virtuoso-opensource
virtuoso-opensource copied to clipboard
openlink
database user 108 (SPARQL) has no write permission
I moved from a third party virtuoso docker container to the official image. There are some permission errors that I can't explain (user SPARQL has all the roles). For example:
08:15:47 ERRS_0 RDF02 SR619 SPARUL DROP GRAPH access denied: database user 108 (SPARQL) has no write permission on graph http://stad.gent/ldes/tentoonstellingen
I found a similar issues here and here but no fix.
Using the ~sparql-auth endpoint with the dba user as a workaround for now.
Looking at how third party modifies permissions might provide some insight? https://github.com/redpencilio/docker-virtuoso/blob/294c5d9c2eb1e427be884968ec6c514951b8de9f/virtuoso.sh#L50-L58
Oh, I didn't realize you meant the 7.2.8-specific issue. That's just pending I guess. You can try using a lower version meanwhile?
What is the version and gitid of the Virtuoso open source being used? If it is version 7.2.8, then this is a known issue development are looking into. The issue is that by default the internal 'nobody' user has no permission to modify graphs, which can be worked around until this is fixed by running the command:
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 7);
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 7);
This fixed it for me, thank you very much!
For the record, this bug disables Federated Query even when SPARQL user has the required roles (SPARQL_LOAD_SERVICE_DATA and SPARQL_SELECT_FED) on Version 7.2.9-dev.3235-pthreads.
The above workaround resolves the problem for now.
Looks like this was fixed in 7.2.9? https://github.com/openlink/virtuoso-opensource/blob/5f697ae52941384e9a218172535bcee117f9af7e/NEWS.md?plain=1#L107
Yes, that fix would be in the 7.2.9 and above releases, and so will also be in the most recent 7.2.10 stable release ...
Could it be the issue actually still exists on v7.2.10 ?
Using the official Docker image:
$ docker run --name virtuoso-7.2.10-official --interactive --tty \
--env DBA_PASSWORD=dba --publish 1111:1111 --publish 8890:8890 \
--volume `pwd`:/database openlink/virtuoso-opensource-7:7.2.10
Granted SPARQL_UPDATE and WebDAV to user SPARQL through Conductor.
System Admin > User Accounts > User > SPARQL > Edit
User type: SQL/ODBC and WebDAV
Account Roles: SPARQL_SELECT, SPARQL_UPDATE
Error SR619 on a short INSERT DATA query through http://localhost:8890/sparql:
Virtuoso RDF02 Error SR619: SPARUL INSERT access denied: database user 107 (SPARQL) has no write permission on graph http://mu.semte.ch/application
SPARQL query:
define sql:big-data-const 0
#output-format:text/html
define sql:signal-void-variables 1
INSERT DATA {
GRAPH <http://mu.semte.ch/application> {
<http://mu.semte.ch/application/name-as-uri> <http://schema.org/name> <http://mu.semte.ch/application/myname> .
} }
Only with the workaround the error disappears:
DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 7);
Version:
$ docker run openlink/virtuoso-opensource-7:7.2.10 version
[openlink/virtuoso-opensource-7:7.2.10-r16-gcf64774-ubuntu]
This Docker image is using the following version of Virtuoso:
Virtuoso Open Source Edition (Column Store) (multi threaded)
Version 7.2.10.3237-pthreads as of Jun 7 2023 (f3d88f16b)
Compiled for Linux (x86_64-ubuntu_bionic-linux-gnu)
Copyright (C) 1998-2023 OpenLink Software
The referenced fix for this issue in comment, is not actually a fix for this issue but for another issue. Thus currently the DB.DBA.RDF_DEFAULT_USER_PERMS_SET ('nobody', 7); workaround is still required ...