SlideShare uma empresa Scribd logo

Views and security

Transferir como PPT, PDF
farhan amjad
farhan amjad
Educação
1 de 24
Security and Integrity Database Systems Lecture 11
In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity

Recomendados

Inheritance in OOPS
Inheritance in OOPSInheritance in OOPS
Inheritance in OOPS
Ronak Chhajed
 
Java - Sockets
Java - SocketsJava - Sockets
Java - Sockets
Riccardo Cardin
 
MYSQL.ppt
MYSQL.pptMYSQL.ppt
MYSQL.ppt
webhostingguy
 
SQL Views
SQL ViewsSQL Views
SQL Views
baabtra.com - No. 1 supplier of quality freshers
 
JDBC: java DataBase connectivity
JDBC: java DataBase connectivityJDBC: java DataBase connectivity
JDBC: java DataBase connectivity
Tanmoy Barman
 
This keyword in java
This keyword in javaThis keyword in java
This keyword in java
Hitesh Kumar
 
Bootstrap
BootstrapBootstrap
Bootstrap
Jadson Santos
 
Inheritance in c++
Inheritance in c++Inheritance in c++
Inheritance in c++
Paumil Patel
 

Recomendados

Inheritance in OOPS
Inheritance in OOPSInheritance in OOPS
Inheritance in OOPS
Ronak Chhajed
 
Java - Sockets
Java - SocketsJava - Sockets
Java - Sockets
Riccardo Cardin
 
MYSQL.ppt
MYSQL.pptMYSQL.ppt
MYSQL.ppt
webhostingguy
 
SQL Views
SQL ViewsSQL Views
SQL Views
baabtra.com - No. 1 supplier of quality freshers
 
JDBC: java DataBase connectivity
JDBC: java DataBase connectivityJDBC: java DataBase connectivity
JDBC: java DataBase connectivity
Tanmoy Barman
 
This keyword in java
This keyword in javaThis keyword in java
This keyword in java
Hitesh Kumar
 
Bootstrap
BootstrapBootstrap
Bootstrap
Jadson Santos
 
Inheritance in c++
Inheritance in c++Inheritance in c++
Inheritance in c++
Paumil Patel
 
Data Manipulation Language
Data Manipulation LanguageData Manipulation Language
Data Manipulation Language
Jas Singh Bhasin
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
Gurjot Singh
 
NESTED SUBQUERY.pptx
NESTED SUBQUERY.pptxNESTED SUBQUERY.pptx
NESTED SUBQUERY.pptx
Anusha sivakumar
 
String, string builder, string buffer
String, string builder, string bufferString, string builder, string buffer
String, string builder, string buffer
SSN College of Engineering, Kalavakkam
 
MULTI THREADING IN JAVA
MULTI THREADING IN JAVAMULTI THREADING IN JAVA
MULTI THREADING IN JAVA
VINOTH R
 
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
Simplilearn
 
Characteristics of OOPS
Characteristics of OOPS Characteristics of OOPS
Characteristics of OOPS
abhishek kumar
 
Introduction to Design Pattern
Introduction to Design PatternIntroduction to Design Pattern
Introduction to Design Pattern
Sanae BEKKAR
 
Introduction to Visual Studio.NET
Introduction to Visual Studio.NETIntroduction to Visual Studio.NET
Introduction to Visual Studio.NET
Dutch Dasanaike {LION}
 
Chapter23
Chapter23Chapter23
Chapter23
gourab87
 
DBMS Notes: DDL DML DCL
DBMS Notes: DDL DML DCLDBMS Notes: DDL DML DCL
DBMS Notes: DDL DML DCL
Sreedhar Chowdam
 
Structured Query Language (SQL)
Structured Query Language (SQL)Structured Query Language (SQL)
Structured Query Language (SQL)
Syed Hassan Ali
 
Lecture 04 normalization
Lecture 04 normalization Lecture 04 normalization
Lecture 04 normalization
emailharmeet
 
Java Data Types
Java Data TypesJava Data Types
Java Data Types
Spotle.ai
 
Trigger
TriggerTrigger
Trigger
VForce Infotech
 
ER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMSER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMS
ssuser20b618
 
Assemblies
AssembliesAssemblies
Assemblies
Janas Khan
 
Inheritance in java
Inheritance in javaInheritance in java
Inheritance in java
RahulAnanda1
 
Arrays in Java
Arrays in JavaArrays in Java
Arrays in Java
Abhilash Nair
 
Features of java
Features of javaFeatures of java
Features of java
WILLFREDJOSE W
 
The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
islam is terrorism realy
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
islam is terrorism realy
 

Mais conteúdo relacionado

Mais procurados

Lecture 04 normalization
Lecture 04 normalization Lecture 04 normalization
Lecture 04 normalization
emailharmeet
 

