Scaling API-first – The story of a global engineering organization
Database Security
1. Database Security
SQL> --1) Revoke privileges granted in Lab Exercise 1
SQL> connect anar
Connected.
SQL> -- revoke access modes from users
SQL> revoke select on student from able;
Revoke succeeded.
SQL> revoke update on student from baker;
Revoke succeeded.
SQL> revoke insert on student from charles;
Revoke succeeded.
SQL> revoke delete on student from drake;
Revoke succeeded.
SQL> revoke update (major) on student from elliot;
revoke update (major) on student from elliot
*
ERROR at line 1:
ORA-01750: UPDATE/REFERENCES may only be REVOKEd from the whole table, not by
column
SQL> revoke update on student from elliot;
Revoke succeeded.
2. SQL> revoke select, update on faculty from test;
Revoke succeeded.
SQL> revoke insert, delete on faculty from seaver;
Revoke succeeded.
SQL> revoke update (address) on faculty from looney;
revoke update (address) on faculty from looney
*
ERROR at line 1:
ORA-01750: UPDATE/REFERENCES may only be REVOKEd from the whole table, not by
column
SQL> revoke update on faculty from looney;
Revoke succeeded.
SQL> revoke update, insert on faculty from mills;
Revoke succeeded.
SQL>
SQL>
SQL> -- revoke create session from users
SQL> revoke create session from able;
Revoke succeeded.
SQL> revoke create session from
baker;
Revoke succeeded.
SQL> revoke create session from
charles;
Revoke succeeded.
SQL> revoke create session from
drake;
Revoke succeeded.
SQL> revoke create session from
elliot;
Revoke succeeded.
SQL> revoke create session from
test;
Revoke succeeded.
SQL> revoke create session from
seaver;
Revoke succeeded.
SQL> revoke create session from
looney;
3. Revoke succeeded.
SQL> revoke create session from
mills;
Revoke succeeded.
SQL> -- 2) Grant Roles Student and Faculty
SQL> -- create roles student and faculty
SQL> create role student;
Role created.
SQL> create role faculty;
Role created.
SQL>
SQL> -- grant privileges to roles
SQL> grant select on student to student;
Grant succeeded.
SQL> grant select on faculty to faculty;
Grant succeeded.
SQL>
SQL> -- grant student role to students and faculty role to faculty
SQL> grant student to able, baker, charles, drake, elliot;
Grant succeeded.
SQL> grant faculty to
test, seaver,
looney, mills;
Grant succeeded.
SQL> grant create session to student;
Grant succeeded.
SQL> grant create session to faculty;
Grant succeeded.
SQL> -- 3)demonstrate select privileges for student and faculty
SQL> connect able
Connected.
SQL> select * from anar.student;
STUDENTID NAME
MAJOR
ST ADDRESS
GPA
---------- ---------- ---------------- -- ------------ ---------100 ABLE
HISTORY
SR 1 UTAH
3
200 BAKER
ACCOUNTING
JR 2 IOWA
2.7
4. 300 CHARLES
400 DRAKE
500 ELLIOT
MATH
SR 3 MAINE
COMPUTER SCIENCE FR 4 IDAHO
COMPUTER SCIENCE SM 5 NEVADA
3.5
2.8
3.25
SQL> connect test
Connected.
SQL> select * from anar.faculty;
FACULTYID
---------980
5430
7650
9870
NAME
DE ADDRESS
RANK
---------- -- ------------ ---------TEST
IM 11 MAIN
DEAN
SEAVER
IS 12 SOUTH
PROFESSOR
LOONEY
IT 14 NORTH
INSTRUCTOR
MILLS
SA 16 EAST
LECTURER
SQL> -- 4) create view and grant select to faculty on view
SQL> connect anar
Connected.
SQL> create view f_student_view
2 as
3
select studentid, name, major, status from student;
View created.
SQL>
SQL> grant select on f_student_view to faculty;
Grant succeeded.
SQL>-- 5) Demonstrate that faculty can not see the student GPA
SQL> connect test
Connected.
SQL> select * from anar.student;
select * from anar.student
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select * from anar.f_student_view faculty;
STUDENTID NAME
MAJOR
ST
---------- ---------- ---------------- -100 ABLE
HISTORY
SR
200 BAKER
ACCOUNTING
JR
300 CHARLES
MATH
SR
400 DRAKE
COMPUTER SCIENCE FR
500 ELLIOT
COMPUTER SCIENCE SM
SQL>-- 6)Create view for students to only be able to update their own address
SQL> connect anar
Connected.
SQL> create or replace view S_Student_Update_Address
2 as
3
select name, address
4
from student
5. 5
where name=user;
View created.
SQL> grant select on S_Student_Update_Address
2
to student;
Grant succeeded.
SQL>
SQL> grant update (address) on S_Student_Update_Address
2
to student;
Grant succeeded.
SQL> connect baker
Connected.
SQL> select * from anar.S_Student_Update_Address;
NAME
ADDRESS
---------- -----------BAKER
2 IOWA
SQL> update anar.S_Student_Update_Address set address = '1 Party St.';
1 row updated.
