Lession 3 introduction to database

Lecturer: Tran Dinh Vuong Home page: www.fit.vimaru.edu.vn/~vuongtd
Phone : 0982.113.274 Email : vuongtd@vimaru.edu.vn
51
Lession 3: Introduction to Database
Introduction to Database Creation
Overview
A database is primarily a group of computer files that each has a name and a location.
Just as there are different ways to connect to a server, in the same way, there are
different ways to create a database.
To visually create a new database in Microsoft SQL Server Management Studio, in the
Object Explorer, you can right-click the Databases node and click New Database... This
would open the New Database dialog box.
Practical Learning: Introducing Databases
1. Start Microsoft SQL Server
2. In the Authentication combo box, select Windows Authentication and make sure the
Administrator account is selected in the User Name (or the account you used when
you installed Microsoft SQL Server)
3. Click Connect
The Name of a Database
Probably the most important requirement of creating a database is to give it a name. The
SQL is very flexible when it comes to names. In fact, it is very less restrictive than most
other computer languages. Still, there are rules you must follow when naming the objects
in your databases:
A name can start with either a letter (a, b, c, d, e, f, g, h, i, j, k, l, m, n, o, p, q, r, s,
t, u, v, w, x, y, z, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T, U, V, W, X,

52
Y, or Z), a digit (0, 1, 2, 3, 4, 5, 6, 7, 8, or 9), an underscore (_) or a non-readable
character. Examples are _n, act, %783, Second
After the first character (letter, digit, underscore, or symbol), the name can have
combinations of underscores, letters, digits, or symbols. Examples
are _n24 or act_52_t
A name can include spaces. Example are c0untries st@ts, govmnt (records),
or gl0b# $urvey||
Because of the flexibility of SQL, it can be difficult to maintain names in a database. Based
on this, there are conventions we will use for our objects. In fact, we will adopt the rules
used in C/C++, C#, Pascal, Java, and Visual Basic, etc. In our databases:
Unless stated otherwise (we will mention the exceptions, for example with variables,
tables, etc), a name will start with either a letter (a, b, c, d, e, f, g, h, i, j, k, l, m, n,
o, p, q, r, s, t, u, v, w, x, y, z, A, B, C, D, E, F, G, H, I, J, K, L, M, N, O, P, Q, R, S, T,
U, V, W, X, Y, or Z) or an underscore
After the first character, we will use any combination of letters, digits, or
underscores
A name will not start with two underscores
If the name is a combination of words, at least the second word will start in
uppercase. Examples are Countries Statistics, Global
Survey, _RealSport, FullName, or DriversLicenseNumber
After creating an object whose name includes space, whenever you use that object,
include its name between [ and ]. Examples are [Countries Statistics], [Global
Survey], or [Date of Birth]. Even if you had created an object with a name that doesn't
include space, when using that name, you can still include it in square brackets. Examples
are[UnitedStations], [FullName], [DriversLicenseNumber], and [Country].

53
Practical Learning: Starting the Management Studio
1. In the Object Explorer, right-click Databases and click New Database...
2. In the Name text box, type MotorVehicleAdministration
The Owner of a Database
Whenever a new database is created, the server wants to keep track of who created that
database. This is known as the database owner. By default, Microsoft SQL Server creates
a special account named dbo (for database owner). When you create a database but do
not specify the owner, this account is used. The dbo account is also given rights to all
types of operations that can be performed on the database. This is convenient in most
cases. Still, if you want, you can specify another user as the owner of the database. Of

54
course, the account must exist, which means you should have previously created it or you
can use an existing one.
To visually specify the owner of a database you are creating, you can click <default> in
the Owner text box, type the name of the domain, followed by the back slash, and
followed by the user name who will own the database. Alternatively, you can click the
ellipsis button on the right side of the Owner text box. This would open the Select
Database Owner dialog box:
In the Enter the Object Names to Select dialog box, enter the full name or the username
of the user to whom you want to assign the database. After doing that, click Check
Names. If the name is right, the dialog box would accept it. If the name is not right, you
would receive an error. You can click the Browse button. This would open the Browse For
Objects dialog box. If you see the user object you want to use, click its check box and
click OK.
Practical Learning: Specifying the Database Owner
In the Owner dialog box, click <default> and type DomainNamepkatts (replace
DomainName with the name of your domain; otherwise, skip this step) (you can also
click the browser button on the right side of Owner to locate and select the desired
username)

