Not logged in : Login

About: VirtTipsAndTricksGuideGraphSecurityLevelSQL     Goto   Sponge   NotDistinct   Permalink

An Entity of Type : atom:Entry, within Data Space : ods.openlinksw.com associated with source document(s)

AttributesValues
type
Date Created
Date Modified
label
  • VirtTipsAndTricksGuideGraphSecurityLevelSQL
maker
Title
  • VirtTipsAndTricksGuideGraphSecurityLevelSQL
isDescribedUsing
has creator
content
  • %META:TOPICPARENT{name="VirtTipsAndTricksGuide"}% ---+How to manage Graph Security Level for SQL Clients? ---++What? Graph Security Level for ODBC, JDBC, ADO.NET, OLE-DB SQL Clients. ---++Why? SPARQL-level graph security is sufficient for SPARQL client operating over HTTP. It is not sufficient for SQL clients due to the fact that graph level security is baked into the SPARQL compiler, not by an SQL compiler. The Virtuoso SPARQL compiler analyzes the graph-level permissions of a user (an identity principal named using an identifier e.g., WebID or NetID). For each triple pattern or graph group pattern the compiler adds an implicit <code>FILTER ()</code> that ensures that appropriate privileges are granted on target named graphs to a given user. Ultimately, these FILTERs becomes part of the generated SQL code processed against the RDF_QUAD and related RDF data management system tables. SQL users accessing Virtuoso via ODBC, JDBC, ADO.NET, and OLE-DB connections have the ability to execute arbitrary SQL code via stored procedures, subject to SQL level privileges on target Tables and Views which provides a point of vulnerability to the RDF system tables (RDF_QUAD and others). To close this vulnerability, the SQL compiler restricts SQL connection access, in regards to RDF system tables, to members of the <code><nowiki>SPARQL_SELECT_RAW</nowiki></code> group. <i><b>Note</b>: <code><nowiki>SPARQL_SELECT_RAW</nowiki></code> group is a feature applicable to Virtuoso 7.5 or higher.</i> ---+++Usage Example The following example demonstrates how to grant <code><nowiki>SPARQL_SELECT_RAW</nowiki></code> to a Virtuoso SQL user: <verbatim> SQL> DB.DBA.USER_CREATE ('John', 'John'); Done. -- 0 msec. SQL> GRANT SPARQL_SELECT to "John"; Done. -- 0 msec. SQL> GRANT SPARQL_SELECT_RAW to "John"; Done. -- 0 msec. </verbatim> ---++Related * [[VirtTipsAndTricksGuide][Virtuoso Tips and Tricks Collection]] * [[VirtRDFGraphsSecurity][RDF Graph Security in Virtuoso]]
id
  • 5bf7d050c696bc5f8d3d4d7de0898dd8
link
has container
http://rdfs.org/si...ices#has_services
atom:title
  • VirtTipsAndTricksGuideGraphSecurityLevelSQL
links to
atom:source
atom:author
atom:published
  • 2017-06-13T05:45:21Z
atom:updated
  • 2017-06-13T05:45:21Z
topic
is made of
is container of of
is link of
is http://rdfs.org/si...vices#services_of of
is links to of
is creator of of
is atom:entry of
is atom:contains of
Faceted Search & Find service v1.17_git150 as of Jan 20 2025


Alternative Linked Data Documents: iSPARQL | ODE     Content Formats:   [cxml] [csv]     RDF   [text] [turtle] [ld+json] [rdf+json] [rdf+xml]     ODATA   [atom+xml] [odata+json]     Microdata   [microdata+json] [html]    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 08.03.3332 as of Sep 11 2024, on Linux (x86_64-generic-linux-glibc25), Single-Server Edition (15 GB total memory, 776 MB memory in use)
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2025 OpenLink Software