SlideShare a Scribd company logo

Views and security

Download as PPT, PDF
farhan amjad
farhan amjad

This document discusses database security and integrity. It covers aspects of security like access control through privileges and views. It also discusses integrity constraints that ensure only valid data is entered, including domain checks, attribute constraints, and relationship constraints within and between tables. Maintaining both security and integrity is important to control authorized access and ensure accurate data.

Education
1 of 24
Security and Integrity Database Systems Lecture 11
In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity

Recommended

Inheritance in OOPS
Inheritance in OOPSInheritance in OOPS
Inheritance in OOPS
Ronak Chhajed
 
Model View Controller (MVC)
Model View Controller (MVC)Model View Controller (MVC)
Model View Controller (MVC)
Javier Antonio Humarán Peñuñuri
 
Java architecture
Java architectureJava architecture
Java architecture
Rakesh Vadnala
 
1. Introduction to DBMS
1. Introduction to DBMS1. Introduction to DBMS
1. Introduction to DBMS
koolkampus
 
The Relational Data Model and Relational Database Constraints Ch5 (Navathe 4t...
The Relational Data Model and Relational Database Constraints Ch5 (Navathe 4t...The Relational Data Model and Relational Database Constraints Ch5 (Navathe 4t...
The Relational Data Model and Relational Database Constraints Ch5 (Navathe 4t...
Raj vardhan
 
Awt, Swing, Layout managers
Awt, Swing, Layout managersAwt, Swing, Layout managers
Awt, Swing, Layout managers
swapnac12
 
XML Document Object Model (DOM)
XML Document Object Model (DOM)XML Document Object Model (DOM)
XML Document Object Model (DOM)
BOSS Webtech
 
MVC Architecture
MVC ArchitectureMVC Architecture
MVC Architecture
Prem Sanil
 

Recommended

Inheritance in OOPS
Inheritance in OOPSInheritance in OOPS
Inheritance in OOPS
Ronak Chhajed
 
Model View Controller (MVC)
Model View Controller (MVC)Model View Controller (MVC)
Model View Controller (MVC)
Javier Antonio Humarán Peñuñuri
 
Java architecture
Java architectureJava architecture
Java architecture
Rakesh Vadnala
 
1. Introduction to DBMS
1. Introduction to DBMS1. Introduction to DBMS
1. Introduction to DBMS
koolkampus
 
The Relational Data Model and Relational Database Constraints Ch5 (Navathe 4t...
The Relational Data Model and Relational Database Constraints Ch5 (Navathe 4t...The Relational Data Model and Relational Database Constraints Ch5 (Navathe 4t...
The Relational Data Model and Relational Database Constraints Ch5 (Navathe 4t...
Raj vardhan
 
Awt, Swing, Layout managers
Awt, Swing, Layout managersAwt, Swing, Layout managers
Awt, Swing, Layout managers
swapnac12
 
XML Document Object Model (DOM)
XML Document Object Model (DOM)XML Document Object Model (DOM)
XML Document Object Model (DOM)
BOSS Webtech
 
MVC Architecture
MVC ArchitectureMVC Architecture
MVC Architecture
Prem Sanil
 
Presentation on nfs,afs,vfs
Presentation on nfs,afs,vfsPresentation on nfs,afs,vfs
Presentation on nfs,afs,vfs
Prakriti Dubey
 
Entity relationship diagram (erd)
Entity relationship diagram (erd)Entity relationship diagram (erd)
Entity relationship diagram (erd)
tameemyousaf
 
Deadlock in operating systems
Deadlock in operating systemsDeadlock in operating systems
Deadlock in operating systems
jamunaashok
 
Sequence diagrams
Sequence diagramsSequence diagrams
Sequence diagrams
Preeti Mishra
 
DBMS - FIRST NORMAL FORM
DBMS - FIRST NORMAL FORMDBMS - FIRST NORMAL FORM
DBMS - FIRST NORMAL FORM
MANISH T I
 
ADO .Net
ADO .Net ADO .Net
ADO .Net
DrSonali Vyas
 
J servlets
J servletsJ servlets
J servlets
reddivarihareesh
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
Vikas Jagtap
 