Mais procurados (20)

Data Manipulation Language
Data Manipulation LanguageData Manipulation Language
Data Manipulation Language
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
 
NESTED SUBQUERY.pptx
NESTED SUBQUERY.pptxNESTED SUBQUERY.pptx
NESTED SUBQUERY.pptx
 
String, string builder, string buffer
String, string builder, string bufferString, string builder, string buffer
String, string builder, string buffer
 
MULTI THREADING IN JAVA
MULTI THREADING IN JAVAMULTI THREADING IN JAVA
MULTI THREADING IN JAVA
 
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
 
Characteristics of OOPS
Characteristics of OOPS Characteristics of OOPS
Characteristics of OOPS
 
Introduction to Design Pattern
Introduction to Design PatternIntroduction to Design Pattern
Introduction to Design Pattern
 
Introduction to Visual Studio.NET
Introduction to Visual Studio.NETIntroduction to Visual Studio.NET
Introduction to Visual Studio.NET
 
Chapter23
Chapter23Chapter23
Chapter23
 
DBMS Notes: DDL DML DCL
DBMS Notes: DDL DML DCLDBMS Notes: DDL DML DCL
DBMS Notes: DDL DML DCL
 
Structured Query Language (SQL)
Structured Query Language (SQL)Structured Query Language (SQL)
Structured Query Language (SQL)
 
Lecture 04 normalization
Lecture 04 normalization Lecture 04 normalization
Lecture 04 normalization
 
Java Data Types
Java Data TypesJava Data Types
Java Data Types
 
Trigger
TriggerTrigger
Trigger
 
ER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMSER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMS
 
Assemblies
AssembliesAssemblies
Assemblies
 
Inheritance in java
Inheritance in javaInheritance in java
Inheritance in java
 
Arrays in Java
Arrays in JavaArrays in Java
Arrays in Java
 
Features of java
Features of javaFeatures of java
Features of java
 

Destaque

Destaque (9)

The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
 
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeThe spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
 
Islamic hadeeth and teachings
Islamic hadeeth and teachingsIslamic hadeeth and teachings
Islamic hadeeth and teachings
 
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeThe priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
 
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeThe spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
 
Nahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all MuslimsNahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all Muslims
 
13 inquiries about-the_quran
13 inquiries about-the_quran13 inquiries about-the_quran
13 inquiries about-the_quran
 
9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint
 

Semelhante a Views and security

Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Less06 users
Less06 usersLess06 users
Less06 users
Imran Ali
 

Semelhante a Views and security (20)

DBMS Security.ppt
DBMS Security.pptDBMS Security.ppt
DBMS Security.ppt
 
6232 b 04
6232 b 046232 b 04
6232 b 04
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For Developers
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and Authorization
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Les13
Les13Les13
Les13
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Les01
Les01Les01
Les01
 
Less06 users
Less06 usersLess06 users
Less06 users
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
 
Oracle Database
Oracle DatabaseOracle Database
Oracle Database
 
Les14
Les14Les14
Les14
 
Sql injection
Sql injectionSql injection
Sql injection
 
Les14[1]Controlling User Access
Les14[1]Controlling User AccessLes14[1]Controlling User Access
Les14[1]Controlling User Access
 
03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx
 

Mais de farhan amjad

Views and security
Views and securityViews and security
Views and security
farhan amjad
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templates
farhan amjad
 
Operator overloading
Operator overloadingOperator overloading
Operator overloading
farhan amjad
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methods
farhan amjad
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented language
farhan amjad
 

Mais de farhan amjad (6)

Views and security
Views and securityViews and security
Views and security
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templates
 
Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)
 
Operator overloading
Operator overloadingOperator overloading
Operator overloading
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methods
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented language
 

Último

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 

Último (20)

How to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptxHow to setup Pycharm environment for Odoo 17.pptx
How to setup Pycharm environment for Odoo 17.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdfUGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
UGC NET Paper 1 Mathematical Reasoning & Aptitude.pdf
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
Beyond_Borders_Understanding_Anime_and_Manga_Fandom_A_Comprehensive_Audience_...
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024FSB Advising Checklist - Orientation 2024
FSB Advising Checklist - Orientation 2024
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 

Views and security

  • 1. Security and Integrity Database Systems Lecture 11
  • 2. In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
  • 3. Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
  • 4. Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
  • 5. Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
  • 6. Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
  • 7. Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
  • 8. Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
  • 9. An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
  • 10. Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
  • 11. Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
  • 12. Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
  • 13. View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
  • 14. View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
  • 15. Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
  • 16. View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
  • 17. View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
  • 18. View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
  • 19. Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
  • 20. View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
  • 21. Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
  • 22. Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
  • 23. Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
  • 24. 1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity