![1. The Dean has announced the bonuses. A notice has gone to
each employee that will receive a bonus. The existence of
bonus column is now known so a different way to restrict who
can view the data is needed.
3. Generate the code that will enforce the new rule for access to
the bonus information: bonus information can be viewed only
by the person receiving the bonus (and the Dean).
3. Show the Dean is still the only one who can update the bonus
data. Show how to achieve this result. [Note: The solution is
not a view with a Where clause of User = Name clause or a
VPD].
CREATE USER ABLE IDENTIFIED BY a;
CREATE USER BAKER IDENTIFIED BY b;
CREATE USER CHARLES IDENTIFIED BY c;
CREATE USER DRAKE IDENTIFIED BY d;
CREATE USER ELLIOT IDENTIFIED BY e;
CREATE USER LOONEY IDENTIFIED BY f;
CREATE USER MARTIN IDENTIFIED BY g;
CREATE USER MILLS IDENTIFIED BY h;
CREATE USER SEAVER IDENTIFIED BY i;
GRANT CREATE SESSION TO ABLE;](https://image.slidesharecdn.com/1-221201170517-040d3915/85/1-Create-a-View-that-allows-students-to-view-their-own-informatio-docx-2-320.jpg)
![R_FACULTY;
/* UPDATE_FACULTY_ADDRESS VIEW CREATION */
CREATE VIEW UPDATE_FACULTY_ADDRESS AS
SELECT ADDRESS
FROM FACULTY
WHERE NAME = USER;
/* GRANT SELECT AND UPDATE FOR ADDRESS ON VIEW
*/
GRANT SELECT, UPDATE ON
UPDATE_FACULTY_ADDRESS TO R_FACULTY;
--For the Lab example of decode
--
--Decode allows a user to see their own values for the column
involved
SQL> connect michael/[email protected];](https://image.slidesharecdn.com/1-221201170517-040d3915/85/1-Create-a-View-that-allows-students-to-view-their-own-informatio-docx-12-320.jpg)
![SQL> grant select on my_salary to mike;
Grant succeeded.
SQL> connect mike/[email protected];
Connected.
--Mike sees his own salary but not Jeff
SQL> select * from michael.my_salary;
EMPNO HOURS_ENTERED NAME SALARY
---------- ------------- ---------- ----------
1 8 MIKE 195999
2 7 JEFF
SQL> show user](https://image.slidesharecdn.com/1-221201170517-040d3915/85/1-Create-a-View-that-allows-students-to-view-their-own-informatio-docx-16-320.jpg)
![USER is "MIKE"
SQL> create user jeff identified by j;
User created.
SQL> grant create session, dba to jeff;
Grant succeeded.
SQL> connect michael/[email protected];
Connected.
SQL> grant select on michael.my_salary to jeff;
Grant succeeded.
SQL> connect jeff/[email protected];
Connected.](https://image.slidesharecdn.com/1-221201170517-040d3915/85/1-Create-a-View-that-allows-students-to-view-their-own-informatio-docx-17-320.jpg)
![SQL> select * from michael.my_salary;
EMPNO HOURS_ENTERED NAME SALARY
---------- ------------- ---------- ----------
1 8 MIKE
2 7 JEFF 178999
SQL> show user
USER is "JEFF"
--For class use--invisible example
SQL> connect michael/[email protected];
Connected.
SQL> show user;
USER is "MICHAEL"
SQL> drop table emp_h;
Table dropped.](https://image.slidesharecdn.com/1-221201170517-040d3915/85/1-Create-a-View-that-allows-students-to-view-their-own-informatio-docx-18-320.jpg)
1. Create a View that allows students to view their own informatio.docx
- 1. 1. Create a View that allows students to view their own information in the Student, Offering, and Enrollment tables. · Note: This should be one view that covers all three tables, but allows students to view their own information only. 0. Grant the necessary authority so that students can use this view. 1. Create a View that allows Juniors and Seniors the right to change their major (but does not allow anyone else too). 1. Grant the necessary authority so that Juniors and Seniors can use this view. 1. User Martin, the Dean, owns the faculty table and is the only user that knows there is a bonus column in the table. The rest of the users don’t know there is a bonus column. 2. Show how user Martin can manipulate the faculty table so the bonus data is invisible except to him (generate the SQL and execute it) 2. Show how he can update the bonus information (generate the SQL and execute it). 2. And show he can review it (select bonus information in combination with other data, e.g., select name, bonus from employee).