55
The Primary Size of a Database
When originally creating a database, you may or may not know how many lists, files, or
objects the project would have. Still, as a user of computer memory, the database must
use a certain portion, at least in the beginning. The amount of space that a database is
using is referred to as its size. If you use the New Database dialog box, after specifying
the name of the database and clicking OK, the interpreter automatically specifies that the
database would primarily use 2MB. This is enough for a starting database. Of course, you
can either change this default later on or you can increase it when necessary.
If you want to specify a size different from the default, if you are using the New Database
to create your database, in the Database Files section and under the Initial Size column,
change the size as you wish.
Practical Learning: Setting the Database File Size
In the Database Files section, click the box under the Initial Size column header,
click the up arrow of the spin button and increase its value to 5

56
The Location of a Database
As you should be aware of already from your experience on using computers, every
computer file must have a path. The path is where the file is located in one of the drives
of the computer. This allows the operating system to know where the file is, so that when
you or another application calls it, the operating system would not be confused.
By default, when you create a new database, Microsoft SQL Server assumes that it would
be located at Drive:Program FilesMicrosoft SQL
ServerMSSQL10.MSSQLSERVERMSSQLDATA folder. If you use the New Database dialog
box of the SQL Server Management Studio, if you specify the name of the database and
click OK, the interpreter automatically creates a new file, and appends the .MDF extension
to the file: this is the (main) primary data file of your database.
If you do not want to use the default path, you can change it. If you are using the New
Database dialog box, to change the path, under the Path header, select the current string:

57
Replace it with an appropriate path of your choice.
Practical Learning: Checking the Location of the Data File
1. Scroll to the right side and, under the Path header, notice the location of the file
2. Start Windows Explorer
3. In the left frame, click the C: drive

58
4. Right-click a blank area in the right frame -> New -> Folder
5. Type Microsoft SQL Server Database Development as the name of the new
folder
6. Return to the New Database dialog box.
Under Path, click the browse button
7. Locate the Microsoft SQL Server Database Development folder you created and
select it
8. Do the same for the other path
9. Click OK

59
Default Databases
Introduction
When you install Microsoft SQL Server, it also installs 4 databases
named master, model, msdb, and tempdb. These databases will be for internal use.
This means that you should avoid directly using them, unless you know exactly what you
are doing.
The System Databases
One of the databases installed with Microsoft SQL Server is named master. This database
holds all the information about the server on which your MS SQL Server is installed. For
example, We know that, to perform any operation on the server, you must login. The
master database identifies any person, called a user, who accesses the database, about
when and how.
Besides identifying who accesses the system, the master database also keeps track of
everything you do on the server, including creating and managing databases.
You should not play with the master database; otherwise you may corrupt the system. For
example, if the master database is not functioning right, the system would not work.
Database Creation With Code
Introduction
To assist you with creating and managing databases, including their objects, you use a set
of language tools referred to as the Data Definition Language (DDL). This most includes
commands. For example, the primary command to create a database uses the following
formula:
CREATE DATABASE DatabaseName
To assist you with writing code, in the previous lessons, we saw that you could use the
query window.
The CREATE DATABASE (remember that SQL is not case-sensitive) expression is
required. The DatabaseName factor is the name that the new database will have.
Although SQL is not case-sensitive, you should make it a habit to be aware of the cases
you use to name your objects. Every statement in SQL can be terminated with a semi-
colon. Although this is a requirement in many implementations of SQL, in Microsoft SQL
Server, you can omit the semi-colon. Otherwise, the above formula would be
CREATE DATABASE DatabaseName;
Here is an example:
CREATE DATABASE NationalCensus;
This formula is used if you do not want to provide any option. We saw previously that a
database has one or more files and we saw where they are located by defauft. We also
saw that you could specify the location of files if you want. To specify where the primary
file of the database will be located, you can use the following formula:
ON PRIMARY
( NAME = LogicalName, FILENAME = Path )