Design issues for the layers
Design issues for the layersDesign issues for the layers
Design issues for the layers
jayaprakash
 
Php tutorial(w3schools)
Php tutorial(w3schools)Php tutorial(w3schools)
Php tutorial(w3schools)
Arjun Shanka
 
Super keyword in java
Super keyword in javaSuper keyword in java
Super keyword in java
Hitesh Kumar
 
Polymorphism
PolymorphismPolymorphism
Polymorphism
Nochiketa Chakraborty
 
College transport management system
College transport management systemCollege transport management system
College transport management system
Prateek Singh
 
Transaction management in DBMS
Transaction management in DBMSTransaction management in DBMS
Transaction management in DBMS
Megha Sharma
 
Java rmi
Java rmiJava rmi
Java rmi
kamal kotecha
 
Java RMI
Java RMIJava RMI
Java RMI
Prajakta Nimje
 
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemRemote Procedure Call in Distributed System
Remote Procedure Call in Distributed System
PoojaBele1
 
Object Oriented Concept
Object Oriented ConceptObject Oriented Concept
Object Oriented Concept
D Nayanathara
 
Overloading and overriding in vb.net
Overloading and overriding in vb.netOverloading and overriding in vb.net
Overloading and overriding in vb.net
suraj pandey
 
Mvc architecture
Mvc architectureMvc architecture
Mvc architecture
Surbhi Panhalkar
 
The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
islam is terrorism realy
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
islam is terrorism realy
 

More Related Content

What's hot

Presentation on nfs,afs,vfs
Presentation on nfs,afs,vfsPresentation on nfs,afs,vfs
Presentation on nfs,afs,vfs
Prakriti Dubey
 
Entity relationship diagram (erd)
Entity relationship diagram (erd)Entity relationship diagram (erd)
Entity relationship diagram (erd)
tameemyousaf
 
Deadlock in operating systems
Deadlock in operating systemsDeadlock in operating systems
Deadlock in operating systems
jamunaashok
 
Sequence diagrams
Sequence diagramsSequence diagrams
Sequence diagrams
Preeti Mishra
 
DBMS - FIRST NORMAL FORM
DBMS - FIRST NORMAL FORMDBMS - FIRST NORMAL FORM
DBMS - FIRST NORMAL FORM
MANISH T I
 
ADO .Net
ADO .Net ADO .Net
ADO .Net
DrSonali Vyas
 
J servlets
J servletsJ servlets
J servlets
reddivarihareesh
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
Vikas Jagtap
 
Design issues for the layers
Design issues for the layersDesign issues for the layers
Design issues for the layers
jayaprakash
 
Php tutorial(w3schools)
Php tutorial(w3schools)Php tutorial(w3schools)
Php tutorial(w3schools)
Arjun Shanka
 
Super keyword in java
Super keyword in javaSuper keyword in java
Super keyword in java
Hitesh Kumar
 
Polymorphism
PolymorphismPolymorphism
Polymorphism
Nochiketa Chakraborty
 
College transport management system
College transport management systemCollege transport management system
College transport management system
Prateek Singh
 
Transaction management in DBMS
Transaction management in DBMSTransaction management in DBMS
Transaction management in DBMS
Megha Sharma
 
Java rmi
Java rmiJava rmi
Java rmi
kamal kotecha
 
Java RMI
Java RMIJava RMI
Java RMI
Prajakta Nimje
 
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemRemote Procedure Call in Distributed System
Remote Procedure Call in Distributed System
PoojaBele1
 
Object Oriented Concept
Object Oriented ConceptObject Oriented Concept
Object Oriented Concept
D Nayanathara
 
Overloading and overriding in vb.net
Overloading and overriding in vb.netOverloading and overriding in vb.net
Overloading and overriding in vb.net
suraj pandey
 
Mvc architecture
Mvc architectureMvc architecture
Mvc architecture
Surbhi Panhalkar
 

What's hot (20)

Presentation on nfs,afs,vfs
Presentation on nfs,afs,vfsPresentation on nfs,afs,vfs
Presentation on nfs,afs,vfs
 
