SlideShare una empresa de Scribd logo

Views and security

Descargar como PPT, PDF
farhan amjad
farhan amjad
Educación
1 de 24
Security and Integrity Database Systems Lecture 11
In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity

Recomendados

SQL, Embedded SQL, Dynamic SQL and SQLJ
SQL, Embedded SQL, Dynamic SQL and SQLJSQL, Embedded SQL, Dynamic SQL and SQLJ
SQL, Embedded SQL, Dynamic SQL and SQLJ
Dharita Chokshi
 
View of data DBMS
View of data DBMSView of data DBMS
View of data DBMS
Rahul Narang
 
Les18[1]Interacting with the Oracle Server
Les18[1]Interacting with the Oracle ServerLes18[1]Interacting with the Oracle Server
Les18[1]Interacting with the Oracle Server
siavosh kaviani
 
Less01 architecture
Less01 architectureLess01 architecture
Less01 architecture
Amit Bhalla
 
Slide 3 data abstraction & 3 schema
Slide 3 data abstraction & 3 schemaSlide 3 data abstraction & 3 schema
Slide 3 data abstraction & 3 schema
Visakh V
 
Packages - PL/SQL
Packages - PL/SQLPackages - PL/SQL
Packages - PL/SQL
Esmita Gupta
 
Database Objects
Database ObjectsDatabase Objects
Database Objects
Salman Memon
 
Les08 (manipulating data)
Les08 (manipulating data)Les08 (manipulating data)
Les08 (manipulating data)
Achmad Solichin
 

Recomendados

SQL, Embedded SQL, Dynamic SQL and SQLJ
SQL, Embedded SQL, Dynamic SQL and SQLJSQL, Embedded SQL, Dynamic SQL and SQLJ
SQL, Embedded SQL, Dynamic SQL and SQLJ
Dharita Chokshi
 
View of data DBMS
View of data DBMSView of data DBMS
View of data DBMS
Rahul Narang
 
Les18[1]Interacting with the Oracle Server
Les18[1]Interacting with the Oracle ServerLes18[1]Interacting with the Oracle Server
Les18[1]Interacting with the Oracle Server
siavosh kaviani
 
Less01 architecture
Less01 architectureLess01 architecture
Less01 architecture
Amit Bhalla
 
Slide 3 data abstraction & 3 schema
Slide 3 data abstraction & 3 schemaSlide 3 data abstraction & 3 schema
Slide 3 data abstraction & 3 schema
Visakh V
 
Packages - PL/SQL
Packages - PL/SQLPackages - PL/SQL
Packages - PL/SQL
Esmita Gupta
 
Database Objects
Database ObjectsDatabase Objects
Database Objects
Salman Memon
 
Les08 (manipulating data)
Les08 (manipulating data)Les08 (manipulating data)
Les08 (manipulating data)
Achmad Solichin
 
Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)
Ravinder Kamboj
 
Sqlplus
SqlplusSqlplus
Sqlplus
dillip kar
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
Pooja Dixit
 
Writing Basic SQL SELECT Statements
Writing Basic SQL SELECT StatementsWriting Basic SQL SELECT Statements
Writing Basic SQL SELECT Statements
Salman Memon
 
Cursors
CursorsCursors
Cursors
Priyanka Yadav
 
SQL
SQLSQL
SQL
Reimuel Bisnar
 
Data Manipulation Language
Data Manipulation LanguageData Manipulation Language
Data Manipulation Language
Jas Singh Bhasin
 
DBMS Assignments Questions
DBMS Assignments QuestionsDBMS Assignments Questions
DBMS Assignments Questions
Sara Sahu
 
Types Of Buses
Types Of BusesTypes Of Buses
Types Of Buses
Akhil Ahuja
 
Oracle SQL Basics
Oracle SQL BasicsOracle SQL Basics
Oracle SQL Basics
Dhananjay Goel
 
Plsql task answers
Plsql task answersPlsql task answers
Plsql task answers
Nawaz Sk
 
Schema
SchemaSchema
Schema
Pragya Srivastava
 
Trigger in DBMS
Trigger in DBMSTrigger in DBMS
Trigger in DBMS
A. S. M. Shafi
 
Plsql
PlsqlPlsql
Plsql
fika sweety
 
Components and Advantages of DBMS
Components and Advantages of DBMSComponents and Advantages of DBMS
Components and Advantages of DBMS
Shubham Joon
 
Database Management Lab -SQL Queries
Database Management Lab -SQL Queries Database Management Lab -SQL Queries
Database Management Lab -SQL Queries
shamim hossain
 
Query processing and Query Optimization
Query processing and Query OptimizationQuery processing and Query Optimization
Query processing and Query Optimization
Niraj Gandha
 
