The document describes steps taken to revoke and grant privileges on database tables to restrict access and demonstrate the effects. Privileges were revoked from users on tables. Roles were created and privileges granted to roles. Views were created to restrict access and allow updating of specific columns. The steps show how database security can be implemented through revoking and granting privileges on tables and views.
1. Database Security
SQL> --1) Revoke privileges granted in Lab Exercise 1
SQL> connect anar
Connected.
SQL> -- revoke access modes from users
SQL> revoke select on student from able;
Revoke succeeded.
SQL> revoke update on student from baker;
Revoke succeeded.
SQL> revoke insert on student from charles;
Revoke succeeded.
SQL> revoke delete on student from drake;
Revoke succeeded.
SQL> revoke update (major) on student from elliot;
revoke update (major) on student from elliot
*
ERROR at line 1:
ORA-01750: UPDATE/REFERENCES may only be REVOKEd from the whole table, not by
column
SQL> revoke update on student from elliot;
Revoke succeeded.
2. SQL> revoke select, update on faculty from test;
Revoke succeeded.
SQL> revoke insert, delete on faculty from seaver;
Revoke succeeded.
SQL> revoke update (address) on faculty from looney;
revoke update (address) on faculty from looney
*
ERROR at line 1:
ORA-01750: UPDATE/REFERENCES may only be REVOKEd from the whole table, not by
column
SQL> revoke update on faculty from looney;
Revoke succeeded.
SQL> revoke update, insert on faculty from mills;
Revoke succeeded.
SQL>
SQL>
SQL> -- revoke create session from users
SQL> revoke create session from able;
Revoke succeeded.
SQL> revoke create session from
baker;
Revoke succeeded.
SQL> revoke create session from
charles;
Revoke succeeded.
SQL> revoke create session from
drake;
Revoke succeeded.
SQL> revoke create session from
elliot;
Revoke succeeded.
SQL> revoke create session from
test;
Revoke succeeded.
SQL> revoke create session from
seaver;
Revoke succeeded.
SQL> revoke create session from
looney;
3. Revoke succeeded.
SQL> revoke create session from
mills;
Revoke succeeded.
SQL> -- 2) Grant Roles Student and Faculty
SQL> -- create roles student and faculty
SQL> create role student;
Role created.
SQL> create role faculty;
Role created.
SQL>
SQL> -- grant privileges to roles
SQL> grant select on student to student;
Grant succeeded.
SQL> grant select on faculty to faculty;
Grant succeeded.
SQL>
SQL> -- grant student role to students and faculty role to faculty
SQL> grant student to able, baker, charles, drake, elliot;
Grant succeeded.
SQL> grant faculty to
test, seaver,
looney, mills;
Grant succeeded.
SQL> grant create session to student;
Grant succeeded.
SQL> grant create session to faculty;
Grant succeeded.
SQL> -- 3)demonstrate select privileges for student and faculty
SQL> connect able
Connected.
SQL> select * from anar.student;
STUDENTID NAME
MAJOR
ST ADDRESS
GPA
---------- ---------- ---------------- -- ------------ ---------100 ABLE
HISTORY
SR 1 UTAH
3
200 BAKER
ACCOUNTING
JR 2 IOWA
2.7
4. 300 CHARLES
400 DRAKE
500 ELLIOT
MATH
SR 3 MAINE
COMPUTER SCIENCE FR 4 IDAHO
COMPUTER SCIENCE SM 5 NEVADA
3.5
2.8
3.25
SQL> connect test
Connected.
SQL> select * from anar.faculty;
FACULTYID
---------980
5430
7650
9870
NAME
DE ADDRESS
RANK
---------- -- ------------ ---------TEST
IM 11 MAIN
DEAN
SEAVER
IS 12 SOUTH
PROFESSOR
LOONEY
IT 14 NORTH
INSTRUCTOR
MILLS
SA 16 EAST
LECTURER
SQL> -- 4) create view and grant select to faculty on view
SQL> connect anar
Connected.
SQL> create view f_student_view
2 as
3
select studentid, name, major, status from student;
View created.
SQL>
SQL> grant select on f_student_view to faculty;
Grant succeeded.
SQL>-- 5) Demonstrate that faculty can not see the student GPA
SQL> connect test
Connected.
SQL> select * from anar.student;
select * from anar.student
*
ERROR at line 1:
ORA-00942: table or view does not exist
SQL> select * from anar.f_student_view faculty;
STUDENTID NAME
MAJOR
ST
---------- ---------- ---------------- -100 ABLE
HISTORY
SR
200 BAKER
ACCOUNTING
JR
300 CHARLES
MATH
SR
400 DRAKE
COMPUTER SCIENCE FR
500 ELLIOT
COMPUTER SCIENCE SM
SQL>-- 6)Create view for students to only be able to update their own address
SQL> connect anar
Connected.
SQL> create or replace view S_Student_Update_Address
2 as
3
select name, address
4
from student
5. 5
where name=user;
View created.
SQL> grant select on S_Student_Update_Address
2
to student;
Grant succeeded.
SQL>
SQL> grant update (address) on S_Student_Update_Address
2
to student;
Grant succeeded.
SQL> connect baker
Connected.
SQL> select * from anar.S_Student_Update_Address;
NAME
ADDRESS
---------- -----------BAKER
2 IOWA
SQL> update anar.S_Student_Update_Address set address = '1 Party St.';
1 row updated.
SQL> select * from anar.S_Student_Update_Address;
NAME
ADDRESS
---------- -----------BAKER
1 Party St.
SQL>-- 7)Revoke grants on Student and Faculty tables in Problem 2 above
SQL>-- and create views for Student and faculty to see their own record
SQL> connect anar
Connected.
SQL> revoke select on student from student;
Revoke succeeded.
SQL> revoke select on faculty from faculty;
Revoke succeeded.
SQL> spool end;
SQL>create viewown_student_record
2 as
3
select * from student where
name = user;
View created.
SQL> grant select on own_student_record to student;
Grant succeeded.
6. SQL> connect able
Connected.
SQL> select * from anar.own_student_record;
STUDENTID NAME
MAJOR
ST ADDRESS
GPA
---------- ---------- ---------------- -- ------------ ---------100 ABLE
HISTORY
SR 668 CS.
3
SQL> connect baker
Connected.
SQL> select * from anar.own_student_record;
STUDENTID NAME
MAJOR
ST ADDRESS
GPA
---------- ---------- ---------------- -- ------------ ---------200 BAKER
ACCOUNTING
JR 2 IOWA
2.7
SQL> connect anar
Connected.
SQL>create viewown_faculty_record
2 as
3
select * from faculty where
name = user;
View created.
SQL> grant select on own_faculty_record
2
to faculty;
Grant succeeded.
SQL> connect test
Connected.
SQL> select * from anar.own_faculty_record;
FACULTYID NAME
DE ADDRESS
RANK
---------- ---------- -- ------------ ---------980 TEST
IM 11 MAIN
DEAN
SQL> connect seaver
Connected.
SQL> select * from anar.own_faculty_record;
FACULTYID NAME
DE ADDRESS
RANK
---------- ---------- -- ------------ ---------5430 SEAVER
IS 12 SOUTH
PROFESSOR
SQL> spool end
SQL> -- 8) Create a view "Update_Faculty_Address"
SQL> connect anar
Connected.
SQL> create view Update_Faculty_Address
2 as
3
select name, address
4
from faculty
7. 5
where name=user;
View created.
SQL> grant update (address) on Update_Faculty_Address
2
to faculty;
Grant succeeded.
SQL> grant select on Update_Faculty_Address
2
to faculty;
Grant succeeded.
SQL> connect test
Connected.
SQL> select * from anar.Update_Faculty_Address;
NAME
ADDRESS
---------- -----------TEST
11 MAIN
SQL> update anar.Update_Faculty_Address set address = '10 Chastain';
1 row updated.
SQL> select * from anar.Update_Faculty_Address;
NAME
ADDRESS
---------- -----------TEST
10 Chastain
SQL>spool
end
SQL> -- 9) Create a view for students to view their Student, Offering and
Enrollment
SQL> CREATE VIEW student_offering_enrollment
2 as
3
SELECT s.name, e.offeringnum, o.coursenum, o.facultyid, o.term,o.time
from student s, offering o, enrollment e
4
WHERE s.studentid = e.studentid and e.offeringnum=o.offeringnum
5
and s.name = USER;
View created.
SQL> GRANT SELECT ON student_offering_enrollment TO STUDENT;
Grant succeeded.
SQL> connect able
Connected.
SQL> SELECT * FROM anar.student_offering_enrollment;
NAME
OFFERINGNUM COURS FACULTYID TERM
TIME
---------- ----------- ----- ---------- ------ ----ABLE
1111 IS320
5430 FALL
10 AM
8. SQL> connect baker
Connected.
SQL>
SQL> SELECT * FROM anar.student_offering_enrollment;
no rows selected
-- Note that baker is not registered for any courses
SQL> connect elliot
Connected.
SQL>
SQL> SELECT * FROM anar.student_offering_enrollment;
NAME
OFFERINGNUM COURS FACULTYID TERM
TIME
---------- ----------- ----- ---------- ------ ----ELLIOT
1233 IS320
980 FALL
11 AM
SQL> -- 10) Create view for Juniors and seniors to change majors
SQL> -- login as user with DBA privileges
SQL> connect anar
Connected.
SQL> create view changeMajors
2 as
3
select name, major
4
from student where name=user;
View created.
SQL> grant select on changeMajors
2
to student;
Grant succeeded.
SQL> grant update (major) on changeMajors
2
to student;
Grant succeeded.
SQL> create or replace view changeMajors
2 as
3
select name, major
4
from student
5
where name=user and (status = 'JR'
or status = 'SR');
View created.
SQL> connect able
Connected.
SQL> select * from anar.changeMajors;
NAME
MAJOR
---------- ---------------ABLE
HISTORY
SQL> update anar.changeMajors set major = 'G.I.S.';
9. 1 row updated.
-- Drake is a freshmen, will not be able to change his/her major
SQL> connect drake
Connected.
SQL> update anar.changeMajors set major = 'G.I.S.';
0 rows updated.
SQL> spool end