CS143 Notes: Views & Authorization



Similar documents
SQL NULL s, Constraints, Triggers

SQL Tables, Keys, Views, Indexes

The Relational Model. Why Study the Relational Model? Relational Database: Definitions. Chapter 3

Lecture 6. SQL, Logical DB Design

The Relational Model. Why Study the Relational Model? Relational Database: Definitions

A basic create statement for a simple student table would look like the following.

The Relational Model. Why Study the Relational Model?

In This Lecture. Security and Integrity. Database Security. DBMS Security Support. Privileges in SQL. Permissions and Privilege.

The Relational Model. Ramakrishnan&Gehrke, Chapter 3 CS4320 1

Review: Participation Constraints

Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification

Elena Baralis, Silvia Chiusano Politecnico di Torino. Pag. 1. Active database systems. Triggers. Triggers. Active database systems.

EECS 647: Introduction to Database Systems

IT2305 Database Systems I (Compulsory)

COSC344 Database Theory and Applications. Lecture 23 Security and Auditing. COSC344 Lecture 23 1

How To Create A Table In Sql (Ahem)

Introduction to Triggers using SQL

Introduction to SQL for Data Scientists

Database Security. The Need for Database Security

IT2304: Database Systems 1 (DBS 1)

SQL: Queries, Programming, Triggers

Example Instances. SQL: Queries, Programming, Triggers. Conceptual Evaluation Strategy. Basic SQL Query. A Note on Range Variables

Database Security. Chapter 21

SQL: Queries, Programming, Triggers

COMP 5138 Relational Database Management Systems. Week 5 : Basic SQL. Today s Agenda. Overview. Basic SQL Queries. Joins Queries

Managing Objects with Data Dictionary Views. Copyright 2006, Oracle. All rights reserved.

Chapter 5. SQL: Queries, Constraints, Triggers

Optimizing the Performance of the Oracle BI Applications using Oracle Datawarehousing Features and Oracle DAC

Data Modeling. Database Systems: The Complete Book Ch ,

Database Systems. Lecture 1: Introduction

There are five fields or columns, with names and types as shown above.

Physical Database Design Process. Physical Database Design Process. Major Inputs to Physical Database. Components of Physical Database Design

CS2Bh: Current Technologies. Introduction to XML and Relational Databases. Introduction to Databases. Why databases? Why not use XML?

Chapter 2: Security in DB2

Oracle Database 12c: Introduction to SQL Ed 1.1

SQL Programming. CS145 Lecture Notes #10. Motivation. Oracle PL/SQL. Basics. Example schema:

Databasesystemer, forår 2005 IT Universitetet i København. Forelæsning 3: Business rules, constraints & triggers. 3. marts 2005

History of SQL. Relational Database Languages. Tuple relational calculus ALPHA (Codd, 1970s) QUEL (based on ALPHA) Datalog (rule-based, like PROLOG)

Demystified CONTENTS Acknowledgments xvii Introduction xix CHAPTER 1 Database Fundamentals CHAPTER 2 Exploring Relational Database Components

Instant SQL Programming

5. CHANGING STRUCTURE AND DATA

ICAB4136B Use structured query language to create database structures and manipulate data

Guide to SQL Programming: SQL:1999 and Oracle Rdb V7.1

Database Management Systems. Chapter 1

Why do statisticians need to know about databases?

SQL Simple Queries. Chapter 3.1 V3.0. Napier University Dr Gordon Russell

INFO/CS 330: Applied Database Systems

SQL Data Definition. Database Systems Lecture 5 Natasha Alechina

The Entity-Relationship Model

SQL - QUICK GUIDE. Allows users to access data in relational database management systems.

Introduction This document s purpose is to define Microsoft SQL server database design standards.

