Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

multi-user access control #3

Open
jmvanel opened this issue Dec 29, 2014 · 3 comments
Open

multi-user access control #3

jmvanel opened this issue Dec 29, 2014 · 3 comments
Labels
infrastructure questionnaire

Comments

@jmvanel
Copy link
Owner

jmvanel commented Dec 29, 2014
edited
Loading

One use case is switching to a classical CMS workflow, where article proposals are only visible by content managers.

User U1 must not be able to access data of user U2. We don't need for now a complete Access Control mechanism, like in Virtuoso. A simple API must give access to a Banana-RDF graph store ( dataset ) that contains only data of user U1, and contains also background knowledge and ontologies. This way, it is not possible that a badly writen SPARQL query accesses data of other users. This API could leverage on this utility to create such an in-memory graph store:

trait DatasetUtils[Rdf <: RDF]
    extends DatasetFactory
    with RDFOpsModule {

  /** merge given datasets */
  def merge(datasets: Seq[Dataset]) : GraphStore[Rdf, Try, Dataset]= {

This API could be:

    def makeUserDataset( userURI:string ) : GraphStore[Rdf, Try, Dataset]
@jmvanel
Copy link
Owner Author

jmvanel commented Jan 2, 2015
edited
Loading

There is a nice security implementation for Jena, that work as a interceptor wrapper that calls an application provided check for graph and then for each triple :
https://jena.apache.org/documentation/security/

This URL has disappeared, but there is:
https://jena.apache.org/documentation/permissions/
and this in Fuseki: https://jena.apache.org/documentation/fuseki2/fuseki-security.html

The performance is of course diminished, but not too much if putting restrictions at graph level only.
This wrapper architecture could be put into Banana-RDF .

@jmvanel
Copy link
Owner Author

jmvanel commented Feb 23, 2015

What has been done for project https://github.com/jmvanel/corporate_risk should be made modular and reusable.

@jmvanel jmvanel mentioned this issue Aug 22, 2015
Closed
@jmvanel
Copy link
Owner Author

jmvanel commented Dec 17, 2016

This use case surfaced recently;

  • Have a named graph, or a separate database, per user for private data (in addition to the named graph for his/her public data that is already in use)
  • Have an admin account, which can see everything
  • Keep the possibility for the user X to annotate the data of Y, but without being able to remove from data créeated by Y
  • Visualize in the views (and services / form, / form-data, ...) the origin of these triplets annotated by others

@jmvanel jmvanel changed the title Simple secure multi-user management multi-user access control Jan 28, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
infrastructure questionnaire
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jmvanel