[conradL@qimr13054 ~]$ stardog-admin metadata get grafli+-----------------------------------+----------------------------------------------------------------------------------+| Option | Value |+-----------------------------------+----------------------------------------------------------------------------------+| database.archetypes | || database.connection.timeout | 1h || database.creator | admin || database.name | grafli || database.namespaces | owl=http://www.w3.org/2002/07/owl#, || | rdf=http://www.w3.org/1999/02/22-rdf-syntax-ns#, || | rdfs=http://www.w3.org/2000/01/rdf-schema#, stardog=tag:stardog:api:, || | skos2=http://www.w3.org/2008/05/skos#, foaf=http://xmlns.com/foaf/0.1/ || database.online | true || database.time.creation | 2015-06-11T15:25:17.782+10:00 || database.time.modification | 2015-06-11T15:25:17.782+10:00 || icv.active.graphs | * || icv.consistency.automatic | false || icv.enabled | false || icv.reasoning.enabled | false || index.differential.enable.limit | 1000000 || index.differential.merge.limit | 10000 || index.differential.size | 0 || index.last.commit.id | 0 || index.literals.canonical | false || index.named.graphs | true || index.persist | true || index.persist.sync | true || index.size | 2140 || index.statistics.update.automatic | true || index.type | Disk || preserve.bnode.ids | true || progress.monitor.enabled | true || query.all.graphs | false || query.timeout | 5m || reasoning.approximate | false || reasoning.consistency.automatic | false || reasoning.punning.enabled | false || reasoning.sameas | OFF || reasoning.schema.graphs | http://purl.org/net/grafli#tbox || reasoning.schema.timeout | 1m || reasoning.type | SL || search.enabled | true || search.reindex.mode | sync || strict.parsing | true || transactions.durable | false || transactions.last | b42dc7d0-573e-4db4-89b6-4c2ca3d04ab5 || versioning.directory | versioning || versioning.enabled | true |+-----------------------------------+----------------------------------------------------------------------------------+[conradL@qimr13054 ~]$ stardog-admin user permission grafli-ro+---------------+---------------------------------+-------------+-------------+| Resource Type | Resource Name | Permissions | Source |+---------------+---------------------------------+-------------+-------------+| db | grafli | --R---- | [grafli-ro] || metadata | grafli | --R---- | [grafli-ro] || named-graph | tag:stardog:api:context:default | --R---- | [grafli-ro] || user | grafli-ro | --R---- | [grafli-ro] |+---------------+---------------------------------+-------------+-------------+[conradL@qimr13054 ~]$ stardog data add --named-graph http://purl.org/net/grafli#test -- grafli workspace/grafli/bootstrap/bootstrap_users.ttlAdding data from file: workspace/grafli/bootstrap/bootstrap_users.ttlAdded 77 triples in 00:00:01.447[conradL@qimr13054 ~]$ stardog query grafli "select distinct ?g where { graph ?g { ?s ?p ?o } }"+-------+| g |+-------+| :tbox || :test |+-------+
Query returned 2 results in 00:00:00.028[conradL@qimr13054 ~]$ stardog query --username grafli-ro -- grafli "select (count(?s) as ?n) from <http://purl.org/net/grafli#test> where {?s ?p ?o}"+-------+| n |+-------+| 77 |+-------+
Query returned 1 results in 00:00:00.030
Hi;We're really pleased to see from release notes that named graph security is in version 3.1! I wonder if you could point us in the direction of some documentation about this feature.
A specific question, how do named-graph permissions play with database-level permissions?
--
-- --
You received this message because you are subscribed to the C&P "Stardog" group.
To post to this group, send email to sta...@clarkparsia.com
To unsubscribe from this group, send email to
stardog+u...@clarkparsia.com
For more options, visit this group at
http://groups.google.com/a/clarkparsia.com/group/stardog?hl=en
On Thu, Jun 11, 2015 at 1:33 AM, Conrad Leonard <conrad....@hotmail.com> wrote:Hi;We're really pleased to see from release notes that named graph security is in version 3.1! I wonder if you could point us in the direction of some documentation about this feature.Our documentation can be found at [1].