60
The only three factors whose values need to be changed from this formula are the
database name that we saw already, the logical name, and the path name. The logical
name can be any one-word name but should be different from the database name. The
path is the directory location of the file. This path ends with a name for the file with the
extension .mdf. The path should be complete and included in single-quotes. Here is an
example:
CREATE DATABASE NationalCensus
ON PRIMARY
( NAME = DataRepository, FILENAME = 'C:ExercisesNationalCensus.mdf')
GO
Besides the primary file, you may want to create and store a log file. To specify where the
log file of the database would be located, you can use the following formula:
ON PRIMARY
( NAME = LogicalName, FILENAME = Path.mdf )
LOG ON
( NAME = LogicalName, FILENAME = Path.ldf )
The new factor in this formula is the path of the log file. Like the primary file, the log file
must be named (with a logical name). The path ends with a file name whose extension is
.ldf. Here is an example:
CREATE DATABASE NationalCensus
ON PRIMARY
( NAME = DataRepository, FILENAME = 'C:ExercisesNationalCensus.mdf')
LOG ON
( NAME = DataLog, FILENAME = 'C:ExercisesNationalCensus.ldf')
GO
Practical Learning: Creating a Database Using SQL
1. To open the code editor, in the Object Explorer, right-click the name of the server
and click New Query
2. In the empty window, type:
3. CREATE DATABASE RealEstate1

61
4. ON PRIMARY
5. ( NAME = DataRepository, FILENAME = 'C:Microsoft SQL Server Database
DevelopmentRealEstate1.mdf')
6. LOG ON
7. ( NAME = DataLog, FILENAME = 'C:Microsoft SQL Server Database
DevelopmentRealEstate1.ldf')
GO
8. To execute the statement, press F5
Using Code Template
To specify more options with code, Microsoft SQL Server ships with various sample codes
you can use for different assignments. For example, you can use sample code to create a
database. The sample codes that Microsoft SQL Server are accessible from the Template
Explorer.
To access the Template Explorer, on the main menu, you can click View -> Template
Explorer. Before creating a database, open a new query window. Then:
To create a new database using sample code, in the Template Explorer, expand the
Databases node, then drag the Create Database node and drop it in the query
window. The new database would be created in the server that holds the current
connection
If you have access to more than one server, to create a database in another server
or using a different connection, in the Template Explorer, expand the Databases
node, right-click Create Database and click Open. In the Connect to Database Engine
dialog box, select the appropriate options, and can click OK
With any of these actions, Microsoft SQL Server would generate sample code for you:
-- =============================================
-- Create database template
-- =============================================
USE master
GO
-- Drop the database if it already exists
IF EXISTS (
SELECT name
FROM sys.databases
WHERE name = N'<Database_Name, sysname, Database_Name>'
)

62
DROP DATABASE <Database_Name, sysname, Database_Name>
GO
CREATE DATABASE <Database_Name, sysname, Database_Name>
GO
You would then need to edit the code and execute it to create the database. From the
previous lessons and sections, we have reviewed some characters uch as the comments --
and some words or expressions such as GO, CREATE DATABASE, and SELECT. We will
study the other words or expressions in future lessons and sections.
The Users of a Database
Introduction to Users
A user of a computer, or a user of an application, simply called a user, is a person who
has been given the right to use either the computer or an application. For a person to use
Microsoft SQL Server, an account must be created for him or her. As you may remember,
when you install Microsoft SQL Server, you must use an account that has administrative
rights. We also mentioned that there is an existing account named sa. These two accounts
allow you to perform the necessary preliminary actions on a Microsoft SQL Server.
Obviously, you may need to create other accounts, for the users.
Creating a User
To create a user, you must give a name for the account. The name can be anything. You
can even use a name that is not found anywhere in the computer or the domain. Then,
and most importantly, you must specify the login name that will use that user name. This
means that you must associate the user name with a login name that was created
already.
To visually create a user, in the Object Explorer, expand the database whose user(s) you
want to create and expand its Security node. Right-click Users and click New User... This
would open the Database User - New dialog box. In the User Name, type the name you
want. In the Login Name, you must type a valid user name for an existing account. After
specifying the login and the user names, you can select other options in the check boxes,
options we will ignore at this time. Then click OK.
The formula to programmatically create a user is:
CREATE USER user_name
[ { { FOR | FROM }
{
LOGIN login_name
| CERTIFICATE cert_name
| ASYMMETRIC KEY asym_key_name
}
| WITHOUT LOGIN
]
[ WITH DEFAULT_SCHEMA =schema_name ]
If you want Microsoft SQL Server to generate code for you, open a new Query window. In
the Template Explorer, expand the User node. Drag Create User As DBO and drop it in the
text editor:
-- ==============================
-- Create User as DBO template
-- ==============================

