Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[protege-discussion] [POSSIBLE VIRUS:###] Re: user access for projects in protege server

Joachim Kleb joachim.kleb at googlemail.com
Tue Dec 2 01:16:20 PST 2008


Hi Tania,

thanks for your prompt reply.
I am using Protege 3.3.1. The client is running on Windows and the 
Server on a debian linux shell.

The settings for the metaproject are:
#Project instances:
#- Pizza:
#-- allowed group: World - Read/Write/DisplayInProjectList
#- Wines:
#-- allowed group: TinaTimothy - Read/DisplayInProjectList

#-User:
#-- "dummy" in group "dummy_group"
#-- "Tania Tudorache" in group "TaniaTimothy"
#-- "Timothy Redmond" in group "TaniaTimothy"

#-Groups:
#-- "dummy_group", "TaniaTimothy", "World"

#-Operations:
#-- Read, Write, DisplayInProject

#- GroupOperations:
#-- dummy_group: Read/Write/DisplayInProjectList
#-- TaniaTimothy: Read/DisplayInProjectList
#-- World: Read/Write/DisplayInProjectList

Originally the operation "DisplayInProjectList" was not included. It is 
also not mentioned on the website describing the metaproject. I added it 
because of your mail but without changing effect.
I included my metaproject as attachment. I used an adapted version of 
the originally example.

The problem is still the same. I'm able to login with user "dummy" and 
open the project "Wines" (dummy is no member of the users allowed to use 
wine). With this user I'm able to read the ontology and delete ontology 
elements.

Thanks in advance,
Joachim




Tania Tudorache schrieb:
> Hi Joachim,
>
> You have probably seen the wiki for configuring the protege server using the meta-project:
>
> http://protegewiki.stanford.edu/index.php/Protege_Client-Server_Tutorial#The_Metaproject
>
> First question is: what version of Protege are you using?
>
> It is not a good idea to delete the operations "Read", "Write", "DisplayInProjectList" and the group "World". They are kind of system instances, that the policy manager has support for.
>
> To have a project displayed in the available project list that is shown after the user has logged into the server, you need to add to a project a group operation that allows the group of user to "Read" and also "DisplayInProjectList". If you have removed any of these operations, then the policy manager will show all the projects.
>
> Another thing is that the write policy is not enforced. We might provide this in the future releases.
>
> If you still have problems with the configuration, you can send me the metaproject, and I will take a look at it.
>
> Cheers,
> Tania
>
> ----- Original Message -----
> From: "Joachim Kleb" <joachim.kleb at googlemail.com>
> To: protege-discussion at lists.stanford.edu
> Sent: Monday, December 1, 2008 5:28:45 PM GMT +01:00 Amsterdam / Berlin / Bern / Rome / Stockholm / Vienna
> Subject: [protege-discussion]  user access for projects in protege server
>
>
> Hi all, 
>
> my question is about the use of the access right management via the meta-ontology. 
>
> The meta-project allows for the creation of different groups and the group-dependent access rights. 
>
> Using the default meta-project, I deleted the group world, created two new groups with different members and added one of the groups to the wine ontology. 
>
> I found out that an user can access this project although he is not a member of the group who are allowed to access that project. Even 
> worse it is that I can delete classes/instances... with this user. 
>
> I'm glad for any hints, links and direct answers. 
>
> Thx in advance, 
> Joachim 
> _______________________________________________
> protege-discussion mailing list
> protege-discussion at lists.stanford.edu
> https://mailman.stanford.edu/mailman/listinfo/protege-discussion
>
> Instructions for unsubscribing: http://protege.stanford.edu/doc/faq.html#01a.03 
> _______________________________________________
> protege-discussion mailing list
> protege-discussion at lists.stanford.edu
> https://mailman.stanford.edu/mailman/listinfo/protege-discussion
>
> Instructions for unsubscribing: http://protege.stanford.edu/doc/faq.html#01a.03 
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: metaproject.zip
Type: application/octet-stream
Size: 8091 bytes
Desc: not available
URL: <http://mailman.stanford.edu/pipermail/protege-discussion/attachments/20081202/42bed1e2/attachment.zip>


More information about the protege-discussion mailing list