The post Virtuoso user RDF Graph Level access to RDF Quad Store details the reason.
- SPARQL endpoint configuration? Are there additional Virtuoso.ini settings needed for SPARQL UPDATE operations?
The default ~/sparql is readonly (SPARQL_SELECT role) for security reasons. To make it read/write then the SPARQL_UPDATE role needs to be granted, provide you aware of the security implications especially if it is publicly accessible.
- Alternative endpoints? Should I use
/sparql-author/sparql-graph-crudinstead of/sparql?
Yes, the ~/sparal-auth should be used for authenticated access to the database, as a user with the appropriate SPARQL_UPDATE role assigned to allow such operations to be performed.
- Docker-specific issues? Any known problems with SPARQL_UPDATE in containerized Virtuoso?
No, it behaves as Virtuoso would in an on-premise standalone or cloud deployment.