2. In This Lecture
• Today database Security and Integrity:
• Aspects of security
• Access to databases
• Making sure the correct data goes in.
1) Privileges
2) Views
3) Integrity constraints
• For more information
• Connolly and Begg chapters 6 and 19
Security and Integrity
3. Database Security
• Database security is • Many aspects to
about controlling access consider for security:
to information
• Some information • Legal issues
should be available • Physical security
freely • OS/Network security
• Security policies and
• Other information should
protocols
only be available to
certain people or groups • Encryption and
passwords
• DBMS security
Security and Integrity
4. Now then, now then…
• DBMS can provide
some security: • The DBMS verifies
password and checks
a user’s permissions
• Each user has an
account, username when they try to
and password either:
• These are used to • Retrieve data
identify a user and • Modify data
control their access to
• Modify the database
information
structure
Security and Integrity
5. Permissions and Privilege
• SQL uses privileges • The owner (creator)
to control access to of a database has all
privileges on all
tables and other objects in the
database objects: database, and can
grant these to others
• SELECT privilege
• INSERT privilege • The owner (creator)
of an object has all
• UPDATE privilege
privileges on that
• DELETE privilege object and can pass
them on to others
Security and Integrity
6. Privileges in SQL
GRANT <privileges> • <users> is a list of user
names or PUBLIC
ON <object>
TO <users> • <object> is the name of
[WITH GRANT OPTION] a table or view (later)
• <privileges> is a list of • WITH GRANT OPTION
SELECT <columns>, means that the users can
INSERT <columns>, pass their privileges on
to others
DELETE, and
UPDATE <columns>,
or simply ALL
Security and Integrity
7. Privileges Examples
GRANT ALL ON Employee GRANT SELECT,
TO Scooby UPDATE(Salary) ON
WITH GRANT OPTION Employee TO Shaggy
The user ‘Scooby’ can do The user ‘Shaggy’ can
anything to the Employee view the entire Employee
table, and can allow other table, and can change
users to do the same (by Salary values, but cannot
using GRANT statements) change other values or pass
on their privilege
Security and Integrity
8. Removing Privileges
• If you want to • If a user has been
remove a privilege given the same
you have granted privilege from other
you use: users then they keep
it. Everyone has to
revoke them.
REVOKE <privileges>
ON <object> • However all
FROM <users> privileges dependent
on the revoked one
are also revoked
Security and Integrity
9. An example. …
•‘Waqas’ grants ALL Waqas
privileges to ‘Saleem’, and
SELECT to ‘Sajid’ with the SELECT ALL
grant option
•‘Sajid’ grants SELECT to Sajid Saleem
‘Saqib’
SELECT ALL
•‘Saleem’ grants ALL to
‘Saqib’
Saqib
Security and Integrity
10. Removing Privileges. Rut-ro…
•Saqib quickly begins to
annoy everyone so Saleem Waqas
revokes ALL from him…
SELECT ALL
•N.b. Saqib still has SELECT
privileges from ‘Sajid’…
Sajid Saleem
•Waqas revokes SELECT from
SELECT ALL
Sajid…
•And as a consequence Saqib Saqib
loses SELECT also
Security and Integrity
11. Views
• Now Privileges work • But Views provide
at the level of ‘derived’ tables:
tables:
• You can restrict • A view is the result of
access by column a SELECT statement
which is treated like a
• You cannot restrict table
access by row
• You can SELECT from
• Views, along with (and sometimes
privileges, allow for UPDATE, etc) views
just like tables
customised access.
Security and Integrity
12. Creating Views
CREATE VIEW <name> • Example:
AS <select stmt>
• We want each user to
• <name> is the name be able to view the
names and phone
of the new view.
numbers (only) of
• <select stmt> is a those employees that
are in their own
query that returns department
the rows and
columns of the view
Security and Integrity
13. View Example
• Say we want each user to be able to view the names
and phone numbers (only) of those employees in their
own department.
