[Dachs-support] Restricting adql
Markus Demleitner
msdemlei at ari.uni-heidelberg.de
Thu Feb 3 10:49:57 CET 2022
Hi Maria,
On Thu, Feb 03, 2022 at 08:55:14AM +0100, Mariangeles Mendoza wrote:
> I am trying to restrict access by adql.
> For it I have saved an empty adql.rd in
> /var/gavo/inputs/__system
> following the instructions of:
> http://docs.g-vo.org/DaCHS/howDoI.html#protect-my-tap-service-against-usage
>
> However, it doesn't work either. what am I doing wrong?
Argl. Having a __system directory in inputs really was a bad move
when I made it. I'll look into moving this somewhere else, because
this is not the first time this confuses people.
The directory you need to put overridden system RDs into is
/var/gavo/inputs/__system__ (note the trailing underscores). Sorry
about this.
Incidentally, just putting an empty file in there gives an ugly error
message; it's perhaps smarter to
mkdir -p /var/gavo/inputs/__system__
cd /var/gavo/inputs/__system__
dachs adm dumpDF //adql > adql.rd
and then edit adql.rd such that
<service id="query" core="qcore">
becomes
<service id="query" core="qcore" limitTo="tapusers">
(or whomever you want to limit access to) -- that way, people with
the necessary credentials can still do ADQL queries from the web.
Sorry about the confusion; I'll add a note to the docs.
-- Markus
More information about the Dachs-support
mailing list