- 2. 1. The Dean has announced the bonuses. A notice has gone to each employee that will receive a bonus. The existence of bonus column is now known so a different way to restrict who can view the data is needed. 3. Generate the code that will enforce the new rule for access to the bonus information: bonus information can be viewed only by the person receiving the bonus (and the Dean). 3. Show the Dean is still the only one who can update the bonus data. Show how to achieve this result. [Note: The solution is not a view with a Where clause of User = Name clause or a VPD]. CREATE USER ABLE IDENTIFIED BY a; CREATE USER BAKER IDENTIFIED BY b; CREATE USER CHARLES IDENTIFIED BY c; CREATE USER DRAKE IDENTIFIED BY d; CREATE USER ELLIOT IDENTIFIED BY e; CREATE USER LOONEY IDENTIFIED BY f; CREATE USER MARTIN IDENTIFIED BY g; CREATE USER MILLS IDENTIFIED BY h; CREATE USER SEAVER IDENTIFIED BY i; GRANT CREATE SESSION TO ABLE;
- 3. GRANT CREATE SESSION TO BAKER; GRANT CREATE SESSION TO CHARLES; GRANT CREATE SESSION TO DRAKE; GRANT CREATE SESSION TO ELLIOT; GRANT CREATE SESSION TO MARTIN; GRANT CREATE SESSION TO SEAVER; GRANT CREATE SESSION TO LOONEY; GRANT CREATE SESSION TO MILLS; /* CREATE TABLES */ CREATE TABLE ENROLLMENT ( OFFERING_NUM NUMERIC(4) NOT NULL, STUDENT_ID NUMERIC(3) NOT NULL ); CREATE TABLE FACULTY ( FACULTY_ID NUMERIC(4) NOT NULL,
- 4. NAME VARCHAR2(55) NOT NULL, ORGCD VARCHAR2(4) NOT NULL, ADDRESS VARCHAR2(55) NOT NULL, CC NUMERIC(16) NOT NULL, SALARY NUMERIC(12) NOT NULL, BONUS NUMERIC(12) NOT NULL, RANK VARCHAR2(55) NOT NULL ); CREATE TABLE OFFERING ( OFFERING_NUM NUMERIC(4) NOT NULL, COURSE_NUM VARCHAR2(16) NOT NULL, FACULTY_ID NUMERIC(4) NOT NULL, TERM VARCHAR2(16) NOT NULL, YEAR NUMERIC(4) NOT NULL, TIME VARCHAR2(12) NOT NULL );
- 5. CREATE TABLE STUDENT ( STUDENT_ID NUMERIC(3) NOT NULL, NAME VARCHAR2(24) NOT NULL, MAJOR VARCHAR2(55) NOT NULL, STATUS VARCHAR2(4) NOT NULL, ADDRESS VARCHAR2(55) NOT NULL, GPA DECIMAL(4,2) NOT NULL ); /* INSERT DATE INTO TABLES */ Insert into ENROLLMENT (OFFERING_NUM,STUDENT_ID) values ('1111','100'); Insert into ENROLLMENT (OFFERING_NUM,STUDENT_ID) values ('1233','500'); Insert into ENROLLMENT (OFFERING_NUM,STUDENT_ID) values ('2222','300'); Insert into ENROLLMENT (OFFERING_NUM,STUDENT_ID) values ('3333','400'); Insert into FACULTY