• In Oracle, you can refer to the current user as USER
Employee
ID Name Phone Department Salary
E158 Mark x6387 Accounts £15,000
E159 Mary x6387 Marketing £15,000
E160 Jane x6387 Marketing £15,000
Security and Integrity
14. View Example
CREATE VIEW OwnDept AS
SELECT Name, Phone FROM Employee
WHERE Department =
(SELECT Department FROM Employee
WHERE name = USER)
GRANT SELECT ON OwnDept TO PUBLIC
Security and Integrity
15. Using Views and Privileges
• Views and privileges are
used together to control User 1 User 2 User 3
access
• A view is made which
contains the information External External
needed View 1 View 2
• Privileges are granted to
that view, rather than Conceptual
the underlying tables DBA
View
Security and Integrity
16. View Updating
• Views are like virtual tables:
• Their value depends on the ‘base’ tables that they
are defined from
• You can select from views just like a table
So what the dickens happens
to the updates, inserts, and
deletes?
Security and Integrity
17. View Updating
• Updates to the base tables change the views
and vice-versa
• But it is often not clear how to change the base
tables to make the desired change to the view.
• This also affects stuff like Java’s ResultSet.
• Are there any rules to make it clear when
updates, inserts and deletes are possible and
when they are not?
Security and Integrity
18. View Updating
• In general it is • In general it is not
possible to update possible to update
views which: views which
• Are defined on a • Are defined on more
single table than one base table
by a join operation
• Contain at least one
primary or candidate • Contain aggregate
key for that relation functions and group
by clauses
Security and Integrity
19. Example: Module Enrolment Student
Code Dept ID Code ID Name
DBS CSIT 123 DBS 123 John
RDB CSIT 123 ALG 124 Mary
ALG Math 124 DBS 125 Chris
124 RDB
125 ALG
CREATE VIEW CSIT AS
SELECT S.ID, S.Name, Count(*) AS Num
FROM Student AS S,
Enrolment AS E,
Module AS M
WHERE S.ID = E.ID ID Name Num
AND E.Code = M.Code
AND M.Dept = ‘CSIT’
123 John 1
GROUP BY S.ID, S.Name 124 Mary 2
Security and Integrity
20. View Updating Example
CSIT ID Name Num
123 Saqib 1
124 Mahd 2
UPDATE CSIT SET Num = 1 cannot update the result of the
WHERE Name= ‘Saqib’ aggregate function COUNT()…
DELETE FROM CSIT cannot delete because we have
joined several tables to create
WHERE Name = ‘Saqib’
this view…
INSERT INTO CSIT cannot insert because we have
joined several tables and none
VALUES (126, ‘Asif’, 1) have Num in anyway!
Security and Integrity
21. Combining Views and
Privileges
To restrict someone's access Employee
to a table:
ID Name Salary Department
• Create a view of that
table that shows only the
information they need to
see. • Say we want to let
the user 'John' read
• Grant them privileges on
the view . the department and
name, and be able to
• Revoke any privileges update the
they have on the
original table department (only)
Security and Integrity
22. Using Views and Privileges
Create a view: Set the privileges:
CREATE VIEW forSaqib GRANT SELECT,
AS SELECT Name, UPDATE (Department)
Department ON forSaqib
FROM Employee TO John
REVOKE ALL ON
forSaqib FROM Saqib
Security and Integrity
23. Database Integrity
• Security vs Integrity • Integrity constraints
• Domain constraints
• Database security apply to data types
makes sure that the
user is authorised to
access information • Attribute constraints
apply to columns
• Database integrity • Relation constraints
makes sure that apply to rows in a single
(authorised) users table
manipulate that
information correctly • Database constraints
apply between tables
Security and Integrity
24. 1 Example CHECK
• A check statement allows you to constrain
what can be entered into the database.
• I.e. you can define what makes it consistent.
CREATE TABLE Poker_players
(
name VARCHAR(32),
age INTEGER
CHECK (age > 18) CHECK that we
) only have legal
poker players
Security and Integrity