63
USE <database_name, sysname, AdventureWorks>
GO
-- For login <login_name, sysname, login_name>, create a user in the database
CREATE USER <user_name, sysname, user_name>
FOR LOGIN <login_name, sysname, login_name>
WITH DEFAULT_SCHEMA = <default_schema, sysname, dbo>
GO
-- Add user to the database owner role
EXEC sp_addrolemember N'db_owner', N'<user_name, sysname, user_name>'
GO
You start with the CREATE USER expression followed by a user name. As mentioned
already, it can be almost anything. After the user name, to associate a login to the user,
type FOR LOGIN followed by the login name that will use it.
If the name is in one word, simply type it. Here is an example:
CREATE USER JohnYamo
FOR LOGIN rkouma;
GO
If the name is in more than one word, include it in square brackets. Here is an example:
CREATE USER [Paul Martin Souffrance]
FOR LOGIN rkouma;
GO
The other things are optional.
Practical Learning: Creating Users
1. In the Object Explorer, right-click Databases and click Refresh
2. Click the + button of MotorVehicleAdministration to expand it
3. Click the + button of Security to expand it
4. Right-click Users and click New User...
5. In the User Name, type Orlando Perez
6. On the right side of the Login Name text box, click the button
7. In text box, type pkatts
8. Click Check Names
9. When the name has been found, click OK
10.Don't change the other options and click OK
11.Right-click MotorVehicleAdministration and click New Query
12.To create another user, type the following:
13. CREATE USER [Gertrude Danielle Monay]
14. FOR LOGIN gdmonay;
GO
15.To execute, press F5
16.Click inside the Query window and press Ctrl + A
17.To create a user for a different database, type the following:
18. USE RealEstate1;

64
19. GO
20. CREATE USER Orlando
21. FOR LOGIN operez;
GO
22.Press F5 to execute
Roles
A role is an action or a set of actions that are allowed to a security principal. For example
a person A can be allowed to create and use a database. The ability to perform such an
action is referred to as a role. Another person B can be allowed only to use an existing
database without being able to create a new one. This is another type of role.
Database Maintenance
Introduction
If you have created a database but don't need it anymore, you can delete it. It is
important to know, regardless of how you create a database, whether using SQL Server
Management Studio, code in the query window, or the Command Prompt, every database
can be accessed by any of these tools and you can delete any of the databases using any
of these tools.
As done with creating a database, every tool provides its own means.
SQL Server Management Studio
To delete a database in SQL Server Management Studio, in the Object Explorer, expand
the Databases node, right-click the undesired database, and click Delete. A dialog box
would prompt you to confirm your intention. If you still want to delete the database, you
can click OK. If you change your mind, you can click Cancel.
Deleting a Database Using SQL
To delete a database in SQL Query Analyzer, you use the DROP DATABASE expression
followed by the name of the database. The formula used is:
DROP DATABASE DatabaseName;
Before deleting a database in SQL, you must make sure the database is not being used or
accessed by some one else or by another object.
Database Routines
The Current Database
While writing code in a Query Window, you should always know what database you are
working on, otherwise you may add code to the wrong database. To programmatically
specify the current database, type the USEkeyword followed by the name of the
database. The formula to use is:
USE DatabaseName;
Here is an example:
USE GovernmentStatistics;

65
Refreshing the List of Databases
Some of the windows that display databases, like the SQL Server Management Studio,
don't update their list immediately if an operation occurred outside their confinement. For
example, if you create a database in the query windows, its name would not be updated
in the Object Explorer. To view such external changes, you can refresh the window that
holds the list.
In SQL Server Management Studio, to update a list, you can right-click its category in the
Object Explorer and click Refresh. Only that category may be refreshed. For example, to
refresh the list of databases, in the Object Explorer, you can right-click the Databases
node and click Refresh.
Schemas
Introduction to Namespaces
A namespace is a technique of creating a series of items that each has a unique name. For
example, if you start creating many databases, there is a possibility that you may risk
having various databases with the same name. If using a namespace, you can isolate the
databases in various namespaces. In reality, to manage many other aspects of your
database server, you use namespaces and you put objects, other than databases, within
those namespaces. Therefore, a namespace and its content can be illustrated as follows:
Notice that there are various types of objects within a namespace.
Introduction to Schemas
Within a namespace, you can create objects as you wish. To further control and manage
the objects inside of a namespace, you can put them in sub-groups called schemas.
Therefore, a schema is a group of objects within a namespace. This also means that,
within a namespace, you can have as many schemas as you want:

66
Notice that, just like a namespace can contain objects (schemas), a schema can contain
objects also (the objects we will create throughout our lessons).
To manage the schemas in a namespace, you need a way to identify each schema. Based
on this, each schema must have a name. In our illustration, one schema is named
Schema1. Another schema is named Schema2. Yet another schema is named Schema_n.
A schema is an object that contains other objects. Before using it, you must create it or
you can use an existing schema. There are two types of schemas you can use, those built-
in and those you create. When Microsoft SQL Server is installed, it also creates a few
schemas. One of the schemas is called sys.
The sys schema contains a list of some of the objects that exist in your system. One of
these objects is called databases (actually, it's a view). When you create a database, its
name is entered in the databasesobject using the same name you gave it.
To access the schemas of a database, in the Object Explorer, expand the Databases node,
expand the database that will hold or own the schema, and expand the Security node.
Creating a Schema
To create a schema, right-click Schemas and click New Schema...

67
This would open the Schema - New dialog box. In the Schema Name text box, enter a
one-word name. Here is an example:
After providing a name, you can click OK.

68
We will see a practical example of creating a schema in Lesson 7.
Accessing an Object From a Schema
Inside of a schema, two objects cannot have the same name, but an object in one schema
can have the same name as an object in another schema. Based on this, if you are
accessing an object within its schema, you can simply use its name, since that name
would be unique. On the other hand, because of the implied possibility of dealing with
objects with similar names in your server, when accessing an object outside of its
schema, you must qualify it. To do this, you would type the name of the schema that
contains the object you want to use, followed by the period operator, followed by the
name of the object you want to use. From our illustration, to access the Something1
object that belongs to Schema1, you would type:
Schema1.Something1
Introduction to Rights and Permissions
Overview
A permission is an action that a user is allowed to perform, or is prevented from
performing, on a database or on one of its objects.
Many server operating systems and database environments use the word "right" for permission
lessons, we will use both words interchangeably. That is, for the rest of our lessons, the word
and "permission" will mean the exact same thing.
Microsoft SQL Server provides two first broad categories of permissions: physical and
virtual. The physical permission has to do with who has physical access to the computer
or the room where it is located (who can open it, who can shut it down, etc). We are not
concerned with physical permissions in these lessons. For the rest of our lessons, the
permissions have to do with how to electronically connect to the server and what a user
can do with it.
Microsoft SQL Server provides various levels of security and therefore permissions are
managed on different levels.
Granting a Permission
In order to do something on the server or one of its objects, a user must be given the
permission. This is also referred to as granting a permission. To grant permissions, the
account you are using must have the ability to do so. This means that, before granting
permissions, you must log in with an account that has its own right permissions. You can
grant permissions visually or with code.
To visually grant one or more permissions on the server, in the Object Explorer, right-click
the name of the server and click Properties. In the left frame of the Server Properties
dialog box, click Permissions. In the Logins or Roles list, click the name of the user. In the
bottom list, use the options in the Grant column:

