Example Performing Sponging with Private Graphs Using get:private pragma
The following example demonstrates how private sponging using get:private pragma works for database with private graphs.
- Create few users in alphabetical order:
DB.DBA.USER_CREATE ('Anna', 'Anna'); DB.DBA.USER_CREATE ('Brad', 'Brad'); DB.DBA.USER_CREATE ('Carl', 'Carl');
- Set to Anna, Brad and Carl SPARQL SELECT, UPDATE and SPONGE permissions:
grant SPARQL_SELECT to "Anna"; grant SPARQL_SELECT to "Brad"; grant SPARQL_SELECT to "Carl"; grant SPARQL_UPDATE to "Anna"; grant SPARQL_UPDATE to "Brad"; grant SPARQL_UPDATE to "Carl"; grant SPARQL_SPONGE to "Anna"; grant SPARQL_SPONGE to "Brad"; grant SPARQL_SPONGE to "Carl";
- Set specific privileges: Setup assuming 3 users: Anna, Brad and Carl where each of these individual users has read access to graphs:
-- Close any public access to "private" graphs DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 0, 1); -- Set Read Only for public on graphs not listed as "private". DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Anna', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Brad', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Carl', 0, 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Anna', 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Brad', 1); DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('Carl', 1);
- Assuming the following four sorts of access that are specified by four bits of an integer "permission bit-mask", following plain old UNIX style:
- Bit 1 permits read access.
- Bit 2 permits write access via SPARUL and is basically useless without bit 1 set.
- Bit 4 permits write access via "RDF Network Resource Fetch" methods and is basically useless without bits 1 and 2 set.
- Bit 8 allows retrieval of the list of members of a graph group. An IRI can be used as a graph IRI and as a graph group IRI at the same time, so bit 8 can be freely combined with any of bits 1, 2 or 4.
- In the statements from below should be considered:
- "15 = 8+4+2+1 " -- i.e. combining all the four sorts of access FROM above
- "9 = 8 + 1" -- i.e.
read access + access to retrieve the list of members for a given graph group
-- Create Graph Group for Anna and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Anna:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Anna', 15); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Brad', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Anna:Sponged:Data', 'Carl', 9); -- Create Graph Group for Brad and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Brad:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Anna', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Brad', 15); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Brad:Sponged:Data', 'Carl', 9); -- Create Graph Group for Carl and set privileges: DB.DBA.RDF_GRAPH_GROUP_CREATE ('urn:Carl:Sponged:Data', 1); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Anna', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Brad', 9); DB.DBA.RDF_GRAPH_USER_PERMS_SET ('urn:Carl:Sponged:Data', 'Carl', 15); -- Set Anna's, Brad's and Carl's graphs by inserting them into the <b>virtrdf:PrivateGraphs</b> graph group: DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'http://anna-example.com/'); DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'http://brad-example.com/'); DB.DBA.RDF_GRAPH_GROUP_INS ('http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs', 'http://carl-example.com/');
- Examples with invalid graph group names:
- Example with Non-existing Graph Group:
-- An error for non-existing Graph group <http://nosuch/> will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private <http://nosuch/> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example with "virtrdf:PrivateGraphs?" graph group which is reserved for system usage:
-- An error for attempt to add a graph to special graph group <http://www.openlinksw.com/schemas/virtrdf#PrivateGraphs> will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private virtrdf:PrivateGraphs SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example with "virtrdf:rdf_repl_graph_group" graph group which is reserved for system usage:
-- An error for attempt to add a graph to special graph group <http://www.openlinksw.com/schemas/virtrdf#rdf_repl_graph_group> will be raised. SPARQL DEFINE get:soft "replacing" DEFINE get:private virtrdf:rdf_repl_graph_group SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example with Non-existing Graph Group:
- Examples to check Anna's sponging permissions on different graph groups:
- Example for adding graph to Anna's graph group
<urn:Anna:Sponged:Data>:
