Database Security

SQL> --1) Revoke privileges granted in Lab Exercise 1
SQL> connect anar
Connected.
SQL> -- revoke acces...
SQL> revoke select, update on faculty from test;
Revoke succeeded.
SQL> revoke insert, delete on faculty from seaver;
Revo...
Revoke succeeded.
SQL> revoke create session from

mills;

Revoke succeeded.
SQL> -- 2) Grant Roles Student and Faculty
SQ...
300 CHARLES
400 DRAKE
500 ELLIOT

MATH
SR 3 MAINE
COMPUTER SCIENCE FR 4 IDAHO
COMPUTER SCIENCE SM 5 NEVADA

3.5
2.8
3.25

...
5

where name=user;

View created.
SQL> grant select on S_Student_Update_Address
2
to student;
Grant succeeded.
SQL>
SQL> ...
SQL> connect able
Connected.
SQL> select * from anar.own_student_record;
STUDENTID NAME
MAJOR
ST ADDRESS
GPA
---------- --...
5

where name=user;

View created.
SQL> grant update (address) on Update_Faculty_Address
2
to faculty;
Grant succeeded.
SQ...
SQL> connect baker
Connected.
SQL>
SQL> SELECT * FROM anar.student_offering_enrollment;
no rows selected
-- Note that bake...
1 row updated.
-- Drake is a freshmen, will not be able to change his/her major
SQL> connect drake
Connected.
SQL> update ...
Upcoming SlideShare
Loading in...5
×

Database Security

179

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
179
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Database Security