69
The basic formula to programmatically grant one or more permissions on a server is:
GRANT Permission TO Login
You start with the GRANT keyword followed by the name of the permission. After the
permission, type TO, followed by the login name you want to grant the permission to.
Here is an example:
USE master;
GO
GRANT CREATE ANY DATABASE
TO operez;
GO
If you want to grant more than one permission, separate their names with commas. Here
is an example:
GRANT CREATE ANY DATABASE, SHUTDOWN
TO operez;
GO
If you want to grant the same permission(s) to more than one account, list them,
separated by commas. Here is an example:
GRANT CREATE ANY DATABASE, ALTER ANY LOGIN
TO pkatts, gdmonay;
GO

70
Practical Learning: Granting a Permission
1. In the Object Explorer, right-click the top node (the name of the computer) and click
Properties...
2. In the left frame, click Permissions
3. In the Logins or Roles list, click pkatts
4. In the Permissions list, in the Grant column, click the check box that corresponds to
Create Any Database.
Make sure Connect SQL is selected
5. Still in the Permissions for pkatts section, in the Grant column, click the check boxes
that correspond to Alter Any Connection, Alter Any Database, and Alter Any Login

71
6. Click OK
7. On the task bar, click Start -> Switch User
8. Log in with the pkatts account
9. On the task bar, click Start -> (All) Programs -> Microsoft SQL Server -> SQL Server
Management Studio
10.Make sure the Authentication is set to Windows Authentication and that the pkatts
account is selected as as the User Name.
Click Connect
11.In the Object Explorer, expand the Databases node
12.Right-click Databases and click New Database...
13.In the Name, type Beauty Salon and click OK.
Notice that the database has been created.
14.On the task bar, click Start -> Log off
15.Re-log in as the account you were using before
Connection to a Server
To primary permission a person needs in Microsoft SQL Server is to be able to connect to
the server. This permission is called CONNECT. This is also the default permission. After
all, if a person cannot establish a connection to the server, what's the point? When you
create a new user account, it is automatically given the right to connect to the server.
Otherwise, you can deny it if you want.

72
Denying a Permission
As opposed to granting rights, you can prevent a user from doing something on the
server, on a database, or on an object. This is referred to as denying a permission.
To visually deny one or more permissions on the server, in the Object Explorer, right-click
the name of the server and click Properties. In the left frame, click Permissions. In the
Logins or Roles list, click the name of the user. Use the options in the Deny column.
The basic formula to programmatically deny one or more permissions on a server is:
DENY Permission1,Permission2, Permission_n
TO Login1, Login2, Login_n
Here is an example:
DENY CREATE ANY DATABASE
TO rkouma;
GO
Practical Learning: Denying a Permission
1. In the Object Explorer, right-click the name of the computer and click Properties...
3. In the Logins or Roles list, click operez
4. In the Permissions list, in the Deny column, click the check box that corresponds to
Create Any Database
5. Click OK

73
6. In the Object Explorer, right-click RealEstate1 and click Properties
8. In the Users or Roles section, click Orlando
9. In the Permissions for Orlando section, in the Deny column, click the check box that
corresponds to Connect
10.Click OK
11.On the task bar, click Start -> (All) Programs -> Microsoft SQL Server -> SQL Server
Management Studio
12.Set the Authentication to SQL Server Authentication
13.In the Login name, type operez and press Tab
14.In the password, type P@ssword1
15.Click Connect
16.In the Object Explorer, expand the Databases node
17.Click the + button of MotorVehicleAdministration. Notice that you can expand it
18.Still in the Object Explorer, click the + button of RealEstate1.
Notice that you receive an error

74
19.Click OK on the message box
20.Close Microsoft SQL Server
21.Restart it and login with an account that has administrative rights using the Windows
Authentication
22.Click Connect
23.In the Object Explorer, right-click MotorVehicleAdministration and click Delete
24.In the Delete Object dialog box, click OK
25.On the Standard toolbar, click the New Query button
26.To delete a database, type:
27. DROP DATABASE RealEstate1;
28. GO
29. drop database [beauty salon];
GO

