On 24/11/2019 11:51, Claude Warren wrote:
If you want to restrict access to datasets alone you can probably do that
in Fuseki. If you want to grant access to specific models within a dataset
you will probably need to use the Permissions layer.
The permissions layer will allow you to restrict access to graphs or even
down to the triple level.
Fuseki has per-graph-access control:
https://jena.apache.org/documentation/fuseki2/data-access-control#graph-acl
If it is TBD1 or TDB2, it's done by filtering the data as it's read out
of the indexes.
Otherwise it's a rewritten dataset with only the accessible graphs.
DefaultUnionGraph works.
The only policy modes are "read" or "write", combined with the ACL
description in Fuskei configuration file.
After that, for parts of a graph (triple level, e.g. by predicate), or
for policies other than "read" or "write" based on ACLs, you do need the
permissions layer.
Andy
Restricting access to models in a dataset using Shiro would be a fairly
straight forward extension of the ShiroExampleEvaluator to map users to the
models they can see.
Claude
On Fri, Nov 22, 2019 at 4:41 PM Jean-Claude Moissinac <
[email protected]> wrote:
Dear Marco,
I think my previous reading of this documentation was right.
My understanding is that the proposed solution is to develop specific Java
code (like the ShiroExampleEvaluator) to implement the permissions.
I would like just to configure and use fuseki, not start a Java development
I doesn't see clearly , by doing such code,
* if i get something more efficient than what I do with shiro, following
the documentation here
https://jena.apache.org/documentation/fuseki2/fuseki-security.html
* if I will be able to manage correctly the user interface while having
some free datasets and some protected dataset
now, a window to enter a login/pwd is always displayed when I call the user
interface, so I'm not able to give a free access to free datasets
through the user interface
In the section [urls] of shiro.ini, I have the following line to access the
user interface
/ = anon
--
Jean-Claude Moissinac
Le jeu. 21 nov. 2019 à 16:05, Marco Neumann <[email protected]> a
écrit :
please take a look at
https://jena.apache.org/documentation/permissions/index.html
On Thu 21. Nov 2019 at 14:00, Jean-Claude Moissinac <
[email protected]> wrote:
Hello
I would like to give free access to some datasets in my fuseki server
and
control access to other datasets.
With shiro, I'm able to control the sparql access points like
https://myserver/dm/sparql
but I'm not able to give a controlled access to the datasets user
interface
https://myserver/dataset.html?tab=query&ds=/controlleddataset
or
https://myserver/dataset.html?tab=query&ds=/freedataset
or
https://myserver/
Is there some good practices about the access control in fuseki
instances?
Thank's in advance for any advice
--
Jean-Claude Moissinac
--
---
Marco Neumann
KONA
