Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Views and security


Published on

Published in: Education
  • Be the first to comment

  • Be the first to like this

Views and security

  1. 1. Security and Integrity Database Systems Lecture 11
  2. 2. In This Lecture• Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in.1) Privileges2) Views3) Integrity constraints• For more information • Connolly and Begg chapters 6 and 19Security and Integrity
  3. 3. Database Security• Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS securitySecurity and Integrity
  4. 4. Now then, now then…• DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structureSecurity and Integrity
  5. 5. Permissions and Privilege• SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to othersSecurity and Integrity
  6. 6. Privileges in SQLGRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of[WITH GRANT OPTION] a table or view (later)• <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALLSecurity and Integrity
  7. 7. Privileges ExamplesGRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO ShaggyThe user ‘Scooby’ can do The user ‘Shaggy’ cananything to the Employee view the entire Employeetable, and can allow other table, and can changeusers to do the same (by Salary values, but cannotusing GRANT statements) change other values or pass on their privilegeSecurity and Integrity
  8. 8. Removing Privileges• If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revokedSecurity and Integrity
  9. 9. An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ SaqibSecurity and Integrity
  10. 10. Removing Privileges. Rut-ro…•Saqib quickly begins toannoy everyone so Saleem Waqasrevokes ALL from him… SELECT ALL•N.b. Saqib still has SELECTprivileges from ‘Sajid’… Sajid Saleem•Waqas revokes SELECT from SELECT ALLSajid…•And as a consequence Saqib Saqibloses SELECT also Security and Integrity
  11. 11. Views• Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from• Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access.Security and Integrity
  12. 12. Creating ViewsCREATE VIEW <name> • Example: AS <select stmt> • We want each user to• <name> is the name be able to view the names and phone of the new view. numbers (only) of• <select stmt> is a those employees that are in their own query that returns department the rows and columns of the viewSecurity and Integrity
  13. 13. View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000Security and Integrity
  14. 14. View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLICSecurity and Integrity
  15. 15. Using Views and Privileges• Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA ViewSecurity and Integrity
  16. 16. View Updating• Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a tableSo what the dickens happensto the updates, inserts, anddeletes?Security and Integrity
  17. 17. View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not?Security and Integrity
  18. 18. View Updating• In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clausesSecurity and Integrity
  19. 19. Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALGCREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
  20. 20. View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway!Security and Integrity
  21. 21. Combining Views and PrivilegesTo restrict someones access Employeeto a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user John read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
  22. 22. Using Views and PrivilegesCreate a view: Set the privileges:CREATE VIEW forSaqib GRANT SELECT,AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM SaqibSecurity and Integrity
  23. 23. Database Integrity• Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tablesSecurity and Integrity
  24. 24. 1 Example CHECK• A check statement allows you to constrain what can be entered into the database.• I.e. you can define what makes it consistent.CREATE TABLE Poker_players( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we) only have legal poker playersSecurity and Integrity