Chapter 6: Physical Database Design and Performance. Database Development Process. Physical Design Process. Physical Database Design

CS2Bh: Current Technologies. Introduction to XML and Relational Databases. The Relational Model. The relational model

The Structured Query Language. De facto standard used to interact with relational DB management systems Two major branches

Review Entity-Relationship Diagrams and the Relational Model. Data Models. Review. Why Study the Relational Model? Steps in Database Design

Refresh Web Query Synonym

CSC 443 Data Base Management Systems. Basic SQL

5.1 Database Schema Schema Generation in SQL

The SQL Query Language. Creating Relations in SQL. Referential Integrity in SQL. Basic SQL Query. Primary and Candidate Keys in SQL

DATABASDESIGN FÖR INGENJÖRER - 1DL124

D61830GC30. MySQL for Developers. Summary. Introduction. Prerequisites. At Course completion After completing this course, students will be able to:

types, but key declarations and constraints Similar CREATE X commands for other schema ëdrop X name" deletes the created element of beer VARCHARè20è,

Part A: Data Definition Language (DDL) Schema and Catalog CREAT TABLE. Referential Triggered Actions. CSC 742 Database Management Systems

Introduction to SQL and database objects

SQL DATA DEFINITION: KEY CONSTRAINTS. CS121: Introduction to Relational Database Systems Fall 2015 Lecture 7

Physical Design. Meeting the needs of the users is the gold standard against which we measure our success in creating a database.

The Relational Data Model and Relational Database Constraints

Fine Grained Auditing In Oracle 10G

Outline. Data Modeling. Conceptual Design. ER Model Basics: Entities. ER Model Basics: Relationships. Ternary Relationships. Yanlei Diao UMass Amherst

Databases and BigData

Access Control Features in Oracle. CS 590U April 7, 2005 Ji-Won Byun

Product: DQ Order Manager Release Notes

Oracle Data Dictionary

3. Relational Model and Relational Algebra

A Brief Introduction to MySQL

2. Oracle SQL*PLUS Winter Some SQL Commands. To connect to a CS server, do:

Database Design Patterns. Winter Lecture 24

Relational model. Relational model - practice. Relational Database Definitions 9/27/11. Relational model. Relational Database: Terminology

New Security Options in DB2 for z/os Release 9 and 10

Maximizing Materialized Views

Basic Concepts of Database Systems

Rose Data Modeler (logical)

Database Security. Principle of Least Privilege. DBMS Security. IT420: Database Management and Organization. Database Security.

SQL Server for developers. murach's TRAINING & REFERENCE. Bryan Syverson. Mike Murach & Associates, Inc. Joel Murach

Guide to Performance and Tuning: Query Performance and Sampled Selectivity

In This Lecture. SQL Data Definition SQL SQL. Notes. Non-Procedural Programming. Database Systems Lecture 5 Natasha Alechina

Oracle Database: Introduction to SQL

Oracle Database: Introduction to SQL

MySQL for Beginners Ed 3

Oracle Database 10g Express

Introduction to Microsoft Jet SQL

Database Programming with PL/SQL: Learning Objectives

Oracle Database: Introduction to SQL

More on SQL. Juliana Freire. Some slides adapted from J. Ullman, L. Delcambre, R. Ramakrishnan, G. Lindstrom and Silberschatz, Korth and Sudarshan

Intermediate SQL C H A P T E R4. Practice Exercises. 4.1 Write the following queries in SQL:

COURSE NAME: Database Management. TOPIC: Database Design LECTURE 3. The Database System Life Cycle (DBLC) The database life cycle contains six phases;

SQL: QUERIES, CONSTRAINTS, TRIGGERS

Database Design. Marta Jakubowska-Sobczak IT/ADC based on slides prepared by Paula Figueiredo, IT/DB

Database Security. Soon M. Chung Department of Computer Science and Engineering Wright State University

DATABASE MANAGEMENT SYSTEMS. Question Bank:

Transcription:

CS143 Notes: Views & Authorization Book Chapters (4th) Chapter 4.7, 6.5-6 (5th) Chapter 4.2, 8.6 (6th) Chapter 4.4, 5.3 Views What is a view? A virtual table created on top of other real tables Almost the same as a real table except that the tuples are computed on the fly using real tables. a view does not really exist. Syntax and example: CREATE VIEW ViewName(A 1, A 2,... ) AS Query Attribute lists are optional Example: SidNameAddr view with (sid, name, address) from Student Views can be used in a query like: SELECT * FROM SidNameAddr S, Enroll E WHERE S.sid = E.sid The system automatically rewrites the query using the SidNameAddr view definition Views can be created on top of other views CREATE VIEW NameAddr AS SELECT name, addr FROM SidNameAddr 1