SQL> select * from anar.S_Student_Update_Address;
NAME
ADDRESS
---------- -----------BAKER
1 Party St.
SQL>-- 7)Revoke grants on Student and Faculty tables in Problem 2 above
SQL>-- and create views for Student and faculty to see their own record
SQL> connect anar
Connected.
SQL> revoke select on student from student;
Revoke succeeded.
SQL> revoke select on faculty from faculty;
Revoke succeeded.
SQL> spool end;
SQL>create viewown_student_record
2 as
3
select * from student where
name = user;
View created.
SQL> grant select on own_student_record to student;
Grant succeeded.
6. SQL> connect able
Connected.
SQL> select * from anar.own_student_record;
STUDENTID NAME
MAJOR
ST ADDRESS
GPA
---------- ---------- ---------------- -- ------------ ---------100 ABLE
HISTORY
SR 668 CS.
3
SQL> connect baker
Connected.
SQL> select * from anar.own_student_record;
STUDENTID NAME
MAJOR
ST ADDRESS
GPA
---------- ---------- ---------------- -- ------------ ---------200 BAKER
ACCOUNTING
JR 2 IOWA
2.7
SQL> connect anar
Connected.
SQL>create viewown_faculty_record
2 as
3
select * from faculty where
name = user;
View created.
SQL> grant select on own_faculty_record
2
to faculty;
Grant succeeded.
SQL> connect test
Connected.
SQL> select * from anar.own_faculty_record;
FACULTYID NAME
DE ADDRESS
RANK
---------- ---------- -- ------------ ---------980 TEST
IM 11 MAIN
DEAN
SQL> connect seaver
Connected.
SQL> select * from anar.own_faculty_record;
FACULTYID NAME
DE ADDRESS
RANK
---------- ---------- -- ------------ ---------5430 SEAVER
IS 12 SOUTH
PROFESSOR
SQL> spool end
SQL> -- 8) Create a view "Update_Faculty_Address"
SQL> connect anar
Connected.
SQL> create view Update_Faculty_Address
2 as
3
select name, address
4
from faculty
7. 5
where name=user;
View created.
SQL> grant update (address) on Update_Faculty_Address
2
to faculty;
Grant succeeded.
SQL> grant select on Update_Faculty_Address
2
to faculty;
Grant succeeded.
SQL> connect test
Connected.
SQL> select * from anar.Update_Faculty_Address;
NAME
ADDRESS
---------- -----------TEST
11 MAIN
SQL> update anar.Update_Faculty_Address set address = '10 Chastain';
1 row updated.
SQL> select * from anar.Update_Faculty_Address;
NAME
ADDRESS
---------- -----------TEST
10 Chastain
SQL>spool
end
SQL> -- 9) Create a view for students to view their Student, Offering and
Enrollment
SQL> CREATE VIEW student_offering_enrollment
2 as
3
SELECT s.name, e.offeringnum, o.coursenum, o.facultyid, o.term,o.time
from student s, offering o, enrollment e
4
WHERE s.studentid = e.studentid and e.offeringnum=o.offeringnum
5
and s.name = USER;
View created.
SQL> GRANT SELECT ON student_offering_enrollment TO STUDENT;
Grant succeeded.
SQL> connect able
Connected.
SQL> SELECT * FROM anar.student_offering_enrollment;
NAME
OFFERINGNUM COURS FACULTYID TERM
TIME
---------- ----------- ----- ---------- ------ ----ABLE
1111 IS320
5430 FALL
10 AM
8. SQL> connect baker
Connected.
SQL>
SQL> SELECT * FROM anar.student_offering_enrollment;
no rows selected
-- Note that baker is not registered for any courses
SQL> connect elliot
Connected.
SQL>
SQL> SELECT * FROM anar.student_offering_enrollment;
NAME
OFFERINGNUM COURS FACULTYID TERM
TIME
---------- ----------- ----- ---------- ------ ----ELLIOT
1233 IS320
980 FALL
11 AM
SQL> -- 10) Create view for Juniors and seniors to change majors
SQL> -- login as user with DBA privileges
SQL> connect anar
Connected.
SQL> create view changeMajors
2 as
3
select name, major
4
from student where name=user;
View created.
SQL> grant select on changeMajors
2
to student;
Grant succeeded.
SQL> grant update (major) on changeMajors
2
to student;
Grant succeeded.
SQL> create or replace view changeMajors
2 as
3
select name, major
4
from student
5
where name=user and (status = 'JR'
or status = 'SR');
View created.
SQL> connect able
Connected.
SQL> select * from anar.changeMajors;
NAME
MAJOR
---------- ---------------ABLE
HISTORY
SQL> update anar.changeMajors set major = 'G.I.S.';
9. 1 row updated.
-- Drake is a freshmen, will not be able to change his/her major
SQL> connect drake
Connected.
SQL> update anar.changeMajors set major = 'G.I.S.';
0 rows updated.
SQL> spool end