6 Replies Latest reply: May 1, 2011 11:52 AM by JorgeB-Oracle RSS

    RDF + Virtual Private Database mechanism - r/w privileges to subject, ...

    858683
      Hi, is there a way how to give RDF subject/property/object read/write permissions with VPD policy? I only can give SELECT/UPDATE/DELETE permission to whole application table, but can I give read/write permissions to RDF subject, property or object?

      Edited by: user1000476 on 29.4.2011 10:22
        • 1. Re: RDF + Virtual Private Database mechanism - r/w privileges to subject, ...
          Matperry-Oracle
          Hi,

          The recommended way to achieve fine-grained security for RDF Data is using triple-level Oracle Label Security (OLS).
          http://download.oracle.com/docs/cd/E11882_01/appdev.112/e11828/fine_grained_acc.htm#CIHGBFIB

          VPD for RDF does not currently support updates.

          Thanks,
          Matt
          • 2. Re: RDF + Virtual Private Database mechanism - r/w privileges to subject, ...
            858683
            Thanks Matt.
            I have to decide between VPD and OLS. OLS is for me better, but it must be installed. I read manual and what about my tables and data - I lose it all? (Question 1)
            I have a problem with installation process. There are two places where I can run Universal Installer:
            a) the place where I downloaded und unpacked database data
            b) path $ORACLE_HOME/oui/bin/runInstaller

            In place a) I can't install OLS into existing database. I got a warning and I have to choose different path where isn't any database yet.
            In place b) I can choose an existing database, select Advanced installation and check Oracle Label Security option. But when I click Install I get an error ( I do not remember error description, but I didn't find it using Google - no results). How should I install OLS into existing DB? (Question 2)
            (Release 11.2.0.2.0, OS: Ubuntu 10.10 x86_64, 2.6.35-28-generic)

            Thanks for your answers.
            • 3. Re: RDF + Virtual Private Database mechanism - r/w privileges to subject, ...
              JorgeB-Oracle
              Hi,

              You can NOT add OLS to an existing ORACLE_HOME

              If you have a Production installation, then you better leave that one alone and do an new Test installation. Once you install the Test installation you can move data from the Production to do your tests in RDF+OLS

              As you may already know when installing when you get to this screen:

              "Select Database Edition"

              Select
              Enterprise Edition -> in this screen click "Select Options" button and check "Oracle Label Security"

              Once you have installed this Oracle Home and a new database, connect as / as sysdba and install the OLS dictionary.

              sqlplus / as sysdba
              @?/rdbms/admin/catols

              Note: OLS installation comprises two parts.
              1. The binaries in the ORACLE_HOME outside the database (installed with the Oracle Installer)
              2. The OLS dictionary (Tables, View, Packages) (installed with the script catols.sql)

              Regards!
              Jorge
              • 4. Re: RDF + Virtual Private Database mechanism - r/w privileges to subject, ...
                858683
                Thank you Jorge, very helpful informations.
                • 5. Re: RDF + Virtual Private Database mechanism - r/w privileges to subject, ...
                  858683
                  One more question: How can I import RDF data from the Production installation to the Test installation?
                  • 6. Re: RDF + Virtual Private Database mechanism - r/w privileges to subject, ...
                    JorgeB-Oracle
                    Hi,

                    It is not supported to use the export/import for RDF data.

                    In order to load the model into the Test Database, it is necessary to have the data in a file in N-Triple format.
                    if you do not have the original data in N-Triple format or RDF/XML, then you need to extract it from the Prod database.
                    Once you have the file in N-Triple format you can use the Bulk Loading method using Sql*Loader.

                    From the Production database where the model is, you can extract the model out to an N-Triple file using the Jena Adaptor.

                    In order to dump an existing model to N-Triple format to load it in another databasae do the following:

                    cd <JENA_DIR>/lib

                    create file dump_model.java:


                    dump_model.java
                    ---------------------------------------------
                    import java.io.*;
                    import com.hp.hpl.jena.query.*;
                    import com.hp.hpl.jena.rdf.model.Model;
                    import com.hp.hpl.jena.util.FileManager;
                    import oracle.spatial.rdf.client.jena.*;

                    public class dump_model
                    {
                    public static void main(String[] args) throws Exception
                    {
                    String szJdbcURL = args[0];
                    String szUser = args[1];
                    String szPasswd = args[2];

                    String szModelName = args[3];

                    Oracle oracle = new Oracle(szJdbcURL, szUser, szPasswd);
                    Model model = ModelOracleSem.createOracleSemModel(oracle, szModelName);

                    OutputStream os = new FileOutputStream("./output.nt");
                    model.write(os, "N-TRIPLE");
                    os.close();

                    model.close();
                    oracle.dispose();
                    }
                    }
                    ---------------------------------------------
                    Change the commands according to the versions of Jena and Arq, this example is from past versions.

                    To compile:
                    javac -classpath ./:./jena-2.6.2.jar:./sdordfclient.jar:./ojdbc5.jar:slf4j-api-1.5.6.jar:log4j-1.2.13.jar:slf4j-log4j12-1.5.6.jar:arq-2.8.1.jar:xercesImpl-2.7.1.jar dump_model.java

                    Change:
                    rdfusr rdfusr family to <user> <password> <model_name>
                    @machine.domain:1521:orcl with your connection info: @machine.domain:port:SID
                    -- To run:
                    java -classpath ./:./jena-2.6.2.jar:./sdordfclient.jar:./ojdbc5.jar:slf4j-api-1.5.6.jar:log4j-1.2.13.jar:slf4j-log4j12-1.5.6.jar:arq-2.8.1.jar:xercesImpl-2.7.1.jar:iri-0.7.jar:icu4j-3.4.4.jar dump_model jdbc:oracle:thin:@machine.domain:1521:orcl rdfusr rdfusr family

                    The N-Triple file output.nt should be created in <JENA_DIR>/lib

                    The NTriple file can be used to load the model into another database.
                    -----------------

                    To donwload the Jena Adaptor go to:
                    http://www.oracle.com/technetwork/database/options/semantic-tech/downloads/index-156999.html

                    click on "Download the Jena Adaptor for Oracle Database 11g Release 2 (ZIP - 772KB)"
                    -----------------
                    This version of Jena Adaptor needs:
                    Jena 2.6.3, ARQ 2.8.5, Java JDK 1.6

                    Regards!
                    Jorge