SlideShare a Scribd company logo

Discretionary access control(database).pptx

Download as PPTX, PDF
M
MahalakshmiK55

Discretionary access control based on granting and revoking privileges

Engineering
1 of 13
 The typical method of enforcing discretionary access control in a database system is based on the granting and revoking of privileges in the context of a relational Database.  The main idea is to include statements in the query language that allow the DBA and selected users to grant and revoke privileges.
 The DBMS must provide selective access to each relation in the database based on specific accounts.  Operations may also be controlled; thus, having an account does not necessarily entitle the account holder to all the functionality provided by the DBMS. LEVELS FOR ASSIGNING PRIVILLEGES ACCOUNT LEVEL RELATIONAL LEVEL
ACCOUNT LEVEL:  The privileges at the account level apply to the capabilities provided to the account itself and can include the CREATE SCHEMA or CREATE TABLE privilege,CREATE VIEW privilege, ALTER privilege, DROP privilege, MODIFY privilege, SELECT privilege ,to retrieve information from the database by using a SELECT query.  If a certain account does not have the CREATE TABLE privilege, no relations can be created from that account. DATABASE ADMINSTRATOR ACCOUNT DATA ANALYST ACCOUNT DATA ENTRY ACCOUNT DAVELOPER ACCOUNT
RELATIONAL LEVEL:  the relation level includes base relations and virtual (view) relations. the term relation may refer either to a base relation or to a view  Privileges at the relation level specify for each user the individual relations on which each type of command can be applied. Some privileges also refer to individual columns (attributes) of relations.  The granting and revoking of privileges generally follow an authorization model for discretionary privileges known as the access matrix model, where  Rows of a matrix M represent subjects (users, accounts, programs) .  Columns represent objects (relations, records, columns, views, operations).  Each position M(i, j) in the matrix represents the types of privileges (read, write, update) that sub- ject i holds on object j. Table X Table Y Table Z View V User A R W - R User B R - U - User C - - R - Subjects Objects
 To control the granting and revoking of relation privileges ,each relation R in a database is assigned an owner account.  the DBA can assign an owner to a whole schema by creating the schema using the CREATE SCHEMA command.  The owner account holder can pass privileges on any of the owned relations to other users by granting privileges to their accounts. In SQL, the following types of privileges can be granted on each individual relation R:  SELECT (retrieval or read) privilege on R.  Modification privileges on R (UPDATE, DELETE, and INSERT).  References privilege on R for specifying integrity constraints.
REVOKING OF PRIVILEGES:  In some cases, it is desirable to grant a privilege to a user temporarily.  For example, the owner of a relation may want to grant the SELECT privilege to a user for a specific task and then revoke that privilege once the task is completed. Hence, a mechanism for revoking privileges is needed.  In SQL, a REVOKE command is included for the purpose of canceling privileges. PROPAGATION OF PRIVILEGES USING THE GRANT OPTION:  When the owner A grants a privilege on a relation R to another account B, B can receive the privilege with or without the ability to grant it to others (GRANT OPTION).  If B has the GRANT OPTION and grants the privilege to account C, privileges on R can spread without A's knowledge.  If A revokes the privilege given to B, all privileges propagated by B should also be automatically revoked.  To ensure this, a database management system tracks how privileges were granted, so revoking privileges can be done correctly and completely. This tracking helps maintain control and security over the system.
