DB2 Version 10.1 for Linux, UNIX, and Windows

Access control for RDF stores

Two types of access control are available for DB2® RDF stores.

Coarse grained access control

You can use DB2 database's table level permissions to control access to the entire RDF store.

RDF graph level access control

RDF graph level access control provides more fine grained access control at the level of RDF graphs. You can selectively control the RDF graphs to which users will have access in the RDF store, rather than the whole RDF data set.

With RDF graph level access control, RDF triples within a graph are used to determine whether a user has access to the RDF graph or not. At the time of RDF store creation, the user needs to specify which RDF predicates will be used to control access to the RDF Graph.

Enforcing access control during runtime (using SPARQL queries) can be delegated to the DB2 engine. Alternatively, it can be used in the SQL generated by the DB2 RDF Store SQL generator.

If you chose that the access control is enforced by the DB2 engine, you need to use the fine Grained access control feature of the DB2 software, to specify the access control rules.

If you chose that the access control is enforced by the RDF Store SQL Generator, the application needs to additionally pass in the constraints to be applied in the QueryExecution context. In this case only a limited set of operators and operand are supported:
  • Creating an RDF Store with Graph level Access Control support
  • Enforcing Graph level Access Control via the RDF Store SQL Generator
  • Enforcing Graph level Access Control via the DB2 engine
Parent topic: RDF application development for IBM data servers
Related tasks:
Enforcing graph level access control using DB2 database server