- 6. (FACULTY_ID,NAME,ORGCD,ADDRESS,CC,SALARY,BON US,RANK) values ('0980','MARTIN','IM','11 MAIN','4560123450001234','250000','250000','DEAN'); Insert into FACULTY (FACULTY_ID,NAME,ORGCD,ADDRESS,CC,SALARY,BON US,RANK) values ('5430','SEAVER','IS','12 SOUTH','4560123450002345','180000','90000','PROFESSOR'); Insert into FACULTY (FACULTY_ID,NAME,ORGCD,ADDRESS,CC,SALARY,BON US,RANK) values ('7650','LOONEY','IT','14 NORTH','4560123450003456','160000','80000','INSTRUCTOR') ; Insert into FACULTY (FACULTY_ID,NAME,ORGCD,ADDRESS,CC,SALARY,BON US,RANK) values ('9870','MILLS','SA','16 EAST','4560123450004567','90000','45000','LECTURER'); Insert into OFFERING (OFFERING_NUM,COURSE_NUM,FACULTY_ID,TERM,YEA R,TIME) values ('1111','IS320','5430','FALL','2012','10 AM'); Insert into OFFERING (OFFERING_NUM,COURSE_NUM,FACULTY_ID,TERM,YEA R,TIME) values ('1233','IS320','0980','FALL','2012','11 AM'); Insert into OFFERING (OFFERING_NUM,COURSE_NUM,FACULTY_ID,TERM,YEA R,TIME) values ('2222','IS460','7650','SPRING','2013','10 AM'); Insert into OFFERING
- 7. (OFFERING_NUM,COURSE_NUM,FACULTY_ID,TERM,YEA R,TIME) values ('3333','IT480','5430','SPRING','2013','11 AM'); Insert into STUDENT (STUDENT_ID,NAME,MAJOR,STATUS,ADDRESS,GPA) values ('100','ABLE','HISTORY','SR','1 UTAH','3.00'); Insert into STUDENT (STUDENT_ID,NAME,MAJOR,STATUS,ADDRESS,GPA) values ('200','BAKER','ACCOUNTING','JR','2 IOWA','2.70'); Insert into STUDENT (STUDENT_ID,NAME,MAJOR,STATUS,ADDRESS,GPA) values ('300','CHARLES','MATH','SR','3 MAINE','3.50'); Insert into STUDENT (STUDENT_ID,NAME,MAJOR,STATUS,ADDRESS,GPA) values ('400','DRAKE','COMPUTER SCIENCE','FR','4 IDAHO','2.80'); Insert into STUDENT (STUDENT_ID,NAME,MAJOR,STATUS,ADDRESS,GPA) values ('500','ELLIOT','COMPUTER SCIENCE','SM','5 NEVADA','3.25'); /* CREATE CONSTRAINTS */ ALTER TABLE FACULTY ADD CONSTRAINT faculty_pk PRIMARY KEY ( FACULTY_ID );
- 8. ALTER TABLE STUDENT ADD CONSTRAINT student_pk PRIMARY KEY ( STUDENT_ID ); ALTER TABLE OFFERING ADD CONSTRAINT offering_pk PRIMARY KEY ( OFFERING_NUM ); ALTER TABLE OFFERING ADD CONSTRAINT offering_fk FOREIGN KEY ( FACULTY_ID ) REFERENCES FACULTY ( FACULTY_ID ); ALTER TABLE ENROLLMENT ADD CONSTRAINT enrolla_fk FOREIGN KEY ( STUDENT_ID ) REFERENCES STUDENT ( STUDENT_ID ); ALTER TABLE ENROLLMENT ADD CONSTRAINT enrollb_fk FOREIGN KEY ( OFFERING_NUM )
- 9. REFERENCES OFFERING ( OFFERING_NUM ); /* CREATE ROLES */ CREATE ROLE R_STUDENT; CREATE ROLE R_FACULTY; /* GRANT PRIVILEGES */ GRANT SELECT ON STUDENT TO R_STUDENT; GRANT SELECT ON FACULTY TO R_FACULTY; GRANT R_STUDENT TO ABLE,BAKER,CHARLES,DRAKE,ELLIOT; GRANT R_FACULTY TO MARTIN,SEAVER,LOONEY,MILLS; /* F_STUDENT_VIEW CREATION */ CREATE VIEW F_STUDENT_VIEW AS SELECT STUDENT_ID, NAME, MAJOR, STATUS FROM STUDENT;
- 10. /* F_STUDENT_VIEW GRANT TO FACULTY */ GRANT SELECT ON F_STUDENT_VIEW TO R_FACULTY; /* S_STUDENT_UPDATE_ADDRESS CREATION */ CREATE VIEW S_STUDENT_UPDATE_ADDRESS AS SELECT ADDRESS FROM STUDENT WHERE NAME = USER; /* S_STUDENT_UPDATE_ADDRESS GRANT TO STUDENT */ GRANT SELECT, UPDATE ON S_STUDENT_UPDATE_ADDRESS TO R_STUDENT; /* REVOKE GRANTS FROM PROBLEM 2 */ REVOKE SELECT ON STUDENT FROM R_STUDENT; REVOKE SELECT ON FACULTY FROM R_FACULTY; REVOKE R_STUDENT FROM ABLE,BAKER,CHARLES,DRAKE,ELLIOT; REVOKE R_FACULTY FROM
- 11. MARTIN,SEAVER,LOONEY,MILLS; /* OWN_STUDENT_RECORD VIEW CREATION */ CREATE VIEW OWN_STUDENT_RECORD AS SELECT STUDENT_ID, NAME, MAJOR, STATUS, ADDRESS, GPA FROM STUDENT WHERE NAME = USER; /* OWN_FACULTY_RECORD VIEW CREATION */ CREATE VIEW OWN_FACULTY_RECORD AS SELECT FACULTY_ID, NAME, ORGCD, ADDRESS, CC, SALARY, BONUS, RANK FROM FACULTY WHERE NAME = USER; /* GRANT ROLE FOR THE NEW VIEWS */ GRANT SELECT ON OWN_STUDENT_RECORD TO R_STUDENT; GRANT SELECT ON OWN_FACULTY_RECORD TO
- 12. R_FACULTY; /* UPDATE_FACULTY_ADDRESS VIEW CREATION */ CREATE VIEW UPDATE_FACULTY_ADDRESS AS SELECT ADDRESS FROM FACULTY WHERE NAME = USER; /* GRANT SELECT AND UPDATE FOR ADDRESS ON VIEW */ GRANT SELECT, UPDATE ON UPDATE_FACULTY_ADDRESS TO R_FACULTY; --For the Lab example of decode -- --Decode allows a user to see their own values for the column involved SQL> connect michael/[email protected];
- 13. Connected. SQL> show user USER is "MICHAEL" SQL> drop table sal; Table dropped. SQL> create table sal (empno number, hours_entered number, name varchar(10), salary number); Table created. SQL> insert into sal values(001, 8, 'MIKE', 195999); 1 row created. SQL> insert into sal values (002, 7, 'JEFF', 178999);
- 14. 1 row created. SQL> select * from sal; EMPNO HOURS_ENTERED NAME SALARY ---------- ------------- ---------- ---------- 1 8 MIKE 195999 2 7 JEFF 178999 SQL> CREATE OR REPLACE VIEW my_salary 2 AS 3 SELECT empno, 4 hours_entered, 5 name, 6 DECODE (UPPER (name), 7 USER, salary, 8 NULL) salary 9 FROM sal;
- 15. View created. --Note The view my_salary returns a value for salary for the user only --The current user is Michael so Michael gets no Salary information returned SQL> select * from my_salary; EMPNO HOURS_ENTERED NAME SALARY ---------- ------------- ---------- ---------- 1 8 MIKE 2 7 JEFF SQL> show user; USER is "MICHAEL" ---Note the user Mike already exists (if not; create the user Mike)
- 16. SQL> grant select on my_salary to mike; Grant succeeded. SQL> connect mike/[email protected]; Connected. --Mike sees his own salary but not Jeff SQL> select * from michael.my_salary; EMPNO HOURS_ENTERED NAME SALARY ---------- ------------- ---------- ---------- 1 8 MIKE 195999 2 7 JEFF SQL> show user
- 17. USER is "MIKE" SQL> create user jeff identified by j; User created. SQL> grant create session, dba to jeff; Grant succeeded. SQL> connect michael/[email protected]; Connected. SQL> grant select on michael.my_salary to jeff; Grant succeeded. SQL> connect jeff/[email protected]; Connected.