Sql operator
Sql operatorSql operator
Sql operator
Pooja Dixit
 
Plsql task
Plsql taskPlsql task
Plsql task
Nawaz Sk
 
Oracle Database Overview
Oracle Database OverviewOracle Database Overview
Oracle Database Overview
honglee71
 
The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
islam is terrorism realy
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
islam is terrorism realy
 

Más contenido relacionado

La actualidad más candente

Plsql task answers
Plsql task answersPlsql task answers
Plsql task answers
Nawaz Sk
 
Oracle Database Overview
Oracle Database OverviewOracle Database Overview
Oracle Database Overview
honglee71
 

La actualidad más candente (20)

Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)
 
Sqlplus
SqlplusSqlplus
Sqlplus
 
Data base security & integrity
Data base security & integrityData base security & integrity
Data base security & integrity
 
Writing Basic SQL SELECT Statements
Writing Basic SQL SELECT StatementsWriting Basic SQL SELECT Statements
Writing Basic SQL SELECT Statements
 
Cursors
CursorsCursors
Cursors
 
SQL
SQLSQL
SQL
 
Data Manipulation Language
Data Manipulation LanguageData Manipulation Language
Data Manipulation Language
 
DBMS Assignments Questions
DBMS Assignments QuestionsDBMS Assignments Questions
DBMS Assignments Questions
 
Types Of Buses
Types Of BusesTypes Of Buses
Types Of Buses
 
Oracle SQL Basics
Oracle SQL BasicsOracle SQL Basics
Oracle SQL Basics
 
Plsql task answers
Plsql task answersPlsql task answers
Plsql task answers
 
Schema
SchemaSchema
Schema
 
Trigger in DBMS
Trigger in DBMSTrigger in DBMS
Trigger in DBMS
 
Plsql
PlsqlPlsql
Plsql
 
Components and Advantages of DBMS
Components and Advantages of DBMSComponents and Advantages of DBMS
Components and Advantages of DBMS
 
Database Management Lab -SQL Queries
Database Management Lab -SQL Queries Database Management Lab -SQL Queries
Database Management Lab -SQL Queries
 
Query processing and Query Optimization
Query processing and Query OptimizationQuery processing and Query Optimization
Query processing and Query Optimization
 
Sql operator
Sql operatorSql operator
Sql operator
 
Plsql task
Plsql taskPlsql task
Plsql task
 
Oracle Database Overview
Oracle Database OverviewOracle Database Overview
Oracle Database Overview
 

Destacado

Destacado (9)

The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
 
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeThe spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
 
Islamic hadeeth and teachings
Islamic hadeeth and teachingsIslamic hadeeth and teachings
Islamic hadeeth and teachings
 
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeThe priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
 
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeThe spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
 
Nahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all MuslimsNahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all Muslims
 
13 inquiries about-the_quran
13 inquiries about-the_quran13 inquiries about-the_quran
13 inquiries about-the_quran
 
9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint
 

Similar a Views and security

Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Less06 users
Less06 usersLess06 users
Less06 users
Imran Ali
 

Similar a Views and security (20)

DBMS Security.ppt
DBMS Security.pptDBMS Security.ppt
DBMS Security.ppt
 
6232 b 04
6232 b 046232 b 04
6232 b 04
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For Developers
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and Authorization
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Les13
Les13Les13
Les13
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Les01
Les01Les01
Les01
 
Less06 users
Less06 usersLess06 users
Less06 users
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
 
Oracle Database
Oracle DatabaseOracle Database
Oracle Database
 
Les14
Les14Les14
Les14
 
Sql injection
Sql injectionSql injection
Sql injection
 
Les14[1]Controlling User Access
Les14[1]Controlling User AccessLes14[1]Controlling User Access
Les14[1]Controlling User Access
 
03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx
 

Más de farhan amjad

Views and security
Views and securityViews and security
Views and security
farhan amjad
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templates
farhan amjad
 
Operator overloading
Operator overloadingOperator overloading
Operator overloading
farhan amjad
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methods
farhan amjad
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented language
farhan amjad
 

Más de farhan amjad (6)

Views and security
Views and securityViews and security
Views and security
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templates
 
Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)
 
Operator overloading
Operator overloadingOperator overloading
Operator overloading
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methods
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented language
 

Último

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Último (20)

Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 

Views and security

  • 1. Security and Integrity Database Systems Lecture 11
  • 2. In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
  • 3. Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
  • 4. Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
  • 5. Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
  • 6. Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
  • 7. Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
  • 8. Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
  • 9. An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
  • 10. Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
  • 11. Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
  • 12. Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
  • 13. View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
  • 14. View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
  • 15. Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
  • 16. View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
  • 17. View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
  • 18. View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
  • 19. Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
  • 20. View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
  • 21. Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
  • 22. Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
  • 23. Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
  • 24. 1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity