooksIntoSPARQL][Sponger's Linked Data Middleware Hooks into SPARQL]] * [[VirtSponger][Virtuoso Sponger]] * [[http://virtuoso.openlinksw.com/Whitepapers/html/VirtSpongerWhitePaper.html][Technical White Paper]] * [[VirtSpongerCartridgeSupportedDataSources][Supported Virtuoso Sponger Cartridges]] * [[SPARQLSponger][SPARQL Sponger]] * [[VirtInteractSpongerMiddlewareRESTPatterns][Interacting with Sponger Middleware via RESTful Patterns]] * [[VirtSpongerCartridgeSupportedDataSourcesMetaRESTExamples][Interacting with Sponger Meta Cartridge via RESTful Patterns]] * [[VirtSpongerCartridgeRDFExtractor][Sponger Cartridge RDF Extractor]] * [[RDFMappers][ Extending SPARQL IRI Dereferencing with RDF Mappers]] * [[VirtSpongerCartridgeProgrammersGuide][Programmer Guide for Virtuoso Linked Data Middleware ("Sponger")]] * [[VirtProgrammerGuideRDFCartridge][Create RDF Custom Cartridge Tutorial]] * [[VirtSpongerCartridgeSupportedDataSources][OpenLink-supplied Virtuoso Sponger Cartridges]] * [[VirtAuthServerUI][Virtuoso Authentication Server]] * [[VirtOAuthSPARQL][Virtuoso SPARQL OAuth Tutorial]] * [[VirtSpongerACL][Virtuoso Sponger Access Control List (ACL) Setup]] * [[VirtSPARQLSecurityWebID][WebID Protocol & SPARQL Endpoint ACLs Tutorial]] * [[http://docs.openlinksw.com/virtuoso/virtuososponger.html][Virtuoso Documentation]]
has creator
is described using
atom:source
atom:updated
  • 2013-07-10T18:55:48Z
atom:title
  • VirtSpongerLinkedDataHooksIntoSPARQLEx45
links to
atom:author
label
  • VirtSpongerLinkedDataHooksIntoSPARQLEx45
topic
atom:published
  • 2013-07-10T13:52:45Z
type
is topic of
Faceted Search & Find service v1.17_git63 as of Apr 23 2021


Alternative Linked Data Documents: iSPARQL | ODE     Content Formats:       RDF       ODATA       Microdata      About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3322 as of Jun 3 2021, on Linux (x86_64-generic-linux-glibc25), Single-Server Edition (30 GB total memory)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2021 OpenLink Software