-- No error will be raised as Anna has the efficient rights for graph group <urn:Anna:Sponged:Data> reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Anna:Sponged:Data> SELECT * FROM <http://anna-example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Brad's graph group
<urn:Brad:Sponged:Data>:
-- An error will be rased because "Anna" has not enough rights on that group reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Brad:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Carl's graph group
<urn:Carl:Sponged:Data>:
-- An error will be rased because "Anna" has not enough rights on that group reconnect "Anna"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Anna's graph group
- Examples check Brad's sponging permissions on different graph groups:
- Example for adding graph to Anna's graph group
<urn:Anna:Sponged:Data>:
-- An error will be rased because "Brad" has not enough rights on that group reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Anna:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Brad's graph group
<urn:Brad:Sponged:Data>:
-- No error will be raised as Brad has the efficient rights for graph group <urn:Brad:Sponged:Data> reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Brad:Sponged:Data> SELECT * FROM <http://brad-example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Carl's graph group
<urn:Carl:Sponged:Data>:
-- An error will be rased because "Brad" has not enough rights on that group reconnect "Brad"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Anna's graph group
- Examples check Carl's sponging permissions on different graph groups:
- Example for adding graph to Anna's graph group
<urn:Anna:Sponged:Data>:
-- An error will be rased because "Carl" has not enough rights on that group reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Anna:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Brad's graph group
<urn:Brad:Sponged:Data>:
-- An error will be rased because "Carl" has not enough rights on that group reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Brad:Sponged:Data> SELECT * FROM <http://example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Carl's graph group
<urn:Carl:Sponged:Data>:
-- No error will be raised as Carl has the efficient rights for graph group <urn:Brad:Sponged:Data> reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM <http://carl-example.com/> WHERE { ?s ?p ?o };
- Example for adding graph to Anna's graph group
- User Carl performs private sponging:
reconnect "Carl"; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM <http://www.openlinksw.com/data/turtle/products.ttl> WHERE { ?s ?p ?o }; -- Should return for ex. 365 rows. SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT COUNT(*) FROM <http://www.openlinksw.com/data/turtle/products.ttl> WHERE { ?s ?p ?o }; SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT * FROM NAMED <http://www.openlinksw.com/data/turtle/software.ttl> FROM NAMED <http://www.openlinksw.com/data/turtle/licenses.ttl> WHERE { graph ?g { ?s ?p ?o } }; -- Should return for ex. 1317 rows. SPARQL DEFINE get:soft "replacing" DEFINE get:private <urn:Carl:Sponged:Data> SELECT COUNT(*) FROM NAMED <http://www.openlinksw.com/data/turtle/software.ttl> FROM NAMED <http://www.openlinksw.com/data/turtle/licenses.ttl> WHERE { graph ?g { ?s ?p ?o } };
- User Anna reads Carl's data:
reconnect "Anna"; SPARQL SELECT COUNT(*) FROM <http://www.openlinksw.com/data/turtle/products.ttl> WHERE { ?s ?p ?o }; callret-0 INTEGER _______________________________________________________________________________ 365 1 Rows. -- 15 msec.
Sponger Usage Examples
- SPARQL Processor Usage Example
- RDF Proxy Service Example
- Browsing & Exploring RDF View Example Using ODE
- Browsing & Exploring RDF View Example Using iSPARQL
- Basic Sponger Cartridge Example
- HTTP Example for Extracting Metadata using CURL
- RESTFul Interaction Examples
- Flickr Cartridge Example
- MusicBrainz Metadatabase Example
- SPARQL Tutorial -- Magic of SPARUL and Sponger
Related
- Example Performing Sponging on a entirely confidential database using get:private pragma
- Sponger's Linked Data Middleware Hooks into SPARQL
- Virtuoso Sponger
- Technical White Paper
- Supported Virtuoso Sponger Cartridges
- SPARQL Sponger
- Interacting with Sponger Middleware via RESTful Patterns
- Interacting with Sponger Meta Cartridge via RESTful Patterns
- Sponger Cartridge RDF Extractor
- Extending SPARQL IRI Dereferencing with RDF Mappers
- Programmer Guide for Virtuoso Linked Data Middleware ("Sponger")
- Create RDF Custom Cartridge Tutorial
- OpenLink-supplied Virtuoso Sponger Cartridges
- Virtuoso Authentication Server
- Virtuoso SPARQL OAuth Tutorial
- Virtuoso Sponger Access Control List (ACL) Setup
- WebID Protocol & SPARQL Endpoint ACLs Tutorial
- Virtuoso Documentation