Entity relationship diagram (erd)
Entity relationship diagram (erd)Entity relationship diagram (erd)
Entity relationship diagram (erd)
 
Deadlock in operating systems
Deadlock in operating systemsDeadlock in operating systems
Deadlock in operating systems
 
Sequence diagrams
Sequence diagramsSequence diagrams
Sequence diagrams
 
DBMS - FIRST NORMAL FORM
DBMS - FIRST NORMAL FORMDBMS - FIRST NORMAL FORM
DBMS - FIRST NORMAL FORM
 
ADO .Net
ADO .Net ADO .Net
ADO .Net
 
J servlets
J servletsJ servlets
J servlets
 
Jdbc ppt
Jdbc pptJdbc ppt
Jdbc ppt
 
Design issues for the layers
Design issues for the layersDesign issues for the layers
Design issues for the layers
 
Php tutorial(w3schools)
Php tutorial(w3schools)Php tutorial(w3schools)
Php tutorial(w3schools)
 
Super keyword in java
Super keyword in javaSuper keyword in java
Super keyword in java
 
Polymorphism
PolymorphismPolymorphism
Polymorphism
 
College transport management system
College transport management systemCollege transport management system
College transport management system
 
Transaction management in DBMS
Transaction management in DBMSTransaction management in DBMS
Transaction management in DBMS
 
Java rmi
Java rmiJava rmi
Java rmi
 
Java RMI
Java RMIJava RMI
Java RMI
 
Remote Procedure Call in Distributed System
Remote Procedure Call in Distributed SystemRemote Procedure Call in Distributed System
Remote Procedure Call in Distributed System
 
Object Oriented Concept
Object Oriented ConceptObject Oriented Concept
Object Oriented Concept
 
Overloading and overriding in vb.net
Overloading and overriding in vb.netOverloading and overriding in vb.net
Overloading and overriding in vb.net
 
Mvc architecture
Mvc architectureMvc architecture
Mvc architecture
 

Viewers also liked

The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
islam is terrorism realy
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
islam is terrorism realy
 
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeThe spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
islam is terrorism realy
 
Islamic hadeeth and teachings
Islamic hadeeth and teachingsIslamic hadeeth and teachings
Islamic hadeeth and teachings
islam is terrorism realy
 
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeThe priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
islam is terrorism realy
 
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeThe spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
islam is terrorism realy
 
Nahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all MuslimsNahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all Muslims
islam is terrorism realy
 
13 inquiries about-the_quran
13 inquiries about-the_quran13 inquiries about-the_quran
13 inquiries about-the_quran
islam is terrorism realy
 
9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint
islam is terrorism realy
 

Viewers also liked (9)

The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
 
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeThe spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
 
Islamic hadeeth and teachings
Islamic hadeeth and teachingsIslamic hadeeth and teachings
Islamic hadeeth and teachings
 
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeThe priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
 
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeThe spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
 
Nahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all MuslimsNahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all Muslims
 
13 inquiries about-the_quran
13 inquiries about-the_quran13 inquiries about-the_quran
13 inquiries about-the_quran
 
9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint
 

Similar to Views and security

DBMS Security.ppt
DBMS Security.pptDBMS Security.ppt
DBMS Security.ppt
Amman Arab University
 
6232 b 04
6232 b 046232 b 04
6232 b 04
Portal_do_Estudante_SQL
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For Developers
Szymon Skorupinski
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
Salman Memon
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and Authorization
Megha yadav
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
Randy Goering
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
Randy Goering
 
Les13
Les13Les13
Les13
Vijay Kumar
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
Antonios Chatzipavlis
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
xKinAnx
 
Les01
Les01Les01
Les01
Sudharsan S
 
Less06 users
Less06 usersLess06 users
Less06 users
Imran Ali
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
Saurabh Kulkarni
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
RahafKhalid14
 
Oracle Database
Oracle DatabaseOracle Database
Oracle Database
Mayank Garg
 
Les14
Les14Les14
Les14
arnold 7490
 
Sql injection
Sql injectionSql injection
Sql injection
MathewHarrison3
 
Les14[1]Controlling User Access
Les14[1]Controlling User AccessLes14[1]Controlling User Access
Les14[1]Controlling User Access
siavosh kaviani
 
