SlideShare une entreprise Scribd logo

Views and security

Télécharger en tant que PPT, PDF
farhan amjad
farhan amjad
Formation
1  sur  24
Security and Integrity Database Systems Lecture 11
In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity

Recommandé

Distributed database
Distributed databaseDistributed database
Distributed databaseReachLocal Services India
 
Normalization in RDBMS
Normalization in RDBMSNormalization in RDBMS
Normalization in RDBMSJananiSelvaraj10
 
Salient featurs of 80386
Salient featurs of 80386Salient featurs of 80386
Salient featurs of 80386aviban
 
SQL(DDL & DML)
SQL(DDL & DML)SQL(DDL & DML)
SQL(DDL & DML)Sharad Dubey
 
Object oriented programming concept
Object oriented programming conceptObject oriented programming concept
Object oriented programming conceptPina Parmar
 
Distributed dbms
Distributed dbmsDistributed dbms
Distributed dbmsReachLocal Services India
 
Security and Integrity violations, Authorisation and views, Integrity Constant
Security and Integrity violations, Authorisation and views, Integrity ConstantSecurity and Integrity violations, Authorisation and views, Integrity Constant
Security and Integrity violations, Authorisation and views, Integrity ConstantPrakash Kumar
 
Data structure ppt
Data structure pptData structure ppt
Data structure pptProf. Dr. K. Adisesha
 

Recommandé

Distributed database
Distributed databaseDistributed database
Distributed databaseReachLocal Services India
 
Normalization in RDBMS
Normalization in RDBMSNormalization in RDBMS
Normalization in RDBMSJananiSelvaraj10
 
Salient featurs of 80386
Salient featurs of 80386Salient featurs of 80386
Salient featurs of 80386aviban
 
SQL(DDL & DML)
SQL(DDL & DML)SQL(DDL & DML)
SQL(DDL & DML)Sharad Dubey
 
Object oriented programming concept
Object oriented programming conceptObject oriented programming concept
Object oriented programming conceptPina Parmar
 
Distributed dbms
Distributed dbmsDistributed dbms
Distributed dbmsReachLocal Services India
 
Security and Integrity violations, Authorisation and views, Integrity Constant
Security and Integrity violations, Authorisation and views, Integrity ConstantSecurity and Integrity violations, Authorisation and views, Integrity Constant
Security and Integrity violations, Authorisation and views, Integrity ConstantPrakash Kumar
 
Data structure ppt
Data structure pptData structure ppt
Data structure pptProf. Dr. K. Adisesha
 
object oriented Programming ppt
object oriented Programming pptobject oriented Programming ppt
object oriented Programming pptNitesh Dubey
 
Database abstraction
Database abstractionDatabase abstraction
Database abstractionRituBhargava7
 
Interrupt
InterruptInterrupt
InterruptJoy Sarker
 
Inheritance In C++ (Object Oriented Programming)
Inheritance In C++ (Object Oriented Programming)Inheritance In C++ (Object Oriented Programming)
Inheritance In C++ (Object Oriented Programming)Gajendra Singh Thakur
 
Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)Ravinder Kamboj
 
B trees dbms
B trees dbmsB trees dbms
B trees dbmskuldeep100
 
Entity Relationship Diagrams
Entity Relationship DiagramsEntity Relationship Diagrams
Entity Relationship Diagramssadique_ghitm
 
Codd's Rules for Relational Database Management Systems
Codd's Rules for Relational Database Management SystemsCodd's Rules for Relational Database Management Systems
Codd's Rules for Relational Database Management SystemsRajeev Srivastava
 
Relational database- Fundamentals
Relational database- FundamentalsRelational database- Fundamentals
Relational database- FundamentalsMohammed El Hedhly
 
Data structure and its types
Data structure and its typesData structure and its types
Data structure and its typesNavtar Sidhu Brar
 
Integrity Constraints
Integrity ConstraintsIntegrity Constraints
Integrity Constraintsmadhav bansal
 
DDBMS
DDBMSDDBMS
DDBMSRavinder Kamboj
 
Dbms relational model
Dbms relational modelDbms relational model
Dbms relational modelChirag vasava
 
