Search Mailing List Archives
[protege-discussion] [POSSIBLE VIRUS:###] Re: user access for projects in protege server
Samson Tu
swt at stanford.edu
Tue Dec 2 09:29:55 PST 2008
You need to use a recent Protege 3.x beta. The Read and
DisplayInProjectList policies were not enforced until fairly recently,
and certainly not in Protege 3.3.1.
Samson
Joachim Kleb wrote:
> Hi Tania,
>
> thanks for your prompt reply.
> I am using Protege 3.3.1. The client is running on Windows and the
> Server on a debian linux shell.
>
> The settings for the metaproject are:
> #Project instances:
> #- Pizza:
> #-- allowed group: World - Read/Write/DisplayInProjectList
> #- Wines:
> #-- allowed group: TinaTimothy - Read/DisplayInProjectList
>
> #-User:
> #-- "dummy" in group "dummy_group"
> #-- "Tania Tudorache" in group "TaniaTimothy"
> #-- "Timothy Redmond" in group "TaniaTimothy"
>
> #-Groups:
> #-- "dummy_group", "TaniaTimothy", "World"
>
> #-Operations:
> #-- Read, Write, DisplayInProject
>
> #- GroupOperations:
> #-- dummy_group: Read/Write/DisplayInProjectList
> #-- TaniaTimothy: Read/DisplayInProjectList
> #-- World: Read/Write/DisplayInProjectList
>
> Originally the operation "DisplayInProjectList" was not included. It is
> also not mentioned on the website describing the metaproject. I added it
> because of your mail but without changing effect.
> I included my metaproject as attachment. I used an adapted version of
> the originally example.
>
> The problem is still the same. I'm able to login with user "dummy" and
> open the project "Wines" (dummy is no member of the users allowed to use
> wine). With this user I'm able to read the ontology and delete ontology
> elements.
>
> Thanks in advance,
> Joachim
>
>
>
>
> Tania Tudorache schrieb:
>> Hi Joachim,
>>
>> You have probably seen the wiki for configuring the protege server
>> using the meta-project:
>>
>> http://protegewiki.stanford.edu/index.php/Protege_Client-Server_Tutorial#The_Metaproject
>>
>>
>> First question is: what version of Protege are you using?
>>
>> It is not a good idea to delete the operations "Read", "Write",
>> "DisplayInProjectList" and the group "World". They are kind of system
>> instances, that the policy manager has support for.
>>
>> To have a project displayed in the available project list that is
>> shown after the user has logged into the server, you need to add to a
>> project a group operation that allows the group of user to "Read" and
>> also "DisplayInProjectList". If you have removed any of these
>> operations, then the policy manager will show all the projects.
>>
>> Another thing is that the write policy is not enforced. We might
>> provide this in the future releases.
>>
>> If you still have problems with the configuration, you can send me the
>> metaproject, and I will take a look at it.
>>
>> Cheers,
>> Tania
>>
>> ----- Original Message -----
>> From: "Joachim Kleb" <joachim.kleb at googlemail.com>
>> To: protege-discussion at lists.stanford.edu
>> Sent: Monday, December 1, 2008 5:28:45 PM GMT +01:00 Amsterdam /
>> Berlin / Bern / Rome / Stockholm / Vienna
>> Subject: [protege-discussion] user access for projects in protege server
>>
>>
>> Hi all,
>> my question is about the use of the access right management via the
>> meta-ontology.
>> The meta-project allows for the creation of different groups and the
>> group-dependent access rights.
>> Using the default meta-project, I deleted the group world, created two
>> new groups with different members and added one of the groups to the
>> wine ontology.
>> I found out that an user can access this project although he is not a
>> member of the group who are allowed to access that project. Even worse
>> it is that I can delete classes/instances... with this user.
>> I'm glad for any hints, links and direct answers.
>> Thx in advance, Joachim _______________________________________________
>> protege-discussion mailing list
>> protege-discussion at lists.stanford.edu
>> https://mailman.stanford.edu/mailman/listinfo/protege-discussion
>>
>> Instructions for unsubscribing:
>> http://protege.stanford.edu/doc/faq.html#01a.03
>> _______________________________________________
>> protege-discussion mailing list
>> protege-discussion at lists.stanford.edu
>> https://mailman.stanford.edu/mailman/listinfo/protege-discussion
>>
>> Instructions for unsubscribing:
>> http://protege.stanford.edu/doc/faq.html#01a.03
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> protege-discussion mailing list
> protege-discussion at lists.stanford.edu
> https://mailman.stanford.edu/mailman/listinfo/protege-discussion
>
> Instructions for unsubscribing: http://protege.stanford.edu/doc/faq.html#01a.03
More information about the protege-discussion
mailing list