Q: MultiClass: View of students (sid, name) who take more than one class? Q: Why use views? Three-level vision of database: Modifying Views Virtual database: Views V := ViewQuery(R 1, R 2,..., R n ) built on top of... Conceptual database: Tables (Relations) built on top of... Physical database: Pages on disk Updates on views are allowed (under certain conditions) Q: How can we update a view when it does not exist? Q: UPDATE SidNameAddr SET Name = James WHERE sid = 301? Modification to a view is translated into a modification to the underlying table Q: INSERT INTO SidNameAddr VALUES (305, Peter, 1234 Westwood )? Missing columns are filled with the DEFAULT value (or NULL) Q: INSERT INTO SameAddr VALUES ( Tony, Joshua )? CREATE VIEW SameAddr AS SELECT S1.name, S2.name FROM Student S1, Student S2 WHERE S1.addr = S2.addr AND S1.sid > S2.sid Q: UPDATE AvgGPA SET a = 3.0? CREATE VIEW AvgGPA(a) AS SELECT avg(gpa) FROM Student; 2

For some views, update may not make any sense Precise conditions for updatable views are very complicated may involve keys, equality conditions, etc. SQL2 uses very conservative conditions. View must be defined as: SELECT on a single table T, without DISTINCT Subqueries in WHERE must not refer to T Attributes of T not projected in view allowed to be be NULL or default No aggregation Q: INSERT INTO Student17 VALUES (403, Peter, 123 Olympic, 3.0, 20)? CREATE VIEW Student17 AS SELECT * FROM Student WHERE age = 17 Q: Is the new tuple in Student17? WITH CHECK OPTION syntax: CREATE VIEW... AS... WITH CHECK OPTION check INSERT/UPDATE to ensure the new tuple is still in the view reject the statement if not Q: What will happen if we drop HonorStudent view? YoungHonorStudent HonorStudent Student DROP... [ CASCADE RESTRICT ] Materialized Views CASCADE : drop anything that references the view RESTRICT (default): drop statement fails if the view is referenced by other views or integrity constraints Some DBMS allows to precompute or materialize a view Example: MultiClass view again. Students who take multiple classes 3

CREATE VIEW MultiClass AS SELECT sid, name FROM Student, Enroll WHERE Student.sid = Enroll.sid GROUP BY Student.sid HAVING COUNT(*) > 1 Q: Why do we want to we materialize this view? Q: Why don t we always materialize views? Q: When should we refresh MultiClass? refresh of materialized view can be costly incremental refresh of materialized view is sometimes difficult Q: What views to materialize? Both? Just one? Pros and cons of each? CREATE VIEW MultiClass AS SELECT sid, name FROM Student, Enroll WHERE Student.sid = Enroll.sid GROUP BY Student.sid HAVING COUNT(*) > 1 CREATE VIEW StudDeptCount AS SELECT sid, name, dept, COUNT(*) FROM Enroll GROUP BY sid, dept Deciding views to materialize is a difficult optimization problem Many commercial DBMS supports materialized views used for data warehouse for OLAP (online analytical processing) queries limited support for incremental refresh materialized view selection is a difficult optimization problem 4

Authorization Make sure users only see what they are allowed to see Do not let an unauthorized user to modify database Privileges For a relation R and user U, U may be authorized for: SELECT ON R INSERT(A 1, A 2,..., A n ) ON R the rest of the columns should take NULL or DEFAULT UPDATE(A 1, A 2,..., A n ) ON R DELETE ON R Q: When will it be useful to limit insert privileges to certain columns? GRANT privileges ON R TO users [ WITH GRANT OPTION ] Give the privilege(s) to the user(s) privileges : SELECT, INSERT,... separated by commas (or ALL PRIVILEGES) R : table, view,... users : list of users/groups, or PUBLIC more about WITH GRANT OPTION later EXAMPLE: Grant SELECT privilege on Student to u 2 REVOKE privileges ON R FROM users [ CASCADE RESTRICT ] Revoke the privilege(s) from the user(s). More about CASCADE/DEFAULT later. Default: RESTRICT EXAMPLE: revoke SELECT privilege on Student from u 2 EXAMPLES 5