Part Picking Robot
Part Picking RobotPart Picking Robot
Part Picking RobotTareque Rahman
 
Decomposition using Functional Dependency
Decomposition using Functional DependencyDecomposition using Functional Dependency
Decomposition using Functional DependencyRaj Naik
 
Structures,pointers and strings in c Programming
Structures,pointers and strings in c ProgrammingStructures,pointers and strings in c Programming
Structures,pointers and strings in c Programmingbaabtra.com - No. 1 supplier of quality freshers
 
Inheritance
InheritanceInheritance
InheritancePriyankaAkhil
 
Characteristics of OOPS
Characteristics of OOPS Characteristics of OOPS
Characteristics of OOPS abhishek kumar
 
Xcs 234 microprocessors
Xcs 234 microprocessorsXcs 234 microprocessors
Xcs 234 microprocessorssweta suman
 
E r model
E r modelE r model
E r modelLEEMAJOY
 
The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionislam is terrorism realy
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bibleislam is terrorism realy
 

Contenu connexe

Tendances

object oriented Programming ppt
object oriented Programming pptobject oriented Programming ppt
object oriented Programming pptNitesh Dubey
 
Database abstraction
Database abstractionDatabase abstraction
Database abstractionRituBhargava7
 
Inheritance In C++ (Object Oriented Programming)
Inheritance In C++ (Object Oriented Programming)Inheritance In C++ (Object Oriented Programming)
Inheritance In C++ (Object Oriented Programming)Gajendra Singh Thakur
 
Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)Ravinder Kamboj
 
Entity Relationship Diagrams
Entity Relationship DiagramsEntity Relationship Diagrams
Entity Relationship Diagramssadique_ghitm
 
Codd's Rules for Relational Database Management Systems
Codd's Rules for Relational Database Management SystemsCodd's Rules for Relational Database Management Systems
Codd's Rules for Relational Database Management SystemsRajeev Srivastava
 
Relational database- Fundamentals
Relational database- FundamentalsRelational database- Fundamentals
Relational database- FundamentalsMohammed El Hedhly
 
Data structure and its types
Data structure and its typesData structure and its types
Data structure and its typesNavtar Sidhu Brar
 
Integrity Constraints
Integrity ConstraintsIntegrity Constraints
Integrity Constraintsmadhav bansal
 
Dbms relational model
Dbms relational modelDbms relational model
Dbms relational modelChirag vasava
 
Decomposition using Functional Dependency
Decomposition using Functional DependencyDecomposition using Functional Dependency
Decomposition using Functional DependencyRaj Naik
 
Characteristics of OOPS
Characteristics of OOPS Characteristics of OOPS
Characteristics of OOPS abhishek kumar
 
Xcs 234 microprocessors
Xcs 234 microprocessorsXcs 234 microprocessors
Xcs 234 microprocessorssweta suman
 

Tendances (20)

object oriented Programming ppt
object oriented Programming pptobject oriented Programming ppt
object oriented Programming ppt
 
Database abstraction
Database abstractionDatabase abstraction
Database abstraction
 
Interrupt
InterruptInterrupt
Interrupt
 
Inheritance In C++ (Object Oriented Programming)
Inheritance In C++ (Object Oriented Programming)Inheritance In C++ (Object Oriented Programming)
Inheritance In C++ (Object Oriented Programming)
 
Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)Architecture of dbms(lecture 3)
Architecture of dbms(lecture 3)
 
B trees dbms
B trees dbmsB trees dbms
B trees dbms
 
Entity Relationship Diagrams
Entity Relationship DiagramsEntity Relationship Diagrams
Entity Relationship Diagrams
 
Codd's Rules for Relational Database Management Systems
Codd's Rules for Relational Database Management SystemsCodd's Rules for Relational Database Management Systems
Codd's Rules for Relational Database Management Systems
 
Relational database- Fundamentals
Relational database- FundamentalsRelational database- Fundamentals
Relational database- Fundamentals
 
Data structure and its types
Data structure and its typesData structure and its types
Data structure and its types
 
Integrity Constraints
Integrity ConstraintsIntegrity Constraints
Integrity Constraints
 