OWNER A ACCOUNT B ACCOUNT C GRANT P GRANT P The access control mechanism ensures that revoking a privilege from an account effectively revokes any privileges propagated by that account, preventing privileges from being passed on without the knowledge or authorization of the owner of the resource. OWNER A ACCOUNT B ACCOUNT C REVOKE P REVOKE P
Suppose that the DBA creates four accounts-A1, A2, A3, and A4-and wants only A1 to be able to create base relations. GRANT command in SQL: GRANT CREATETAB TO A1; Account A1 the capability to create new database tables (base relations) and is hence an account privilege. the same effect can be accomplished by having the DBA issue a CREATESCHEMA command, as follows: CREATE SCHEMA EXAMPLE AUTHORIZATION A1; User account A1 can now create tables under the schema called EXAMPLE.
 Suppose that A1 creates the two base relations EMPLOYEE and DEPARTMENT.A1 is then the owner of these two relations and hence has all the relation privileges on each of them.  A1 is then the owner of these two relations and hence has all the relation privileges on each of them. GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2;  A1 allowing it to grant privileges on the relation to other accounts.  However, account A2 cannot grant INSERT and DELETE privileges on the EMPLOYEE and DEPARTMENT tables because A2 was not given the GRANT OPTION in the preceding command.  Suppose that At wants to allow account A3 to retrieve information from either of the two tables and also to be able to propagate the SELECT privilege to other accounts.A1 issues the following command, GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRANT OPTION; • A3 can now propagate the privilege to other accounts by using GRANT.
 A3 can grant the SELECT privilege on the EMPLOYEE relation to A4. GRANT SELECT ON EMPLOYEE TO A4;  A4 cannot propagate the SELECT privilege to other accounts becausethe GRANT OPTION was not given to A4.  Now suppose that A1 decides to revoke the SELECT privilege on the EMPLOYEE relation from A3; A1 then can issue this command: REVOKE SELECT ON EMPLOYEE FROM A3; EMPLOYEE Name Ssn Bdate Address Sex Salary Dno DEPARTMENT Dnumber Dname Mgr_ssn
 Next, suppose that A1 wants to give back to A3 a limited capability to SELECT from the EMPLOYEE relation and wants to allow A3 to be able to propagate the privilege.  The limitation is to retrieve only the Name, Bdate, and Address attributes and only for the tuples with Dno = 5. A1 then can create the following view: CREATE VIEW A3 EMPLOYEE AS SELECT Name, Bdate, Address FROM EMPLOYEE WHERE Dno = 5;  After the view is created. A1 can grant SELECT on the view A3EMPLOYEE to A3 as follows: GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT OPTION;  Finally, suppose that A1 wants to allow A4 to update only the Salary attribute ofEMPLOYEE; A1 can then issue the following command: GRANT UPDATE ON EMPLOYEE (Salary) TO A4;
SPECIFYING LIMITS ON PROPAGATION OF PRIVILEGES:  HORIZONTAL PROPAGATION: Limit the number of accounts to which a privilege can be granted. Account B (with GRANT OPTION) can grant the privilege to at most i other accounts.  VERTICAL PROPAGATION: Limit the depth of granting privileges. Account B (with vertical propagation j) can grant the privilege to other accounts only with a vertical propagation less than j. Example: A1 grants SELECT to A2 with horizontal propagation = 1 and vertical propagation = 2. A2 can grant SELECT to at most 1 account (horizontal limit) and reduce vertical propagation by 1 when passing the privilege (vertical limit). OWNER A1 ACCOUNT A2 ACCOUNT C(1) ACCOUNT D(0) ACCOUNT E(2) ACCOUNT F(1) ACCOUNT G(0)
 Horizontal and vertical propagation techniques limit privilege spread, ensuring depth and breadth control. These techniques are not currently available in SQL or most relational systems. UNIVERSITY QUESTIONS: 1. Present an overview of database security.(13M) 2. Explain in detail DB Security.(8m)

Recommended

Telnet
TelnetTelnet
TelnetJishnu Pradeep
 
Distributed Transaction
Distributed TransactionDistributed Transaction
Distributed TransactionPratik Tambekar
 
Application Layer
Application Layer Application Layer
Application Layer Dr Shashikant Athawale
 
Data Link Layer| Error Detection
Data Link Layer| Error DetectionData Link Layer| Error Detection
Data Link Layer| Error DetectionTaimoor Muzaffar Gondal
 
Unt 3 attributes, methods, relationships-1
Unt 3 attributes, methods, relationships-1Unt 3 attributes, methods, relationships-1
Unt 3 attributes, methods, relationships-1gopal10scs185
 
Unit 4 designing classes
Unit 4 designing classesUnit 4 designing classes
Unit 4 designing classesgopal10scs185
 
Object oriented analysis
Object oriented analysisObject oriented analysis
Object oriented analysisMahesh Bhalerao
 
Lesson 2: Subnetting basics
Lesson 2: Subnetting basicsLesson 2: Subnetting basics
Lesson 2: Subnetting basicsMahmmoud Mahdi
 

Recommended

Telnet
TelnetTelnet
TelnetJishnu Pradeep
 
Distributed Transaction
Distributed TransactionDistributed Transaction
Distributed TransactionPratik Tambekar
 
Application Layer
Application Layer Application Layer
Application Layer Dr Shashikant Athawale
 
Data Link Layer| Error Detection
Data Link Layer| Error DetectionData Link Layer| Error Detection
Data Link Layer| Error DetectionTaimoor Muzaffar Gondal
 
Unt 3 attributes, methods, relationships-1
Unt 3 attributes, methods, relationships-1Unt 3 attributes, methods, relationships-1
Unt 3 attributes, methods, relationships-1gopal10scs185
 
Unit 4 designing classes
Unit 4 designing classesUnit 4 designing classes
Unit 4 designing classesgopal10scs185
 
Object oriented analysis
Object oriented analysisObject oriented analysis
Object oriented analysisMahesh Bhalerao
 
Lesson 2: Subnetting basics
Lesson 2: Subnetting basicsLesson 2: Subnetting basics
Lesson 2: Subnetting basicsMahmmoud Mahdi
 
3 Tier Architecture
3 Tier Architecture3 Tier Architecture
3 Tier ArchitectureWebx
 
Point to-point protocol (ppp)
Point to-point protocol (ppp)Point to-point protocol (ppp)
Point to-point protocol (ppp)Kongu Engineering College, Perundurai, Erode
 
Congestion control
Congestion controlCongestion control
Congestion controlAman Jaiswal
 
Network layer logical addressing
Network layer logical addressingNetwork layer logical addressing
Network layer logical addressingSri Manakula Vinayagar Engineering College
 
Unit 5 testing -software quality assurance
Unit 5 testing -software quality assuranceUnit 5 testing -software quality assurance
Unit 5 testing -software quality assurancegopal10scs185
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Tcpip services and applications
Tcpip services and applicationsTcpip services and applications
Tcpip services and applicationsOnline
 
TCP/ IP
TCP/ IP TCP/ IP
TCP/ IP Harshit Srivastava
 
CS6010 Social Network Analysis Unit II
CS6010 Social Network Analysis Unit IICS6010 Social Network Analysis Unit II
CS6010 Social Network Analysis Unit IIpkaviya
 
Mandatory access control for information security
Mandatory access control for information securityMandatory access control for information security
Mandatory access control for information securityAjit Dadresa
 
Concurrency Control in Database Management System
Concurrency Control in Database Management SystemConcurrency Control in Database Management System
Concurrency Control in Database Management SystemJanki Shah
 
Wireless security
Wireless securityWireless security
Wireless securitySalma Elhag
 
TCP/IP Network ppt
TCP/IP Network pptTCP/IP Network ppt
TCP/IP Network pptextraganesh
 
IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing TheGodfather HA
 
Multiple Access in Computer Network
Multiple Access in Computer NetworkMultiple Access in Computer Network
Multiple Access in Computer NetworkHitesh Mohapatra
 
IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6Adeel Rasheed
 
Unit 4- Software Engineering System Model Notes
Unit 4- Software Engineering System Model Notes Unit 4- Software Engineering System Model Notes
Unit 4- Software Engineering System Model Notes arvind pandey
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)Gurjot Singh
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layerNaiyan Noor
 
Error control
Error controlError control
Error controlselvakumar_b1985
 
UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.pptDharaDarji5
 
8034.ppt
8034.ppt8034.ppt
8034.pptssuser77162c
 

More Related Content

What's hot

3 Tier Architecture
3 Tier Architecture3 Tier Architecture
3 Tier ArchitectureWebx
 
Congestion control
Congestion controlCongestion control
Congestion controlAman Jaiswal
 
Unit 5 testing -software quality assurance
Unit 5 testing -software quality assuranceUnit 5 testing -software quality assurance
Unit 5 testing -software quality assurancegopal10scs185
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database securitySyaiful Ahdan
 
Tcpip services and applications
Tcpip services and applicationsTcpip services and applications
Tcpip services and applicationsOnline
 
CS6010 Social Network Analysis Unit II
CS6010 Social Network Analysis Unit IICS6010 Social Network Analysis Unit II
CS6010 Social Network Analysis Unit IIpkaviya
 
Mandatory access control for information security
Mandatory access control for information securityMandatory access control for information security
Mandatory access control for information securityAjit Dadresa
 
Concurrency Control in Database Management System
Concurrency Control in Database Management SystemConcurrency Control in Database Management System
Concurrency Control in Database Management SystemJanki Shah
 
Wireless security
Wireless securityWireless security
Wireless securitySalma Elhag
 
TCP/IP Network ppt
TCP/IP Network pptTCP/IP Network ppt
TCP/IP Network pptextraganesh
 
Multiple Access in Computer Network
Multiple Access in Computer NetworkMultiple Access in Computer Network
Multiple Access in Computer NetworkHitesh Mohapatra
 
IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6Adeel Rasheed
 
Unit 4- Software Engineering System Model Notes
Unit 4- Software Engineering System Model Notes Unit 4- Software Engineering System Model Notes
Unit 4- Software Engineering System Model Notes arvind pandey
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)Gurjot Singh
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layerNaiyan Noor
 

What's hot (20)

3 Tier Architecture
3 Tier Architecture3 Tier Architecture
3 Tier Architecture
 
Point to-point protocol (ppp)
Point to-point protocol (ppp)Point to-point protocol (ppp)
Point to-point protocol (ppp)
 
Congestion control
Congestion controlCongestion control
Congestion control
 
Network layer logical addressing
Network layer logical addressingNetwork layer logical addressing
Network layer logical addressing
 
Unit 5 testing -software quality assurance
Unit 5 testing -software quality assuranceUnit 5 testing -software quality assurance
Unit 5 testing -software quality assurance
 
Chapter 5 database security
Chapter 5 database securityChapter 5 database security
Chapter 5 database security
 
Tcpip services and applications
Tcpip services and applicationsTcpip services and applications
Tcpip services and applications
 
TCP/ IP
TCP/ IP TCP/ IP
TCP/ IP
 
CS6010 Social Network Analysis Unit II
CS6010 Social Network Analysis Unit IICS6010 Social Network Analysis Unit II
CS6010 Social Network Analysis Unit II
 
Mandatory access control for information security
Mandatory access control for information securityMandatory access control for information security
Mandatory access control for information security
 
Concurrency Control in Database Management System
Concurrency Control in Database Management SystemConcurrency Control in Database Management System
Concurrency Control in Database Management System
 
Wireless security
Wireless securityWireless security
Wireless security
 
TCP/IP Network ppt
TCP/IP Network pptTCP/IP Network ppt
TCP/IP Network ppt
 
IPv4 Addressing
IPv4 Addressing IPv4 Addressing
IPv4 Addressing
 
Multiple Access in Computer Network
Multiple Access in Computer NetworkMultiple Access in Computer Network
Multiple Access in Computer Network
 
IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6IP Address - IPv4 & IPv6
IP Address - IPv4 & IPv6
 
Unit 4- Software Engineering System Model Notes
Unit 4- Software Engineering System Model Notes Unit 4- Software Engineering System Model Notes
Unit 4- Software Engineering System Model Notes
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
 
Chapter 4 data link layer
Chapter 4 data link layerChapter 4 data link layer
Chapter 4 data link layer
 
Error control
Error controlError control
Error control
 

Similar to Discretionary access control(database).pptx

UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.pptDharaDarji5
 
Chapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdfChapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdfabrehamcheru14
 
Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348shubham singh
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.pptmissionsk81
 
MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.
MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.
MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.Prabhu Raja Singh
 
Sql Authorization
Sql AuthorizationSql Authorization
Sql AuthorizationFhuy
 
e computer notes - Controlling user access
e computer notes - Controlling user accesse computer notes - Controlling user access
e computer notes - Controlling user accessecomputernotes
 
Security in Relational model
Security in Relational modelSecurity in Relational model
Security in Relational modelSlideshare
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql securityMukesh Tekwani
 
IT103Microsoft Windows XP/OS Chap13
IT103Microsoft Windows XP/OS Chap13IT103Microsoft Windows XP/OS Chap13
IT103Microsoft Windows XP/OS Chap13blusmurfydot1
 
Chapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxChapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxhaymanot taddesse
 
Oracle User Management
Oracle User ManagementOracle User Management
Oracle User ManagementArun Sharma
 
5. Other Relational Languages in DBMS
5. Other Relational Languages in DBMS5. Other Relational Languages in DBMS
5. Other Relational Languages in DBMSkoolkampus
 
Hovitaga authorization concept and setup guide
Hovitaga authorization concept and setup guideHovitaga authorization concept and setup guide
Hovitaga authorization concept and setup guideHovitaga Kft.
 

Similar to Discretionary access control(database).pptx (20)

UNIT-1-Security.ppt
UNIT-1-Security.pptUNIT-1-Security.ppt
UNIT-1-Security.ppt
 
8034.ppt
8034.ppt8034.ppt
8034.ppt
 
Chapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdfChapter 6 Database Security and Authorization (4).pdf
Chapter 6 Database Security and Authorization (4).pdf
 
Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348Mysqldbatrainingsession12privilegesinmysql 170302152348
Mysqldbatrainingsession12privilegesinmysql 170302152348
 
Chapter23
Chapter23Chapter23
Chapter23
 
Assignment#07
Assignment#07Assignment#07
Assignment#07
 
Database_Security.ppt
Database_Security.pptDatabase_Security.ppt
Database_Security.ppt
 
Trigger in DBMS
Trigger in DBMSTrigger in DBMS
Trigger in DBMS
 
MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.
MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.
MySQL USER MANAGEMENT,ROUTINES & TRIGGERS.
 
Sql Authorization
Sql AuthorizationSql Authorization
Sql Authorization
 
e computer notes - Controlling user access
e computer notes - Controlling user accesse computer notes - Controlling user access
e computer notes - Controlling user access
 
Les13
Les13Les13
Les13
 
Security in Relational model
Security in Relational modelSecurity in Relational model
Security in Relational model
 
Sql ch 15 - sql security
Sql ch 15 - sql securitySql ch 15 - sql security
Sql ch 15 - sql security
 
Les01
Les01Les01
Les01
 
IT103Microsoft Windows XP/OS Chap13
IT103Microsoft Windows XP/OS Chap13IT103Microsoft Windows XP/OS Chap13
IT103Microsoft Windows XP/OS Chap13
 
Chapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptxChapter Five Physical Database Design.pptx
Chapter Five Physical Database Design.pptx
 
Oracle User Management
Oracle User ManagementOracle User Management
Oracle User Management
 
5. Other Relational Languages in DBMS
5. Other Relational Languages in DBMS5. Other Relational Languages in DBMS
5. Other Relational Languages in DBMS
 
Hovitaga authorization concept and setup guide
Hovitaga authorization concept and setup guideHovitaga authorization concept and setup guide
Hovitaga authorization concept and setup guide
 

Recently uploaded

Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxJoão Esperancinha
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxhumanexperienceaaa
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINESIVASHANKAR N
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...srsj9000
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Serviceranjana rawat
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Christo Ananth
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024hassan khalil
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escortsranjana rawat
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130Suhani Kapoor
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...ranjana rawat
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAbhinavSharma374939
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝soniya singh
 

Recently uploaded (20)

DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptxExploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
Exploring_Network_Security_with_JA3_by_Rakesh Seal.pptx
 
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptxDecoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
Decoding Kotlin - Your guide to solving the mysterious in Kotlin.pptx
 
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptxthe ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
the ladakh protest in leh ladakh 2024 sonam wangchuk.pptx
 
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINEMANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
MANUFACTURING PROCESS-II UNIT-2 LATHE MACHINE
 
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
Gfe Mayur Vihar Call Girls Service WhatsApp -> 9999965857 Available 24x7 ^ De...
 
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
(RIA) Call Girls Bhosari ( 7001035870 ) HI-Fi Pune Escorts Service
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANVI) Koregaon Park Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
Call for Papers - African Journal of Biological Sciences, E-ISSN: 2663-2187, ...
 
Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024Architect Hassan Khalil Portfolio for 2024
Architect Hassan Khalil Portfolio for 2024
 
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
(MEERA) Dapodi Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Escorts
 
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
VIP Call Girls Service Hitech City Hyderabad Call +91-8250192130
 
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
The Most Attractive Pune Call Girls Budhwar Peth 8250192130 Will You Miss Thi...
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
Analog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog ConverterAnalog to Digital and Digital to Analog Converter
Analog to Digital and Digital to Analog Converter
 
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Isha Call 7001035870 Meet With Nagpur Escorts
 
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Narela Delhi reach out to us at 🔝8264348440🔝
 

Discretionary access control(database).pptx

  • 1.  The typical method of enforcing discretionary access control in a database system is based on the granting and revoking of privileges in the context of a relational Database.  The main idea is to include statements in the query language that allow the DBA and selected users to grant and revoke privileges.
  • 2.  The DBMS must provide selective access to each relation in the database based on specific accounts.  Operations may also be controlled; thus, having an account does not necessarily entitle the account holder to all the functionality provided by the DBMS. LEVELS FOR ASSIGNING PRIVILLEGES ACCOUNT LEVEL RELATIONAL LEVEL
  • 3. ACCOUNT LEVEL:  The privileges at the account level apply to the capabilities provided to the account itself and can include the CREATE SCHEMA or CREATE TABLE privilege,CREATE VIEW privilege, ALTER privilege, DROP privilege, MODIFY privilege, SELECT privilege ,to retrieve information from the database by using a SELECT query.  If a certain account does not have the CREATE TABLE privilege, no relations can be created from that account. DATABASE ADMINSTRATOR ACCOUNT DATA ANALYST ACCOUNT DATA ENTRY ACCOUNT DAVELOPER ACCOUNT
  • 4. RELATIONAL LEVEL:  the relation level includes base relations and virtual (view) relations. the term relation may refer either to a base relation or to a view  Privileges at the relation level specify for each user the individual relations on which each type of command can be applied. Some privileges also refer to individual columns (attributes) of relations.  The granting and revoking of privileges generally follow an authorization model for discretionary privileges known as the access matrix model, where  Rows of a matrix M represent subjects (users, accounts, programs) .  Columns represent objects (relations, records, columns, views, operations).  Each position M(i, j) in the matrix represents the types of privileges (read, write, update) that sub- ject i holds on object j. Table X Table Y Table Z View V User A R W - R User B R - U - User C - - R - Subjects Objects
  • 5.  To control the granting and revoking of relation privileges ,each relation R in a database is assigned an owner account.  the DBA can assign an owner to a whole schema by creating the schema using the CREATE SCHEMA command.  The owner account holder can pass privileges on any of the owned relations to other users by granting privileges to their accounts. In SQL, the following types of privileges can be granted on each individual relation R:  SELECT (retrieval or read) privilege on R.  Modification privileges on R (UPDATE, DELETE, and INSERT).  References privilege on R for specifying integrity constraints.
  • 6. REVOKING OF PRIVILEGES:  In some cases, it is desirable to grant a privilege to a user temporarily.  For example, the owner of a relation may want to grant the SELECT privilege to a user for a specific task and then revoke that privilege once the task is completed. Hence, a mechanism for revoking privileges is needed.  In SQL, a REVOKE command is included for the purpose of canceling privileges. PROPAGATION OF PRIVILEGES USING THE GRANT OPTION:  When the owner A grants a privilege on a relation R to another account B, B can receive the privilege with or without the ability to grant it to others (GRANT OPTION).  If B has the GRANT OPTION and grants the privilege to account C, privileges on R can spread without A's knowledge.  If A revokes the privilege given to B, all privileges propagated by B should also be automatically revoked.  To ensure this, a database management system tracks how privileges were granted, so revoking privileges can be done correctly and completely. This tracking helps maintain control and security over the system.
  • 7. OWNER A ACCOUNT B ACCOUNT C GRANT P GRANT P The access control mechanism ensures that revoking a privilege from an account effectively revokes any privileges propagated by that account, preventing privileges from being passed on without the knowledge or authorization of the owner of the resource. OWNER A ACCOUNT B ACCOUNT C REVOKE P REVOKE P
  • 8. Suppose that the DBA creates four accounts-A1, A2, A3, and A4-and wants only A1 to be able to create base relations. GRANT command in SQL: GRANT CREATETAB TO A1; Account A1 the capability to create new database tables (base relations) and is hence an account privilege. the same effect can be accomplished by having the DBA issue a CREATESCHEMA command, as follows: CREATE SCHEMA EXAMPLE AUTHORIZATION A1; User account A1 can now create tables under the schema called EXAMPLE.
  • 9.  Suppose that A1 creates the two base relations EMPLOYEE and DEPARTMENT.A1 is then the owner of these two relations and hence has all the relation privileges on each of them.  A1 is then the owner of these two relations and hence has all the relation privileges on each of them. GRANT INSERT, DELETE ON EMPLOYEE, DEPARTMENT TO A2;  A1 allowing it to grant privileges on the relation to other accounts.  However, account A2 cannot grant INSERT and DELETE privileges on the EMPLOYEE and DEPARTMENT tables because A2 was not given the GRANT OPTION in the preceding command.  Suppose that At wants to allow account A3 to retrieve information from either of the two tables and also to be able to propagate the SELECT privilege to other accounts.A1 issues the following command, GRANT SELECT ON EMPLOYEE, DEPARTMENT TO A3 WITH GRANT OPTION; • A3 can now propagate the privilege to other accounts by using GRANT.
  • 10.  A3 can grant the SELECT privilege on the EMPLOYEE relation to A4. GRANT SELECT ON EMPLOYEE TO A4;  A4 cannot propagate the SELECT privilege to other accounts becausethe GRANT OPTION was not given to A4.  Now suppose that A1 decides to revoke the SELECT privilege on the EMPLOYEE relation from A3; A1 then can issue this command: REVOKE SELECT ON EMPLOYEE FROM A3; EMPLOYEE Name Ssn Bdate Address Sex Salary Dno DEPARTMENT Dnumber Dname Mgr_ssn
  • 11.  Next, suppose that A1 wants to give back to A3 a limited capability to SELECT from the EMPLOYEE relation and wants to allow A3 to be able to propagate the privilege.  The limitation is to retrieve only the Name, Bdate, and Address attributes and only for the tuples with Dno = 5. A1 then can create the following view: CREATE VIEW A3 EMPLOYEE AS SELECT Name, Bdate, Address FROM EMPLOYEE WHERE Dno = 5;  After the view is created. A1 can grant SELECT on the view A3EMPLOYEE to A3 as follows: GRANT SELECT ON A3EMPLOYEE TO A3 WITH GRANT OPTION;  Finally, suppose that A1 wants to allow A4 to update only the Salary attribute ofEMPLOYEE; A1 can then issue the following command: GRANT UPDATE ON EMPLOYEE (Salary) TO A4;
  • 12. SPECIFYING LIMITS ON PROPAGATION OF PRIVILEGES:  HORIZONTAL PROPAGATION: Limit the number of accounts to which a privilege can be granted. Account B (with GRANT OPTION) can grant the privilege to at most i other accounts.  VERTICAL PROPAGATION: Limit the depth of granting privileges. Account B (with vertical propagation j) can grant the privilege to other accounts only with a vertical propagation less than j. Example: A1 grants SELECT to A2 with horizontal propagation = 1 and vertical propagation = 2. A2 can grant SELECT to at most 1 account (horizontal limit) and reduce vertical propagation by 1 when passing the privilege (vertical limit). OWNER A1 ACCOUNT A2 ACCOUNT C(1) ACCOUNT D(0) ACCOUNT E(2) ACCOUNT F(1) ACCOUNT G(0)
  • 13.  Horizontal and vertical propagation techniques limit privilege spread, ensuring depth and breadth control. These techniques are not currently available in SQL or most relational systems. UNIVERSITY QUESTIONS: 1. Present an overview of database security.(13M) 2. Explain in detail DB Security.(8m)