Database Security
Upcoming SlideShare
Loading in...5
×

Like this? Share it with your network

Share
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
281
On Slideshare
278
From Embeds
3
Number of Embeds
1

Actions

Shares
Downloads
10
Comments
0
Likes
0

Embeds 3

http://anargodjaev.wordpress.com 3

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Database Security SQL> --1) Revoke privileges granted in Lab Exercise 1 SQL> connect anar Connected. SQL> -- revoke access modes from users SQL> revoke select on student from able; Revoke succeeded. SQL> revoke update on student from baker; Revoke succeeded. SQL> revoke insert on student from charles; Revoke succeeded. SQL> revoke delete on student from drake; Revoke succeeded. SQL> revoke update (major) on student from elliot; revoke update (major) on student from elliot * ERROR at line 1: ORA-01750: UPDATE/REFERENCES may only be REVOKEd from the whole table, not by column SQL> revoke update on student from elliot; Revoke succeeded.
  • 2. SQL> revoke select, update on faculty from test; Revoke succeeded. SQL> revoke insert, delete on faculty from seaver; Revoke succeeded. SQL> revoke update (address) on faculty from looney; revoke update (address) on faculty from looney * ERROR at line 1: ORA-01750: UPDATE/REFERENCES may only be REVOKEd from the whole table, not by column SQL> revoke update on faculty from looney; Revoke succeeded. SQL> revoke update, insert on faculty from mills; Revoke succeeded. SQL> SQL> SQL> -- revoke create session from users SQL> revoke create session from able; Revoke succeeded. SQL> revoke create session from baker; Revoke succeeded. SQL> revoke create session from charles; Revoke succeeded. SQL> revoke create session from drake; Revoke succeeded. SQL> revoke create session from elliot; Revoke succeeded. SQL> revoke create session from test; Revoke succeeded. SQL> revoke create session from seaver; Revoke succeeded. SQL> revoke create session from looney;
  • 3. Revoke succeeded. SQL> revoke create session from mills; Revoke succeeded. SQL> -- 2) Grant Roles Student and Faculty SQL> -- create roles student and faculty SQL> create role student; Role created. SQL> create role faculty; Role created. SQL> SQL> -- grant privileges to roles SQL> grant select on student to student; Grant succeeded. SQL> grant select on faculty to faculty; Grant succeeded. SQL> SQL> -- grant student role to students and faculty role to faculty SQL> grant student to able, baker, charles, drake, elliot; Grant succeeded. SQL> grant faculty to test, seaver, looney, mills; Grant succeeded. SQL> grant create session to student; Grant succeeded. SQL> grant create session to faculty; Grant succeeded. SQL> -- 3)demonstrate select privileges for student and faculty SQL> connect able Connected. SQL> select * from anar.student; STUDENTID NAME MAJOR ST ADDRESS GPA ---------- ---------- ---------------- -- ------------ ---------100 ABLE HISTORY SR 1 UTAH 3 200 BAKER ACCOUNTING JR 2 IOWA 2.7
  • 4. 300 CHARLES 400 DRAKE 500 ELLIOT MATH SR 3 MAINE COMPUTER SCIENCE FR 4 IDAHO COMPUTER SCIENCE SM 5 NEVADA 3.5 2.8 3.25 SQL> connect test Connected. SQL> select * from anar.faculty; FACULTYID ---------980 5430 7650 9870 NAME DE ADDRESS RANK ---------- -- ------------ ---------TEST IM 11 MAIN DEAN SEAVER IS 12 SOUTH PROFESSOR LOONEY IT 14 NORTH INSTRUCTOR MILLS SA 16 EAST LECTURER SQL> -- 4) create view and grant select to faculty on view SQL> connect anar Connected. SQL> create view f_student_view 2 as 3 select studentid, name, major, status from student; View created. SQL> SQL> grant select on f_student_view to faculty; Grant succeeded. SQL>-- 5) Demonstrate that faculty can not see the student GPA SQL> connect test Connected. SQL> select * from anar.student; select * from anar.student * ERROR at line 1: ORA-00942: table or view does not exist SQL> select * from anar.f_student_view faculty; STUDENTID NAME MAJOR ST ---------- ---------- ---------------- -100 ABLE HISTORY SR 200 BAKER ACCOUNTING JR 300 CHARLES MATH SR 400 DRAKE COMPUTER SCIENCE FR 500 ELLIOT COMPUTER SCIENCE SM SQL>-- 6)Create view for students to only be able to update their own address SQL> connect anar Connected. SQL> create or replace view S_Student_Update_Address 2 as 3 select name, address 4 from student
  • 5. 5 where name=user; View created. SQL> grant select on S_Student_Update_Address 2 to student; Grant succeeded. SQL> SQL> grant update (address) on S_Student_Update_Address 2 to student; Grant succeeded. SQL> connect baker Connected. SQL> select * from anar.S_Student_Update_Address; NAME ADDRESS ---------- -----------BAKER 2 IOWA SQL> update anar.S_Student_Update_Address set address = '1 Party St.'; 1 row updated. SQL> select * from anar.S_Student_Update_Address; NAME ADDRESS ---------- -----------BAKER 1 Party St. SQL>-- 7)Revoke grants on Student and Faculty tables in Problem 2 above SQL>-- and create views for Student and faculty to see their own record SQL> connect anar Connected. SQL> revoke select on student from student; Revoke succeeded. SQL> revoke select on faculty from faculty; Revoke succeeded. SQL> spool end; SQL>create viewown_student_record 2 as 3 select * from student where name = user; View created. SQL> grant select on own_student_record to student; Grant succeeded.
  • 6. SQL> connect able Connected. SQL> select * from anar.own_student_record; STUDENTID NAME MAJOR ST ADDRESS GPA ---------- ---------- ---------------- -- ------------ ---------100 ABLE HISTORY SR 668 CS. 3 SQL> connect baker Connected. SQL> select * from anar.own_student_record; STUDENTID NAME MAJOR ST ADDRESS GPA ---------- ---------- ---------------- -- ------------ ---------200 BAKER ACCOUNTING JR 2 IOWA 2.7 SQL> connect anar Connected. SQL>create viewown_faculty_record 2 as 3 select * from faculty where name = user; View created. SQL> grant select on own_faculty_record 2 to faculty; Grant succeeded. SQL> connect test Connected. SQL> select * from anar.own_faculty_record; FACULTYID NAME DE ADDRESS RANK ---------- ---------- -- ------------ ---------980 TEST IM 11 MAIN DEAN SQL> connect seaver Connected. SQL> select * from anar.own_faculty_record; FACULTYID NAME DE ADDRESS RANK ---------- ---------- -- ------------ ---------5430 SEAVER IS 12 SOUTH PROFESSOR SQL> spool end SQL> -- 8) Create a view "Update_Faculty_Address" SQL> connect anar Connected. SQL> create view Update_Faculty_Address 2 as 3 select name, address 4 from faculty
  • 7. 5 where name=user; View created. SQL> grant update (address) on Update_Faculty_Address 2 to faculty; Grant succeeded. SQL> grant select on Update_Faculty_Address 2 to faculty; Grant succeeded. SQL> connect test Connected. SQL> select * from anar.Update_Faculty_Address; NAME ADDRESS ---------- -----------TEST 11 MAIN SQL> update anar.Update_Faculty_Address set address = '10 Chastain'; 1 row updated. SQL> select * from anar.Update_Faculty_Address; NAME ADDRESS ---------- -----------TEST 10 Chastain SQL>spool end SQL> -- 9) Create a view for students to view their Student, Offering and Enrollment SQL> CREATE VIEW student_offering_enrollment 2 as 3 SELECT s.name, e.offeringnum, o.coursenum, o.facultyid, o.term,o.time from student s, offering o, enrollment e 4 WHERE s.studentid = e.studentid and e.offeringnum=o.offeringnum 5 and s.name = USER; View created. SQL> GRANT SELECT ON student_offering_enrollment TO STUDENT; Grant succeeded. SQL> connect able Connected. SQL> SELECT * FROM anar.student_offering_enrollment; NAME OFFERINGNUM COURS FACULTYID TERM TIME ---------- ----------- ----- ---------- ------ ----ABLE 1111 IS320 5430 FALL 10 AM
  • 8. SQL> connect baker Connected. SQL> SQL> SELECT * FROM anar.student_offering_enrollment; no rows selected -- Note that baker is not registered for any courses SQL> connect elliot Connected. SQL> SQL> SELECT * FROM anar.student_offering_enrollment; NAME OFFERINGNUM COURS FACULTYID TERM TIME ---------- ----------- ----- ---------- ------ ----ELLIOT 1233 IS320 980 FALL 11 AM SQL> -- 10) Create view for Juniors and seniors to change majors SQL> -- login as user with DBA privileges SQL> connect anar Connected. SQL> create view changeMajors 2 as 3 select name, major 4 from student where name=user; View created. SQL> grant select on changeMajors 2 to student; Grant succeeded. SQL> grant update (major) on changeMajors 2 to student; Grant succeeded. SQL> create or replace view changeMajors 2 as 3 select name, major 4 from student 5 where name=user and (status = 'JR' or status = 'SR'); View created. SQL> connect able Connected. SQL> select * from anar.changeMajors; NAME MAJOR ---------- ---------------ABLE HISTORY SQL> update anar.changeMajors set major = 'G.I.S.';
  • 9. 1 row updated. -- Drake is a freshmen, will not be able to change his/her major SQL> connect drake Connected. SQL> update anar.changeMajors set major = 'G.I.S.'; 0 rows updated. SQL> spool end