In This Lecture. Security and Integrity. Database Security. DBMS Security Support. Privileges in SQL. Permissions and Privilege.



Similar documents
In This Lecture. SQL Data Definition SQL SQL. Notes. Non-Procedural Programming. Database Systems Lecture 5 Natasha Alechina

Entity/Relationship Modelling. Database Systems Lecture 4 Natasha Alechina

SQL Data Definition. Database Systems Lecture 5 Natasha Alechina

SQL Programming. CS145 Lecture Notes #10. Motivation. Oracle PL/SQL. Basics. Example schema:

In This Lecture. Physical Design. RAID Arrays. RAID Level 0. RAID Level 1. Physical DB Issues, Indexes, Query Optimisation. Physical DB Issues

A basic create statement for a simple student table would look like the following.

BM482E Introduction to Computer Security

In this Lecture SQL SELECT. Example Tables. SQL SELECT Overview. WHERE Clauses. DISTINCT and ALL SQL SELECT. For more information

IT2305 Database Systems I (Compulsory)

Oracle Database 10g Express

Introduction to Databases

IT2304: Database Systems 1 (DBS 1)

Database Security. The Need for Database Security

CS143 Notes: Views & Authorization

CS2Bh: Current Technologies. Introduction to XML and Relational Databases. Introduction to Databases. Why databases? Why not use XML?

Database Security. Chapter 21

Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification

SQL DATA DEFINITION: KEY CONSTRAINTS. CS121: Introduction to Relational Database Systems Fall 2015 Lecture 7

Programming Database lectures for mathema

Normalisation to 3NF. Database Systems Lecture 11 Natasha Alechina

There are five fields or columns, with names and types as shown above.

A Brief Introduction to MySQL

SQL and Java. Database Systems Lecture 19 Natasha Alechina

Schema Evolution in SQL-99 and Commercial (Object-)Relational DBMS

Exposed Database( SQL Server) Error messages Delicious food for Hackers

SQL Tables, Keys, Views, Indexes

Transactions and Recovery. Database Systems Lecture 15 Natasha Alechina

Basic Concepts of Database Systems

Lecture 6. SQL, Logical DB Design

Mul$media im Netz (Online Mul$media) Wintersemester 2014/15. Übung 03 (Nebenfach)

Security and Authorization. Introduction to DB Security. Access Controls. Chapter 21

14 Triggers / Embedded SQL

ADO and SQL Server Security

DBMS Questions. 3.) For which two constraints are indexes created when the constraint is added?

INFO/CS 330: Applied Database Systems

Database Security. Sarajane Marques Peres, Ph.D. University of São Paulo

Physical Design. Meeting the needs of the users is the gold standard against which we measure our success in creating a database.

UQC103S1 UFCE Systems Development. uqc103s/ufce PHP-mySQL 1

Computer Security: Principles and Practice

The Relational Model. Why Study the Relational Model?

Database 10g Edition: All possible 10g features, either bundled or available at additional cost.

The Relational Model. Ramakrishnan&Gehrke, Chapter 3 CS4320 1

Ch.5 Database Security. Ch.5 Database Security Review

DATABASE SECURITY, INTEGRITY AND RECOVERY

COMP 5138 Relational Database Management Systems. Week 5 : Basic SQL. Today s Agenda. Overview. Basic SQL Queries. Joins Queries

SQL Simple Queries. Chapter 3.1 V3.0. Napier University Dr Gordon Russell

Software Requirements Specification. Web Library Management System

Databases and SQL. The Bioinformatics Lab SS Wiki topic 10. Tikira Temu. 04. June 2013

SQL NULL s, Constraints, Triggers

DB2 - DATABASE SECURITY

IT360: Applied Database Systems. Database Security. Kroenke: Ch 9, pg PHP and MySQL: Ch 9, pg

Modern Databases. Database Systems Lecture 18 Natasha Alechina

Instant SQL Programming

Webapps Vulnerability Report

Database Management System

EECS 647: Introduction to Database Systems

Oracle Database 12c: Introduction to SQL Ed 1.1

8- Management of large data volumes

The process of database development. Logical model: relational DBMS. Relation

Chapter 6: Physical Database Design and Performance. Database Development Process. Physical Design Process. Physical Database Design

Chapter 5. SQL: Queries, Constraints, Triggers

Chapter 9 Java and SQL. Wang Yang wyang@njnet.edu.cn

What is a database? COSC 304 Introduction to Database Systems. Database Introduction. Example Problem. Databases in the Real-World

MEDIAplus administration interface

Databases and BigData

Access Control Features in Oracle. CS 590U April 7, 2005 Ji-Won Byun

The Relational Model. Why Study the Relational Model? Relational Database: Definitions

Fine Grained Auditing In Oracle 10G

Broker Portal Tutorial Broker Portal Basics

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components

Virtual Private Database Features in Oracle 10g.

