Archive 1.x:Ontology-related Permissions

Access and permissions for editing, managing and use of ontologies within OSF are provided at two levels within the system: structOntology and various OSF Web Service endpoints. structOntology is a Drupal OSF-Drupal module that is a user interface used to create, manage and access ontologies loaded in a OSF Web Service node. OSF Web Service has a subset of Web service endpoints that are used to create, update, delete and read ontologies hosted on its instance.

Like other aspects of OSF Web Service, a series of authentication steps are done when someone makes a request to any of these Web services. This document explains how the permissions works at two different levels:


 * 1) At the level of structOntology
 * 2) At the level of the OSF Web Service ontologies related endpoints

structOntology Access Permissions
Normally, all Drupal instances linked to a OSF Web Service instance have full CRUD permissions over all datasets hosted on a OSF Web Service instance.

Under a typical setup, Drupal is used as a user management access layer. This means that Drupal manages the accesses to OSF Web Service by authenticating queries based on its own authentication layer. If a request is dropped (not authorized) by Drupal, then no queries will be sent to OSF Web Service.

The structOntology OSF-Drupal Drupal module enables admin users to perform any kind of manipulation on any ontology hosted on the OSF Web Service instance. (See further the Individual OSF-Drupal Ontology (structOntology) Tool manual.) This means that an admin user can create, delete, update and read all ontologies. Non-admin users will be able to view them, but they won't be able to do any modification to them.

Ontologies Permissions in OSF Web Service
To create a new ontology in OSF Web Service, the user has to have access, and then Create permissions, to the ontologies dataset:

If the requester doesn't have Create permissions on this dataset URI, then an authentication error will be returned.

''Note: normally, if the ontologies are created via structOntology, then it means that Drupal's server permissions will be used to authenticate the ontology creation query. In a normal setup, the Drupal's server IP is what is granted full CRUD permission on all datasets.''

Once the new ontology is created, a new dataset will be created in OSF Web Service. The URI of the dataset is the URL of the ontology file that has been provided to access the ontology's OWL file. If you want to give access to this ontology to other people or systems, you will have to create the permissions records by using the   Web service endpoint.

There are two ways to get authenticated to perform any action on an ontology:


 * 1) The requester has the proper permission on the  dataset
 * Or, the requester has the proper permission on the  dataset.