03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx
KareemBullard1
 

Similar to Views and security (20)

DBMS Security.ppt
DBMS Security.pptDBMS Security.ppt
DBMS Security.ppt
 
6232 b 04
6232 b 046232 b 04
6232 b 04
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For Developers
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and Authorization
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Les13
Les13Les13
Les13
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Les01
Les01Les01
Les01
 
Less06 users
Less06 usersLess06 users
Less06 users
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
 
Oracle Database
Oracle DatabaseOracle Database
Oracle Database
 
Les14
Les14Les14
Les14
 
Sql injection
Sql injectionSql injection
Sql injection
 
Les14[1]Controlling User Access
Les14[1]Controlling User AccessLes14[1]Controlling User Access
Les14[1]Controlling User Access
 
03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx
 

More from farhan amjad

Views and security
Views and securityViews and security
Views and security
farhan amjad
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templates
farhan amjad
 
Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)
farhan amjad
 
Operator overloading
Operator overloadingOperator overloading
Operator overloading
farhan amjad
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methods
farhan amjad
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented language
farhan amjad
 

More from farhan amjad (6)

Views and security
Views and securityViews and security
Views and security
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templates
 
Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)
 
Operator overloading
Operator overloadingOperator overloading
Operator overloading
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methods
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented language
 

Recently uploaded

বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Akanksha trivedi rama nursing college kanpur.
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
Priyankaranawat4
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
Scholarhat
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
TechSoup
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
Jean Carlos Nunes Paixão
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
heathfieldcps1
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
RitikBhardwaj56
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
GeorgeMilliken2
 
Life upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for studentLife upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for student
NgcHiNguyn25
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
amberjdewit93
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
Israel Genealogy Research Association
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
TechSoup
 

Recently uploaded (20)

বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama UniversityNatural birth techniques - Mrs.Akanksha Trivedi Rama University
Natural birth techniques - Mrs.Akanksha Trivedi Rama University
 
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdfANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
ANATOMY AND BIOMECHANICS OF HIP JOINT.pdf
 
Azure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHatAzure Interview Questions and Answers PDF By ScholarHat
Azure Interview Questions and Answers PDF By ScholarHat
 
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and InclusionExecutive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
Executive Directors Chat Leveraging AI for Diversity, Equity, and Inclusion
 
A Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdfA Independência da América Espanhola LAPBOOK.pdf
A Independência da América Espanhola LAPBOOK.pdf
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
The basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptxThe basics of sentences session 6pptx.pptx
The basics of sentences session 6pptx.pptx
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...The simplified electron and muon model, Oscillating Spacetime: The Foundation...
The simplified electron and muon model, Oscillating Spacetime: The Foundation...
 
BBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview TrainingBBR 2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
What is Digital Literacy? A guest blog from Andy McLaughlin, University of Ab...
 
Life upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for studentLife upper-Intermediate B2 Workbook for student
Life upper-Intermediate B2 Workbook for student
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE” .
 
Digital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental DesignDigital Artefact 1 - Tiny Home Environmental Design
Digital Artefact 1 - Tiny Home Environmental Design
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
The Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collectionThe Diamonds of 2023-2024 in the IGRA collection
The Diamonds of 2023-2024 in the IGRA collection
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 
Walmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdfWalmart Business+ and Spark Good for Nonprofits.pdf
Walmart Business+ and Spark Good for Nonprofits.pdf
 

Views and security

  • 1. Security and Integrity Database Systems Lecture 11
  • 2. In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
  • 3. Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
  • 4. Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
  • 5. Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
  • 6. Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
  • 7. Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
  • 8. Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
  • 9. An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
  • 10. Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
  • 11. Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
  • 12. Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
  • 13. View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
  • 14. View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
  • 15. Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
  • 16. View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
  • 17. View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
  • 18. View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
  • 19. Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
  • 20. View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
  • 21. Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
  • 22. Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
  • 23. Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
  • 24. 1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity