[Dachs-support] Restricting adql

Markus Demleitner msdemlei at ari.uni-heidelberg.de
Thu Feb 3 10:49:57 CET 2022


Hi Maria,

On Thu, Feb 03, 2022 at 08:55:14AM +0100, Mariangeles Mendoza wrote:
> I am trying to restrict access by adql.
> For it I have saved an empty adql.rd in
> /var/gavo/inputs/__system
> following the instructions of:
> http://docs.g-vo.org/DaCHS/howDoI.html#protect-my-tap-service-against-usage
> 
> However, it doesn't work either. what am I doing wrong?

Argl.  Having a __system directory in inputs really was a bad move
when I made it.  I'll look into moving this somewhere else, because
this is not the first time this confuses people.

The directory you need to put overridden system RDs into is
/var/gavo/inputs/__system__ (note the trailing underscores).  Sorry
about this.

Incidentally, just putting an empty file in there gives an ugly error
message; it's perhaps smarter to 

mkdir -p /var/gavo/inputs/__system__
cd /var/gavo/inputs/__system__
dachs adm dumpDF //adql > adql.rd

and then edit adql.rd such that

	<service id="query" core="qcore">

becomes

	<service id="query" core="qcore" limitTo="tapusers">

(or whomever you want to limit access to) -- that way, people with
the necessary credentials can still do ADQL queries from the web.

Sorry about the confusion; I'll add a note to the docs.

          -- Markus


More information about the Dachs-support mailing list