- 18. SQL> select * from michael.my_salary; EMPNO HOURS_ENTERED NAME SALARY ---------- ------------- ---------- ---------- 1 8 MIKE 2 7 JEFF 178999 SQL> show user USER is "JEFF" --For class use--invisible example SQL> connect michael/[email protected]; Connected. SQL> show user; USER is "MICHAEL" SQL> drop table emp_h; Table dropped.
- 19. --Note Title is visible and Salary is invisible SQL> CREATE TABLE EMP_H ( 2 EMP_ID INTEGER CONSTRAINT EMP_H PRIMARY KEY, 3 MANAGER_ID INTEGER, FIRST_NAME VARCHAR2(10) NOT NULL, 4 LAST_NAME VARCHAR2(10) NOT NULL, TITLE VARCHAR2(20) VISIBLE, 5 SALARY NUMBER(6, 0) INVISIBLE 6 ); Table created. SQL> --Note: because of the invisible column this format of insert must be used (listing all columns) SQL> insert into emp_h ( 2 EMP_ID, MANAGER_ID, FIRST_NAME, LAST_NAME, title, salary 3 ) values (
- 20. 4 1, 1, 'Jason', 'Price', 'CEO', 250000 5 ); 1 row created. SQL> --Notice Salary does not show as a column in the query SQL> select * from emp_h; EMP_ID MANAGER_ID FIRST_NAME LAST_NAME TITLE ---------- ---------- ---------- ---------- -------------------- 1 1 Jason Price CEO SQL> --Notice that if you know there is a salary column and where it is (last column) --you can get the value for salary using this format of the select SQL> select EMP_ID, MANAGER_ID, FIRST_NAME, LAST_NAME, title, salary from emp_h;
- 21. EMP_ID MANAGER_ID FIRST_NAME LAST_NAME TITLE SALARY ---------- ---------- ---------- ---------- -------------------- ---------- 1 1 Jason Price CEO 250000 SQL> --Notice salary does not show up in the describe SQL> describe emp_h; Name Null? Type ----------------------------------------- -------- ----------------------- ----- EMP_ID NOT NULL NUMBER(38) MANAGER_ID NUMBER(38) FIRST_NAME NOT NULL VARCHAR2(10) LAST_NAME NOT NULL VARCHAR2(10) TITLE VARCHAR2(20)
- 22. SQL> select * from emp_h; EMP_ID MANAGER_ID FIRST_NAME LAST_NAME TITLE ---------- ---------- ---------- ---------- -------------------- 1 1 Jason Price CEO --Example if we make title invisible and salary visible SQL> alter table emp_h modify ( 2 title invisible, 3 salary visible 4 ); Table altered. SQL> SQL> select * from emp_h;
- 23. EMP_ID MANAGER_ID FIRST_NAME LAST_NAME SALARY ---------- ---------- ---------- ---------- ---------- 1 1 Jason Price 250000 SQL> select EMP_ID, MANAGER_ID, FIRST_NAME, LAST_NAME, title, salary from emp_h; EMP_ID MANAGER_ID FIRST_NAME LAST_NAME TITLE SALARY ---------- ---------- ---------- ---------- -------------------- ---------- 1 1 Jason Price CEO 250000 SQL> --and back the way it was SQL> alter table emp_h modify ( 2 title visible, 3 salary invisible 4 );
- 24. Table altered. SQL> SQL> SQL> select * from emp_h; EMP_ID MANAGER_ID FIRST_NAME LAST_NAME TITLE ---------- ---------- ---------- ---------- -------------------- 1 1 Jason Price CEO SQL> select EMP_ID, MANAGER_ID, FIRST_NAME, LAST_NAME, title, salary from emp_h; EMP_ID MANAGER_ID FIRST_NAME LAST_NAME TITLE SALARY ---------- ---------- ---------- ---------- -------------------- ---------- 1 1 Jason Price CEO 250000
- 25. SQL>