Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[protege-discussion] [POSSIBLE VIRUS:###] Re: user access for projects in protege server

Samson Tu swt at stanford.edu
Tue Dec 2 09:29:55 PST 2008


You need to use a recent Protege 3.x beta. The Read and 
DisplayInProjectList policies were not enforced until fairly recently, 
and certainly not in Protege 3.3.1.

Samson

Joachim Kleb wrote:
> Hi Tania,
> 
> thanks for your prompt reply.
> I am using Protege 3.3.1. The client is running on Windows and the 
> Server on a debian linux shell.
> 
> The settings for the metaproject are:
> #Project instances:
> #- Pizza:
> #-- allowed group: World - Read/Write/DisplayInProjectList
> #- Wines:
> #-- allowed group: TinaTimothy - Read/DisplayInProjectList
> 
> #-User:
> #-- "dummy" in group "dummy_group"
> #-- "Tania Tudorache" in group "TaniaTimothy"
> #-- "Timothy Redmond" in group "TaniaTimothy"
> 
> #-Groups:
> #-- "dummy_group", "TaniaTimothy", "World"
> 
> #-Operations:
> #-- Read, Write, DisplayInProject
> 
> #- GroupOperations:
> #-- dummy_group: Read/Write/DisplayInProjectList
> #-- TaniaTimothy: Read/DisplayInProjectList
> #-- World: Read/Write/DisplayInProjectList
> 
> Originally the operation "DisplayInProjectList" was not included. It is 
> also not mentioned on the website describing the metaproject. I added it 
> because of your mail but without changing effect.
> I included my metaproject as attachment. I used an adapted version of 
> the originally example.
> 
> The problem is still the same. I'm able to login with user "dummy" and 
> open the project "Wines" (dummy is no member of the users allowed to use 
> wine). With this user I'm able to read the ontology and delete ontology 
> elements.
> 
> Thanks in advance,
> Joachim
> 
> 
> 
> 
> Tania Tudorache schrieb:
>> Hi Joachim,
>>
>> You have probably seen the wiki for configuring the protege server 
>> using the meta-project:
>>
>> http://protegewiki.stanford.edu/index.php/Protege_Client-Server_Tutorial#The_Metaproject 
>>
>>
>> First question is: what version of Protege are you using?
>>
>> It is not a good idea to delete the operations "Read", "Write", 
>> "DisplayInProjectList" and the group "World". They are kind of system 
>> instances, that the policy manager has support for.
>>
>> To have a project displayed in the available project list that is 
>> shown after the user has logged into the server, you need to add to a 
>> project a group operation that allows the group of user to "Read" and 
>> also "DisplayInProjectList". If you have removed any of these 
>> operations, then the policy manager will show all the projects.
>>
>> Another thing is that the write policy is not enforced. We might 
>> provide this in the future releases.
>>
>> If you still have problems with the configuration, you can send me the 
>> metaproject, and I will take a look at it.
>>
>> Cheers,
>> Tania
>>
>> ----- Original Message -----
>> From: "Joachim Kleb" <joachim.kleb at googlemail.com>
>> To: protege-discussion at lists.stanford.edu
>> Sent: Monday, December 1, 2008 5:28:45 PM GMT +01:00 Amsterdam / 
>> Berlin / Bern / Rome / Stockholm / Vienna
>> Subject: [protege-discussion]  user access for projects in protege server
>>
>>
>> Hi all,
>> my question is about the use of the access right management via the 
>> meta-ontology.
>> The meta-project allows for the creation of different groups and the 
>> group-dependent access rights.
>> Using the default meta-project, I deleted the group world, created two 
>> new groups with different members and added one of the groups to the 
>> wine ontology.
>> I found out that an user can access this project although he is not a 
>> member of the group who are allowed to access that project. Even worse 
>> it is that I can delete classes/instances... with this user.
>> I'm glad for any hints, links and direct answers.
>> Thx in advance, Joachim _______________________________________________
>> protege-discussion mailing list
>> protege-discussion at lists.stanford.edu
>> https://mailman.stanford.edu/mailman/listinfo/protege-discussion
>>
>> Instructions for unsubscribing: 
>> http://protege.stanford.edu/doc/faq.html#01a.03 
>> _______________________________________________
>> protege-discussion mailing list
>> protege-discussion at lists.stanford.edu
>> https://mailman.stanford.edu/mailman/listinfo/protege-discussion
>>
>> Instructions for unsubscribing: 
>> http://protege.stanford.edu/doc/faq.html#01a.03   
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> protege-discussion mailing list
> protege-discussion at lists.stanford.edu
> https://mailman.stanford.edu/mailman/listinfo/protege-discussion
> 
> Instructions for unsubscribing: http://protege.stanford.edu/doc/faq.html#01a.03 




More information about the protege-discussion mailing list