[conradL@qimr13054 ~]$ stardog-admin versionStardog 3.1For information on Stardog, please visit http://stardog.com.For help using Stardog, visit the documentation http://docs.stardog.com.
[conradL@qimr13054 ~]$ cat $STARDOG_HOME/stardog.propertiessecurity.named.graphs=true
[conradL@qimr13054 ~]$ stardog-admin server stop && stardog-admin server start
<snip... server starts ok>
[conradL@qimr13054 ~]$ stardog-admin db create -n namedGraphTestSuccessfully created database 'namedGraphTest'.
[conradL@qimr13054 ~]$ stardog query namedGraphTest "INSERT DATA {
GRAPH <http://example.org/g1> { } }"Update query processed successfully in 00:00:00.082.[conradL@qimr13054 ~]$ stardog query namedGraphTest "SELECT ?foo WHERE { ?foo a <http://example.org/bar> }"+------------------------+| foo |+------------------------++------------------------+
Query returned 1 results in 00:00:00.042[conradL@qimr13054 ~]$ stardog query namedGraphTest "SELECT ?foo FROM <http://example.org/g1> WHERE { ?foo a <http://example.org/bar> }"+------------------------+| foo |+------------------------++------------------------+
Query returned 1 results in 00:00:00.030
[conradL@qimr13054 ~]$ stardog-admin user add -N 1234 defaultReaderSuccessfully created user defaultReader.[conradL@qimr13054 ~]$ echo "localhost:5820:namedGraphTest:defaultReader:1234" >> .sdpass[conradL@qimr13054 ~]$ stardog-admin user grant -a read -o db:namedGraphTest defaultReaderSuccessfully granted the permission.[conradL@qimr13054 ~]$ stardog-admin user grant -a read -o 'named-graph:namedGraphTest\tag:stardog:api:context:default' defaultReaderSuccessfully granted the permission.
[conradL@qimr13054 ~]$ stardog-admin user permission defaultReader
+---------------+------------------------------------------------+-------------+-----------------+
| Resource Type | Resource Name | Permissions | Source |
+---------------+------------------------------------------------+-------------+-----------------+| db | namedGraphTest | --R---- | [defaultReader] || named-graph | namedGraphTest\tag:stardog:api:context:default | --R---- | [defaultReader] || user | defaultReader | --R---- | [defaultReader] |+---------------+------------------------------------------------+-------------+-----------------+
[conradL@qimr13054 ~]$ stardog query --username defaultReader namedGraphTest "SELECT ?foo WHERE { ?foo a <http://example.org/bar> }"+------------------------+| foo |+------------------------++------------------------+
Query returned 1 results in 00:00:00.028[conradL@qimr13054 ~]$ stardog query --username defaultReader namedGraphTest "SELECT ?foo FROM <http://example.org/g1> WHERE { ?foo a <http://example.org/bar> }"+------------------------+| foo |+------------------------++------------------------+
[conradL@qimr13054 ~]$ stardog-admin metadata set -o security.named.graphs=true namedGraphTestJun 12, 2015 3:09:45 PM com.complexible.stardog.metadata.MetadataIO readWARNING: Option not recognized security.named.graphsInvalid option value: security.named.graphs=true.
Unrelatedly, how does one set db-level named graph security as suggested as an alternative to global setting? Trying with stardog-admin metadata command I get:
[conradL@qimr13054 ~]$ stardog-admin metadata set -o security.named.graphs=true namedGraphTestJun 12, 2015 3:09:45 PM com.complexible.stardog.metadata.MetadataIO readWARNING: Option not recognized security.named.graphsInvalid option value: security.named.graphs=true.