VirtSpongerLinkedDataHooksIntoSPARQLEx46 Example Performing Sponging with Private Graphs Using get:private pragmaExample Performing Sponging with Private Graphs Using get:private pragma The following example demonstrates how private sponging using get:private pragma works for database with private graphs. Create few users in alphabetical order: DB.DBA.USER_CREATE ('Anna', 'Anna'); DB.DBA.USER_CREATE ('Brad', 'Brad'); DB.DBA.USER_CREATE ('Carl', 'Carl'); Set to Anna, Brad and Carl SPARQL SELECT, UPDATE and SPONGE permissions: grant SPARQL_SELECT to "Anna"; grant SPARQL_SELECT to "Brad"; grant SPARQL_SELECT to "Carl"; grant SPARQL_UPDATE to "Anna"; grant SPARQL_UPDATE to "Brad"; grant SPARQL_UPDATE to "Carl"; grant SPARQL_SPONGE to "Anna"; grant SPARQL_SPONGE to "Brad"; grant SPARQL_SPONGE to "Carl"; Set specific privileges: Setup assuming 3 users: Anna, Brad and Carl where each of these individual users has read access to graphs: -- Close any public access to "private" graphs DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0, 1); -- Set Read Only for public on graphs not listed as "private". DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Anna', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Brad', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Carl', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Anna', 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Brad', 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Carl', 1); Assuming the following four sorts of access that are specified by four bits of an integer "permission bit-mask", following plain old UNIX style: Bit 1 permits read access. Bit 2 permits write access via SPARUL and is basically useless without bit 1 set. Bit 4 permits write access via "RDF Network Resource Fetch" methods and is basically useless without bits 1 and 2 set. Bit 8 allows retrieval of the list of members of a graph group. An IRI can be used as a graph IRI and as a graph group IRI at the same time, so bit 8 can be freely combined with any of bits 1, 2 or 4. In the statements from below should be considered: "15 = 8+4+2+1 " -- i.e. combining all the four sorts of access FROM above "9 = 8 + 1" -- i.e. read access + access to retrieve the list of members for a given graph group -- Create Graph Group for Anna and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Anna:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Anna', 15); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Brad', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Carl', 9); -- Create Graph Group for Brad and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Brad:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Anna', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Brad', 15); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Carl', 9); -- Create Graph Group for Carl and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Carl:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Anna', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Brad', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Carl', 15); -- Set Anna's, Brad's and Carl's graphs by inserting them into the <b>virtrdf:PrivateGraphs</b> graph group: DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'http://anna-example.com/'); DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'http://brad-example.com/'); DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'http://carl-example.com/'); Examples with invalid graph group names: Example with Non-existing Graph Group: -- An error for non-existing Graph group <http://nosuch/> will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private <http://nosuch/> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Example with "virtrdf:PrivateGraphs" graph group which is reserved for system usage: -- An error for attempt to add a graph to special graph group <http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs> will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private virtrdf:PrivateGraphs SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Example with "virtrdf:rdf_repl_graph_group" graph group which is reserved for system usage: -- An error for attempt to add a graph to special graph group <http://www.openlinksw.com/schemas/virtrdf#rdf_repl_graph_group> will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private virtrdf:rdf_repl_graph_group SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Examples to check Anna's sponging permissions on different graph groups: Example for adding graph to Anna's graph group <urn:Anna:Sponged:Data>: -- No error will be raised as Anna has the efficient rights for graph group <urn:Anna:Sponged:Data> reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Anna:Sponged:Data> SELECT * FROM <http://anna-example.com/> WHERE { ?s ?p ?o }; Example for adding graph to Brad's graph group <urn:Brad:Sponged:Data>: -- An error will be rased because "Anna" has not enough rights on that group reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Brad:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Example for adding graph to Carl's graph group <urn:Carl:Sponged:Data>: -- An error will be rased because "Anna" has not enough rights on that group reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Examples check Brad's sponging permissions on different graph groups: Example for adding graph to Anna's graph group <urn:Anna:Sponged:Data>: -- An error will be rased because "Brad" has not enough rights on that group reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Anna:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Example for adding graph to Brad's graph group <urn:Brad:Sponged:Data>: -- No error will be raised as Brad has the efficient rights for graph group <urn:Brad:Sponged:Data> reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Brad:Sponged:Data> SELECT * FROM <http://brad-example.com/> WHERE { ?s ?p ?o }; Example for adding graph to Carl's graph group <urn:Carl:Sponged:Data>: -- An error will be rased because "Brad" has not enough rights on that group reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Examples check Carl's sponging permissions on different graph groups: Example for adding graph to Anna's graph group <urn:Anna:Sponged:Data>: -- An error will be rased because "Carl" has not enough rights on that group reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Anna:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Example for adding graph to Brad's graph group <urn:Brad:Sponged:Data>: -- An error will be rased because "Carl" has not enough rights on that group reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Brad:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o }; Example for adding graph to Carl's graph group <urn:Carl:Sponged:Data>: -- No error will be raised as Carl has the efficient rights for graph group <urn:Brad:Sponged:Data> reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM <http://carl-example.com/> WHERE { ?s ?p ?o }; User Carl performs private sponging: reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM <http://www.openlinksw.com/data/turtle/products.ttl> WHERE { ?s ?p ?o }; -- Should return for ex. 365 rows. SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT COUNT(*) FROM <http://www.openlinksw.com/data/turtle/products.ttl> WHERE { ?s ?p ?o }; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM NAMED <http://www.openlinksw.com/data/turtle/software.ttl> FROM NAMED <http://www.openlinksw.com/data/turtle/licenses.ttl> WHERE { graph ?g { ?s ?p ?o } }; -- Should return for ex. 1317 rows. SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT COUNT(*) FROM NAMED <http://www.openlinksw.com/data/turtle/software.ttl> FROM NAMED <http://www.openlinksw.com/data/turtle/licenses.ttl> WHERE { graph ?g { ?s ?p ?o } }; User Anna reads Carl's data: reconnect "Anna"; SPARQL SELECT COUNT(*) FROM <http://www.openlinksw.com/data/turtle/products.ttl> WHERE { ?s ?p ?o }; callret-0 INTEGER _______________________________________________________________________________ 365 1 Rows. -- 15 msec. Sponger Usage Examples SPARQL Processor Usage Example RDF Proxy Service Example Browsing & Exploring RDF View Example Using ODE Browsing & Exploring RDF View Example Using iSPARQL Basic Sponger Cartridge Example HTTP Example for Extracting Metadata using CURL RESTFul Interaction Examples Flickr Cartridge Example MusicBrainz Metadatabase Example SPARQL Tutorial -- Magic of SPARUL and Sponger Related Example Performing Sponging on a entirely confidential database using get:private pragma Sponger's Linked Data Middleware Hooks into SPARQL Virtuoso Sponger Technical White Paper Supported Virtuoso Sponger Cartridges SPARQL Sponger Interacting with Sponger Middleware via RESTful Patterns Interacting with Sponger Meta Cartridge via RESTful Patterns Sponger Cartridge RDF Extractor Extending SPARQL IRI Dereferencing with RDF Mappers Programmer Guide for Virtuoso Linked Data Middleware ("Sponger") Create RDF Custom Cartridge Tutorial OpenLink-supplied Virtuoso Sponger Cartridges Virtuoso Authentication Server Virtuoso SPARQL OAuth Tutorial Virtuoso Sponger Access Control List (ACL) Setup WebID Protocol & SPARQL Endpoint ACLs Tutorial Virtuoso Documentation