UPDATE Student SET GPA = 4.0 WHERE sid IN (SELECT sid FROM Enroll WHERE dept = CS ) Q: What privileges are needed for this statement? DELETE FROM Student WHERE sid NOT IN (SELECT sid FROM Enroll) Q: What privileges are needed for this statement? GRANT OPTION and cascading revoke Q: Who can grant privileges? database administrator (DBA in oracle, SUPER in MySQL) owner (= creator) of the table/view/... Q: What if we want to delegate privilege management to someone else? GRANT privileges ON R TO u 2 WITH GRANT OPTION Delegate the privilege management task to u 2. User u 2 can now grant the given privilege(s) to others. In addition, u 2 can further delegate privilege magagement to other users. Authorization graph. Nodes: users Edges: When u i grants privilege to u j, an edge is added from u i to u j. When u 1 creates a table/view..., edge is created from DBA to u 1 Example: What does the following authorization graph mean? DBA u 1 u 2 u 3 CASCADE/RESTRICT option in REVOKE statement 6

Q: Given the following authorization graph, what should happen when u 1 revokes privilege from u 2? DBA u 1 u 2 u 3 u 4 CASCADE: revoke the privileges passed on from u 2 as well. RESTRICT (default): reject the REVOKE command Interpretation of REVOKE Q: Assume the following authorization graph. If u 1 revokes the privilege from u 2, what will happen to the privilege that u 2 has? DBA u 1 u 2 u 3 In SQL92, REVOKE command removes the appropriate edge(s) in the authorization graph. The revoked privilege may still remain if there is another valid path for the privilege Q: If DBA revokes the privilege from u 2, what edge should we remove? DBA u 1 u 2 u 3 NOTES: Under SQL92, u 1 can revoke privilege from u 2 only if u 1 granted the privilege to u 2. Even DBA cannot revoke a privilege from a user unless DBA granted the privilege to the user. This restriction is to avoid privilege revocation ambiguity. Unfortunately this restriction is too strict in practice, so most commercial systems do not enforce this. In case of ambiguity, they just do whatever is reasonable according to their policy. 7

Privileges and views Q: How can we allow user u 1 to see only (sid, name) of Student? Q: How to allow user u 1 modify a student record only if their age < 18? Consider the following sequence of commands. Each command is prefixed by the user who is trying to execute the command. u1: CREATE TABLE R(A INT); u2: CREATE VIEW V AS SELECT * FROM R; Q: Should we allow u 2 to create such a view? Q: Assume u 1 executed u1: GRANT SELECT ON R TO u2 ; before u2: CREATE VIEW..., so V has been successfully created by u 2. Then can u 2 execute the following command? u2: GRANT SELECT ON V TO u3 ; Q: Now if u 1 revokes SELECT privilege on R from u 2, what should happen to V? NOTE: In order to create a view, the user needs SELECT privilege(s) on all base table(s). To grant a privilege on a view, the user has to have GRANT OPTION privilege on the base table(s) of the view When the privilege(s) for the base table(s) of a view are revoked, the view may be automatically dropped as well. 8

Other Privileges Q: Who should be allowed to create tables/views/... in a database? Unfortunately, no standard for (table) creation/drop privilege in SQL MySQL: CREATE, DROP, ALTER Oracle: CREATE TABLE, CREATE VIEW, DROP ANY TABLE,... DB2: CREATETAB (table creation), CREATEALIAS (view creation), DROP, ALTER,... Other privileges in (later) SQL standards SQL92: REFERENCES (reference in constraints), USAGE (domain) SQL99: TRIGGER, EXECUTE (function call), and UNDER (define subtype) 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information