Chapter 14. Outline. Database Support for Decision Making. Data and Database Administration

Chapter 9 Joining Data from Multiple Tables. Oracle 10g: SQL

Application note: Connecting the to a Database

Introduction to Databases

CSC 443 Data Base Management Systems. Basic SQL


Part A: Data Definition Language (DDL) Schema and Catalog CREAT TABLE. Referential Triggered Actions. CSC 742 Database Management Systems

Developing SQL and PL/SQL with JDeveloper

Managing User Accounts

Oracle Database Security

BCA. Database Management System

Topics. Introduction to Database Management System. What Is a DBMS? DBMS Types

Services. Relational. Databases & JDBC. Today. Relational. Databases SQL JDBC. Next Time. Services. Relational. Databases & JDBC. Today.

Database Management Systems. Chapter 1

How To Create A Table In Sql (Ahem)

History of SQL. Relational Database Languages. Tuple relational calculus ALPHA (Codd, 1970s) QUEL (based on ALPHA) Datalog (rule-based, like PROLOG)

Database Systems Introduction Dr P Sreenivasa Kumar

CS 564: DATABASE MANAGEMENT SYSTEMS

JEFFERSON COLLEGE COURSE SYLLABUS CIS-236 SQL AND DATABASE DESIGN. 3 Credit Hours. Prepared by: Chris DeGeare CIS Instructor. Revised: 3/11/2013

Normal Form vs. Non-First Normal Form

Tutorial: How to Use SQL Server Management Studio from Home

SECURITY CHAPTER 24 (6/E) CHAPTER 23 (5/E)

Introduction to Computing. Lectured by: Dr. Pham Tran Vu

Extracting META information from Interbase/Firebird SQL (INFORMATION_SCHEMA)

14 Databases. Source: Foundations of Computer Science Cengage Learning. Objectives After studying this chapter, the student should be able to:

GUJARAT TECHNOLOGICAL UNIVERSITY, AHMEDABAD, GUJARAT. COURSE CURRICULUM COURSE TITLE: DATABASE MANAGEMENT (Code: ) Information Technology

Transcription:

In This Lecture Database Systems Lecture 14 Natasha Alechina Database Security Aspects of security Access to databases Privileges and views Database Integrity View updating, Integrity constraints For more information Connolly and Begg chapters 6 and 19 Database Security DBMS Security Support Database security is about controlling access to information Some information should be available freely Other information should only be available to certain people or groups Many aspects to consider for security Legal issues Physical security OS/Network security Security policies and protocols Encryption and passwords DBMS security DBMS can provide some security Each user has an account, username and password These are used to identify a user and control their access to information DBMS verifies password and checks a user s permissions when they try to Retrieve data Modify data Modify the database structure Permissions and Privilege Privileges in SQL SQL uses privileges to control access to and other database objects SELECT privilege INSERT privilege UPDATE privilege DELETE privilege The owner (creator of a database has all privileges on all objects in the database, and can grant these to others The owner (creator of an object has all privileges on that object and can pass them on to others GRANT <privileges> ON <object> TO <users> [WITH GRANT OPTION] <privileges> is a list of SELECT <columns>, INSERT <columns>, DELETE, and UPDATE <columns>, or simply ALL <users> is a list of user names or PUBLIC <object> is the name of a table or view (later WITH GRANT OPTION means that the users can pass their privileges on to others 1