75
30.Press F5 to execute the statement
31.Close Microsoft SQL Server
32.When asked whether you want to save, click No
Managing Permissions
There are many issues you need to keep in mind in order to rightfully manage
permssions. This is because permissions are somehow interconnected. This means that
granting one permission may not work if another right is not given or is denied to the
same user.
There are many permissions in Microsoft SQL Server. Some permissions are used
regularly and are of primary importance:
CONNECT: Obviously the primary right you need to give a user is the ability to
connect to a Microsoft SQL Server database. If you want to permanently or
temporarily block access of the server to a user, you can deny the Connect
permission
CREATE ANY DATABASE: By default, users are able to create new databases on
the server as long as they have access to it. The CREATE ANY
DATABASE permission allows a user to create a new database. If you want a user to
only be able to use existing databases created by other people such as the database
administrator(s), you should deny this right
ALTER ANY DATABASE: Even if you prevent a user from creating new databases,
he can still change something in the existing databases. To prevent such actions, you
should deny this right
ALTER ANY LOGIN: This permission allows a user (the user who receives this right)
to change the login account of another user. This right should be granted only to
database administrators
Extending Permissions
Besides granting or denying permissions to an account, you can give an account the
ability to grant or deny permissions to other accounts. To do this visually, open the
Database Properties for the database you want to work on. In the Users or Roles section,
select the user. In the Persmissions, use the check boxes in the With Grant column.
The formula to programmatically give an account the ability to grant or deny permissions
to other accounts is:
GRANT Permission1,Permission2, Permission_n
TO Login1, Login2, Login_n
WITH GRANT OPTION
This follows the same formula as the GRANT we saw earlier. You must just add the WITH
GRANT OPTIONexpression.
Revoking Permissions
Consider the following SQL statement:
TO rkouma;
GO
When this code has been executed, if the TO user logs in and tries creating a database, he
would receive an error:

76
Revoking a permission consists of either denying a permission that was previously granted
or granting a permission that was previously denied. To visually do this, open the
Properties dialog box of the database (or the object) on which the permission was
managed.
To programmatically revoke a permission, the formula to follow is:
REVOKE [ GRANT OPTION FOR ] <permission> [ ,...n ]
{ TO | FROM } <database_principal> [ ,...n ]
[ CASCADE ]
[ AS <database_principal> ]
<permission> ::= permission | ALL [ PRIVILEGES ]
<database_principal> ::= Database_user
| Database_role
| Application_role
| Database_user_mapped_to_Windows_User
| Database_user_mapped_to_Windows_Group
| Database_user_mapped_to_certificate
| Database_user_mapped_to_asymmetric_key
| Database_user_with_no_login
Start with the REVOKE keyword followed by the permission(s). This is followed by
either TO or FROM and the login name of the account whose permission must be
managed. Here is an example:
/*
TO rkouma;
GO
*/
REVOKE CREATE ANY DATABASE
TO rkouma;
GO
Revoking a permission doesn't give that same permission. Imagine a user with a newly
created account didn't have the permission to create new databases. If you deny that
person the ability to create new databases, that denial becomes effective. If you revoke
the permission, you are asking the server to restore the status of that person with regards
to that particular right. That doesn't give that user the permission. The above code
doesn't give the user the right to create new databases. If you want the user to have a
right, you must explicitly grant the permission. Consider the following code:
REVOKE CREATE ANY DATABASE
TO rkouma;
GO

77
GRANT CREATE ANY DATABASE
TO rkouma;
GO
This restores the user's denial for creating new databases, then grants the permission to
that user. This time, the user has the right to create new databases.
Exercises
National Health Care Management
Create a database named nhcm1 (which stands for National Health Care
Management 1). Accept the default location
Metropolitan Area Electric Company
By writing SQL code in a Query window, create a database named MetrEC (this
stands for Metropolitan Area Electric Company)

Lession 3 introduction to database

Recommandé

Recommandé

Contenu connexe

En vedette

En vedette (11)

Similaire à Lession 3 introduction to database

Similaire à Lession 3 introduction to database (20)

Dernier

Dernier (20)

Lession 3 introduction to database