Hi, In brief: Can Fuseki Data ACL be applied to text indexing? And is it possible to selectively expose text index access per service for a shared dataset?
In detail: We're using a single TDB dataset in unionDefaultGraph mode) with multiple services, wrapped with both ACL (AccessControlledDataset) as well as text indexing (TextDataset) and are hoping to provide the following Fuseki services: 1. "full access" - a) Read/write everything b) including text index 2. "selected graphs only" - a) Read only from selected graphs b) no index access 3. "read all" - a) Read everything b) no index access In the assembler configuration, datasets for the above services are respectively defined as (where all use the same underlying dataset): 1. TextDataset(DatasetTDB) 2. AccessControlledDataset(DatasetTDB) 3. DatasetTDB 1a & 1b work as expected, as do 2a & 3a. 2b & 3b however still allow access to text indexing, despite not being explicitly configured as such in their respective services. >From looking at code, I can see that index availability is based on the TextQuery.textIndex symbol in the execution context (TextQueryPF.java). This means that, as long as at least one service enabled text indexing on a dataset, any other services referencing the same underlying store will also use it. (Judging by comments in the code, the "instanceof DatasetGraphText" check is deprecated, even if the logic for now remains in chooseTextIndex()). So our questions are: I) Is it currently possible to disallow access to the text index for some services but not others (using the same underlying dataset)? II) If not, what might be best approach to implement such a restriction? (Would traversal of DatasetGraphWrapper to explicitly find a DatasetGraphText instance make sense?) III) Or: Is there a different/better approach to solve the index visibility need described above? In addition, regarding spatial lookups: IV) Would GeoSPARQL querying (and it's online caching) respect AccessControlledDataset restrictions (when querying is performed over multiple services with different levels of ACL)? Regards, Vilnis -- Vilnis Termanis Senior Software Developer e | [email protected] www.iotics.com