Privileges Examples GRANT ALL ON Employee TO Manager WITH GRANT OPTION The user Manager can do anything to the Employee table, and can allow other users to do the same (by using GRANT statements GRANT SELECT, UPDATE(Salary ON Employee TO Finance The user Finance can view the entire Employee table, and can change Salary values, but cannot change other values or pass on their privilege If you want to remove a privilege you have granted you use REVOKE <privileges> ON <object> FROM <users> If a user has the same privilege from other users then they keep it All privileges dependent on the revoked one are also revoked Admin grants ALL privileges to Manager, and SELECT to Finance with grant option Manager grants ALL to Finance grants SELECT to Admin Finance Manager Manager revokes ALL from still has SELECT privileges from Finance Admin revokes SELECT from Finance loses SELECT also Admin Finance Manager Views Creating Views Privileges work at the level of You can restrict access by column You cannot restrict access by row Views, along with privileges, allow for customised access Views provide derived A view is the result of a SELECT statement which is treated like a table You can SELECT from (and sometimes UPDATE etc views just like CREATE VIEW <name> AS <select stmt> <name> is the name of the new view <select stmt> is a query that returns the rows and columns of the view We want each user to be able to view the names and phone numbers (only of those employees in their own department 2

View Example We want each user to be able to view the names and phone numbers (only of those employees in their own department In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts 15,000 E159 Mary x6387 Marketing 15,000 E160 Jane x6387 Marketing 15,000 View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER GRANT SELECT ON OwnDept TO PUBLIC Using Views and Privileges View Updating Views and privileges are used together to control access A view is made which contains the information needed Privileges are granted to that view, rather than the underlying User 1 User 2 User 3 External View 1 Conceptual View External View 2 DBA Views are like virtual Their value depends on the base that they are defined from You can select from views just like a table What about update, insert, and delete? Updating views Updates to the base change the views and vice-versa It is often not clear how to change the base to make the desired change to the view View Updating Using Views and Privileges For a view to be updatable, the defining query of the view should satisfy certain conditions: Every element in SELECT is a column name Should not use DISTINCT View should be defined on a single table (no join, union, etc. used in FROM WHERE should not have nested SELECTs Should not use GROUP BY or HAVING To restrict someone's access to a table Create a view of that table that shows only the information they need to see Grant them privileges on the view Revoke any privileges they have on the original table Employee ID Name Salary Department We want to let the user 'John' read the department and name, and be able to update the department (only 3

Using Views and Privileges Database Integrity Create a view CREATE VIEW forjohn AS SELECT Name, Department FROM Employee Set the privileges GRANT SELECT, UPDATE (Department ON forjohn TO John REVOKE ALL ON Employee FROM John Security vs Integrity Database security makes sure that the user is authorised to access information Database integrity makes sure that (authorised users use that information correctly Integrity constraints Domain constraints apply to data types Attribute constraints apply to columns Relation constraints apply to rows in a single table Database constraints apply between Domains and Attributes Assertions Domains constraints are data types SQL: CREATE DOMAIN (not in Oracle CREATE DOMAIN Colour VARCHAR(15 CONSTRAINT checkcol CHECK (VALUE IN ( RED, Blue Attributes are constrained by their domains CREATE TABLE Rainbow ( Rorder Int, Rcolour Colour Provide a way to give relation and database constraints Give a boolean condition that must always be true No action is permitted that would make the condition false Again, not supported in Oracle CREATE ASSERTION <name> CHECK ( <condition> The condition can refer to one or several Often use EXISTS or NOT EXISTS Relation Constraints Database Constraints To create a relation constraint We simply make an assertion that checks the constraint : in an Employee table, no employee s bonus should be more than 15% of their salary CREATE ASSERTION checksalarybonus CHECK ( NOT EXISTS ( SELECT * FROM EMPLOYEE WHERE (Bonus > 0.15*Salary Database constraints are similar but refer to several : Given student and enrolment, make sure no CS student takes more than 12 modules Student ID Name Department Enrolment ID Code 4

Database Constraints Constraints in Oracle CREATE ASSERTION CSEnrolment CHECK (NOT EXISTS ( SELECT * FROM Student AS S WHERE S.Department = CS AND ((SELECT COUNT(* FROM Enrolment AS E WHERE S.ID = E.ID > 12 Oracle does not support domains or assertions It does, however, support row-level constraints using CHECK constraints These are declared like other constraints CONSTRAINT <name> CHECK (<condition> This is less general than an assertion since the condition refers to a single row of a single table CHECK Example To add a check on the Employee table to make sure no employee s bonus is more than 15% of their salary ALTER TABLE Employee ADD CONSTRAINT checksalarybonus CHECK (Bonus < 0.15*Salary Next Lecture Transactions ACID properties The transaction manager Recovery System and Media Failures Concurrency Concurrency problems For more information Connolly and Begg chapter 20 Ullman and Widom chapter 8.6 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information