  1. 1. Database Security SQL> --1) Revoke privileges granted in Lab Exercise 1 SQL> connect anar Connected. SQL> -- revoke access modes from users SQL> revoke select on student from able; Revoke succeeded. SQL> revoke update on student from baker; Revoke succeeded. SQL> revoke insert on student from charles; Revoke succeeded. SQL> revoke delete on student from drake; Revoke succeeded. SQL> revoke update (major) on student from elliot; revoke update (major) on student from elliot * ERROR at line 1: ORA-01750: UPDATE/REFERENCES may only be REVOKEd from the whole table, not by column SQL> revoke update on student from elliot; Revoke succeeded.
  2. 2. SQL> revoke select, update on faculty from test; Revoke succeeded. SQL> revoke insert, delete on faculty from seaver; Revoke succeeded. SQL> revoke update (address) on faculty from looney; revoke update (address) on faculty from looney * ERROR at line 1: ORA-01750: UPDATE/REFERENCES may only be REVOKEd from the whole table, not by column SQL> revoke update on faculty from looney; Revoke succeeded. SQL> revoke update, insert on faculty from mills; Revoke succeeded. SQL> SQL> SQL> -- revoke create session from users SQL> revoke create session from able; Revoke succeeded. SQL> revoke create session from baker; Revoke succeeded. SQL> revoke create session from charles; Revoke succeeded. SQL> revoke create session from drake; Revoke succeeded. SQL> revoke create session from elliot; Revoke succeeded. SQL> revoke create session from test; Revoke succeeded. SQL> revoke create session from seaver; Revoke succeeded. SQL> revoke create session from looney;
  3. 3. Revoke succeeded. SQL> revoke create session from mills; Revoke succeeded. SQL> -- 2) Grant Roles Student and Faculty SQL> -- create roles student and faculty SQL> create role student; Role created. SQL> create role faculty; Role created. SQL> SQL> -- grant privileges to roles SQL> grant select on student to student; Grant succeeded. SQL> grant select on faculty to faculty; Grant succeeded. SQL> SQL> -- grant student role to students and faculty role to faculty SQL> grant student to able, baker, charles, drake, elliot; Grant succeeded. SQL> grant faculty to test, seaver, looney, mills; Grant succeeded. SQL> grant create session to student; Grant succeeded. SQL> grant create session to faculty; Grant succeeded. SQL> -- 3)demonstrate select privileges for student and faculty SQL> connect able Connected. SQL> select * from anar.student; STUDENTID NAME MAJOR ST ADDRESS GPA ---------- ---------- ---------------- -- ------------ ---------100 ABLE HISTORY SR 1 UTAH 3 200 BAKER ACCOUNTING JR 2 IOWA 2.7
  4. 4. 300 CHARLES 400 DRAKE 500 ELLIOT MATH SR 3 MAINE COMPUTER SCIENCE FR 4 IDAHO COMPUTER SCIENCE SM 5 NEVADA 3.5 2.8 3.25 SQL> connect test Connected. SQL> select * from anar.faculty; FACULTYID ---------980 5430 7650 9870 NAME DE ADDRESS RANK ---------- -- ------------ ---------TEST IM 11 MAIN DEAN SEAVER IS 12 SOUTH PROFESSOR LOONEY IT 14 NORTH INSTRUCTOR MILLS SA 16 EAST LECTURER SQL> -- 4) create view and grant select to faculty on view SQL> connect anar Connected. SQL> create view f_student_view 2 as 3 select studentid, name, major, status from student; View created. SQL> SQL> grant select on f_student_view to faculty; Grant succeeded. SQL>-- 5) Demonstrate that faculty can not see the student GPA SQL> connect test Connected. SQL> select * from anar.student; select * from anar.student * ERROR at line 1: ORA-00942: table or view does not exist SQL> select * from anar.f_student_view faculty; STUDENTID NAME MAJOR ST ---------- ---------- ---------------- -100 ABLE HISTORY SR 200 BAKER ACCOUNTING JR 300 CHARLES MATH SR 400 DRAKE COMPUTER SCIENCE FR 500 ELLIOT COMPUTER SCIENCE SM SQL>-- 6)Create view for students to only be able to update their own address SQL> connect anar Connected. SQL> create or replace view S_Student_Update_Address 2 as 3 select name, address 4 from student
  5. 5. 5 where name=user; View created. SQL> grant select on S_Student_Update_Address 2 to student; Grant succeeded. SQL> SQL> grant update (address) on S_Student_Update_Address 2 to student; Grant succeeded. SQL> connect baker Connected. SQL> select * from anar.S_Student_Update_Address; NAME ADDRESS ---------- -----------BAKER 2 IOWA SQL> update anar.S_Student_Update_Address set address = '1 Party St.'; 1 row updated. SQL> select * from anar.S_Student_Update_Address; NAME ADDRESS ---------- -----------BAKER 1 Party St. SQL>-- 7)Revoke grants on Student and Faculty tables in Problem 2 above SQL>-- and create views for Student and faculty to see their own record SQL> connect anar Connected. SQL> revoke select on student from student; Revoke succeeded. SQL> revoke select on faculty from faculty; Revoke succeeded. SQL> spool end; SQL>create viewown_student_record 2 as 3 select * from student where name = user; View created. SQL> grant select on own_student_record to student; Grant succeeded.
  6. 6. SQL> connect able Connected. SQL> select * from anar.own_student_record; STUDENTID NAME MAJOR ST ADDRESS GPA ---------- ---------- ---------------- -- ------------ ---------100 ABLE HISTORY SR 668 CS. 3 SQL> connect baker Connected. SQL> select * from anar.own_student_record; STUDENTID NAME MAJOR ST ADDRESS GPA ---------- ---------- ---------------- -- ------------ ---------200 BAKER ACCOUNTING JR 2 IOWA 2.7 SQL> connect anar Connected. SQL>create viewown_faculty_record 2 as 3 select * from faculty where name = user; View created. SQL> grant select on own_faculty_record 2 to faculty; Grant succeeded. SQL> connect test Connected. SQL> select * from anar.own_faculty_record; FACULTYID NAME DE ADDRESS RANK ---------- ---------- -- ------------ ---------980 TEST IM 11 MAIN DEAN SQL> connect seaver Connected. SQL> select * from anar.own_faculty_record; FACULTYID NAME DE ADDRESS RANK ---------- ---------- -- ------------ ---------5430 SEAVER IS 12 SOUTH PROFESSOR SQL> spool end SQL> -- 8) Create a view "Update_Faculty_Address" SQL> connect anar Connected. SQL> create view Update_Faculty_Address 2 as 3 select name, address 4 from faculty
  7. 7. 5 where name=user; View created. SQL> grant update (address) on Update_Faculty_Address 2 to faculty; Grant succeeded. SQL> grant select on Update_Faculty_Address 2 to faculty; Grant succeeded. SQL> connect test Connected. SQL> select * from anar.Update_Faculty_Address; NAME ADDRESS ---------- -----------TEST 11 MAIN SQL> update anar.Update_Faculty_Address set address = '10 Chastain'; 1 row updated. SQL> select * from anar.Update_Faculty_Address; NAME ADDRESS ---------- -----------TEST 10 Chastain SQL>spool end SQL> -- 9) Create a view for students to view their Student, Offering and Enrollment SQL> CREATE VIEW student_offering_enrollment 2 as 3 SELECT s.name, e.offeringnum, o.coursenum, o.facultyid, o.term,o.time from student s, offering o, enrollment e 4 WHERE s.studentid = e.studentid and e.offeringnum=o.offeringnum 5 and s.name = USER; View created. SQL> GRANT SELECT ON student_offering_enrollment TO STUDENT; Grant succeeded. SQL> connect able Connected. SQL> SELECT * FROM anar.student_offering_enrollment; NAME OFFERINGNUM COURS FACULTYID TERM TIME ---------- ----------- ----- ---------- ------ ----ABLE 1111 IS320 5430 FALL 10 AM
  8. 8. SQL> connect baker Connected. SQL> SQL> SELECT * FROM anar.student_offering_enrollment; no rows selected -- Note that baker is not registered for any courses SQL> connect elliot Connected. SQL> SQL> SELECT * FROM anar.student_offering_enrollment; NAME OFFERINGNUM COURS FACULTYID TERM TIME ---------- ----------- ----- ---------- ------ ----ELLIOT 1233 IS320 980 FALL 11 AM SQL> -- 10) Create view for Juniors and seniors to change majors SQL> -- login as user with DBA privileges SQL> connect anar Connected. SQL> create view changeMajors 2 as 3 select name, major 4 from student where name=user; View created. SQL> grant select on changeMajors 2 to student; Grant succeeded. SQL> grant update (major) on changeMajors 2 to student; Grant succeeded. SQL> create or replace view changeMajors 2 as 3 select name, major 4 from student 5 where name=user and (status = 'JR' or status = 'SR'); View created. SQL> connect able Connected. SQL> select * from anar.changeMajors; NAME MAJOR ---------- ---------------ABLE HISTORY SQL> update anar.changeMajors set major = 'G.I.S.';
  9. 9. 1 row updated. -- Drake is a freshmen, will not be able to change his/her major SQL> connect drake Connected. SQL> update anar.changeMajors set major = 'G.I.S.'; 0 rows updated. SQL> spool end

×