DDBMS
DDBMSDDBMS
DDBMS
 
Dbms relational model
Dbms relational modelDbms relational model
Dbms relational model
 
Part Picking Robot
Part Picking RobotPart Picking Robot
Part Picking Robot
 
Decomposition using Functional Dependency
Decomposition using Functional DependencyDecomposition using Functional Dependency
Decomposition using Functional Dependency
 
Structures,pointers and strings in c Programming
Structures,pointers and strings in c ProgrammingStructures,pointers and strings in c Programming
Structures,pointers and strings in c Programming
 
Inheritance
InheritanceInheritance
Inheritance
 
Characteristics of OOPS
Characteristics of OOPS Characteristics of OOPS
Characteristics of OOPS
 
Xcs 234 microprocessors
Xcs 234 microprocessorsXcs 234 microprocessors
Xcs 234 microprocessors
 
E r model
E r modelE r model
E r model
 

En vedette

The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionislam is terrorism realy
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bibleislam is terrorism realy
 
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeThe spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeislam is terrorism realy
 
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeThe priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeislam is terrorism realy
 
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeThe spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeislam is terrorism realy
 
Nahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all MuslimsNahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all Muslimsislam is terrorism realy
 
9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaintislam is terrorism realy
 

En vedette (9)

The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
 
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeThe spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
 
Islamic hadeeth and teachings
Islamic hadeeth and teachingsIslamic hadeeth and teachings
Islamic hadeeth and teachings
 
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeThe priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
 
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeThe spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
 
Nahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all MuslimsNahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all Muslims
 
13 inquiries about-the_quran
13 inquiries about-the_quran13 inquiries about-the_quran
13 inquiries about-the_quran
 
9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint
 

Similaire à Views and security

Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For DevelopersSzymon Skorupinski
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data baseSalman Memon
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and AuthorizationMegha yadav
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaRandy Goering
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaRandy Goering
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingAntonios Chatzipavlis
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oraclexKinAnx
 
Less06 users
Less06 usersLess06 users
Less06 usersImran Ali
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in SalesforceSaurabh Kulkarni
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.pptRahafKhalid14
 
Les14[1]Controlling User Access
Les14[1]Controlling User AccessLes14[1]Controlling User Access
Les14[1]Controlling User Accesssiavosh kaviani
 
03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptxKareemBullard1
 

Similaire à Views and security (20)

DBMS Security.ppt
DBMS Security.pptDBMS Security.ppt
DBMS Security.ppt
 
6232 b 04
6232 b 046232 b 04
6232 b 04
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For Developers
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and Authorization
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Les13
Les13Les13
Les13
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Les01
Les01Les01
Les01
 
Less06 users
Less06 usersLess06 users
Less06 users
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
 
Oracle Database
Oracle DatabaseOracle Database
Oracle Database
 
Les14
Les14Les14
Les14
 
Sql injection
Sql injectionSql injection
Sql injection
 
Les14[1]Controlling User Access
Les14[1]Controlling User AccessLes14[1]Controlling User Access
Les14[1]Controlling User Access
 
03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx
 

Plus de farhan amjad

Views and security
Views and securityViews and security
Views and securityfarhan amjad
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templatesfarhan amjad
 
Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)farhan amjad
 
Operator overloading
Operator overloadingOperator overloading
Operator overloadingfarhan amjad
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methodsfarhan amjad
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented languagefarhan amjad
 

Plus de farhan amjad (6)

Views and security
Views and securityViews and security
Views and security
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templates
 
Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)
 
Operator overloading
Operator overloadingOperator overloading
Operator overloading
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methods
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented language
 

Dernier

The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 

Dernier (20)

The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 

Views and security

  • 1. Security and Integrity Database Systems Lecture 11
  • 2. In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
  • 3. Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
  • 4. Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
  • 5. Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
  • 6. Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
  • 7. Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
  • 8. Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
  • 9. An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
  • 10. Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
  • 11. Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
  • 12. Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
  • 13. View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
  • 14. View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
  • 15. Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
  • 16. View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
  • 17. View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
  • 18. View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
  • 19. Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
  • 20. View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
  • 21. Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
  • 22. Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
  • 23. Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
  • 24. 1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity