SlideShare a Scribd company logo

Database Security Slide Handout

Anne Lee, profile picture
Anne Lee

The document outlines key aspects of database security, emphasizing the importance of restricting data access and modifications to qualified users only. It discusses the SQL security model, which includes user IDs, objects involved, and different types of privileges associated with data operations. Additionally, it provides syntax examples for granting and revoking user privileges within various database management systems.

Data & Analytics
1 of 11
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
F0004 * Property of STI Page 1 of 11 Database Security Introduction to Database Security  The security issues that the database users or administrators must address are broken down into basic situations as follows:  Accessing data in a table should be limited only to qualified users.  Modifying tables must be limited only to qualified users with administrator rights.  Accessibility to columns/rows of a table must be defined for certain users.
F0004 * Property of STI Page 2 of 11 Database Security The SQL Security Model  The SQL security model provides a basic syntax used to specify security restrictions.  There are three concepts of SQL security as follows: • Users • Objects • Privileges
F0004 * Property of STI Page 3 of 11 Database Security The SQL Security Model Figure 11.1 Assigning Privileges
F0004 * Property of STI Page 4 of 11 Database Security User IDs  Setting up security begins with creating user IDs and passwords that varies enormously from DBMS to DBMS.  In a secure DBMS, a user ID is a name/password pair that allows some entity to perform actions in the database.
F0004 * Property of STI Page 5 of 11 Database Security Objects  The SQL standard defines security in terms of objects to which actions are performed.  In the SQL1 standard, the only objects that security is applied are tables and views. Figure 11.2 Using Grant
F0004 * Property of STI Page 6 of 11 Database Security Privileges  Privileges are issued via the GRANT command and are taken away via the REVOKE command.  The privileges that can be granted are divided into four groups:  Column privileges relate to one specific column of a table.  Table privileges relate to all data of one specific table.  Database privileges relate to all tables of one specific database.  User privileges relate to all databases that are known to SQL.
F0004 * Property of STI Page 7 of 11 Database Security Privileges  There are two types of privileges:  System privileges  Object privileges  SQL supports the following object privileges:  SELECT  INSERT  DELETE  UPDATE  REFERENCES  ALTER  INDEX
F0004 * Property of STI Page 8 of 11 Database Security Adding Users  Some DBMSs have SQL statements, extensions to the SQL standard specific to that DBMS that allow creating users.  In Oracle the statement is as follow: CREATE USER username IDENTIFIED {BY password | EXTERNALLY | GLOBALLY AS external_name} Options  In Sybase, the syntax is as follow: GRANT CONNECT TO userid , . . . [ AT starting-id ] IDENTIFIED BY password, . . .
F0004 * Property of STI Page 9 of 11 Database Security Granting Privileges  The basic GRANT statement is used to grant security privileges on database objects to specific users or, in some DBMS implementations, to groups.  The syntax is as follow: GRANT { ALL [ PRIVILEGES ], ALTER, DELETE, INSERT, REFERENCES [ ( column- name, . . . ) ], SELECT [ ( column-name, . . . ) ], UPDATE [ ( column-name, . . . ) ], } ON [ owner.]table-name TO userid , . . . [ WITH GRANT OPTION ] [ FROM userid ]
F0004 * Property of STI Page 10 of 11 Database Security Granting Privileges  Example: GRANT SELECT, UPDATE ( street ) ON employee TO Laurel
F0004 * Property of STI Page 11 of 11 Database Security Revoking Privileges  Use the REVOKE statement if you have granted privileges and later you need to revoke these privileges.  Syntax 1 REVOKE special-priv , . . . FROM userid , . . . special-priv : CONNECT  Syntax 2 REVOKE table-priv , . . . ON [ owner.]table-name FROM userid , . . . table-priv : ALL [PRIVILEGES] | ALTER | DELETE | INSERT | REFERENCES [ ( column-name, . . . ) ] | SELECT [ ( column-name, . . . ) ] | UPDATE [ ( column-name, . . . ) ]

More Related Content

PPTX
Database security
Software Engineering
 
PDF
Database Security - IG
Anne Lee
 
PDF
Database security issues
n|u - The Open Security Community
 
PPTX
Database modeling and security
Neeharika Nidadavolu
 
PPT
Dbms ii mca-ch12-security-2013
Prosanta Ghosh
 
PPTX
Security of the database
Pratik Tamgadge
 
PDF
Microsoft certified professional_Izhar Md Fisol
Izhar Md Fisol
 
PPTX
Distributed database security with discretionary access control
Jyotishkar Dey
 
Database security
Software Engineering
 
Database Security - IG
Anne Lee
 
Database security issues
n|u - The Open Security Community
 
Database modeling and security
Neeharika Nidadavolu
 
Dbms ii mca-ch12-security-2013
Prosanta Ghosh
 
Security of the database
Pratik Tamgadge
 
Microsoft certified professional_Izhar Md Fisol
Izhar Md Fisol
 
Distributed database security with discretionary access control
Jyotishkar Dey
 

What's hot (16)

PPT
Data base security
Sara Nazir
 
PPTX
Database Security
ShingalaKrupa
 
PPTX
Database security
Arpana shree
 
PPT
Chapter23
gourab87
 
PPTX
Database security and security in networks
Prachi Gulihar
 
PPTX
security and privacy in dbms and in sql database
gourav kottawar
 
PPTX
Data base security & integrity
Pooja Dixit
 
PPTX
01 database security ent-db
uncleRhyme
 
PDF
2010 db security
Wayne Evans
 
PPT
Database administration and security
Mohd Arif
 
PDF
Database security
keerthusandeepreddy
 
PPT
Database security copy
fika sweety
 
PPT
Database security
CAS
 
PDF
Database security
Murchana Borah
 
PPTX
MS SQL server audit
Portcullis Computer Security
 
PPT
DB security
ERSHUBHAM TIWARI
 
Data base security
Sara Nazir
 
Database Security
ShingalaKrupa
 
Database security
Arpana shree
 
Chapter23
gourab87
 
Database security and security in networks
Prachi Gulihar
 
security and privacy in dbms and in sql database
gourav kottawar
 
Data base security & integrity
Pooja Dixit
 
01 database security ent-db
uncleRhyme
 
2010 db security
Wayne Evans
 
Database administration and security
Mohd Arif
 
Database security
keerthusandeepreddy
 
Database security copy
fika sweety
 
Database security
CAS
 
Database security
Murchana Borah
 
MS SQL server audit
Portcullis Computer Security
 
DB security
ERSHUBHAM TIWARI
 
Ad

Viewers also liked (6)

PDF
Id theft handout individual june 2011
Lawrence Medical Managers
 
PDF
Server-Client Hybrid UI
jojule
 
PDF
RIA Security - Broken By Design
jojule
 
PDF
Vaadin 7 CN
jojule
 
PDF
Internship Report on Building Construction
Esmael Aragaw
 
PPTX
Building Construction
Wilden How
 
Id theft handout individual june 2011
Lawrence Medical Managers
 
Server-Client Hybrid UI
jojule
 
RIA Security - Broken By Design
jojule
 
Vaadin 7 CN
jojule
 
Internship Report on Building Construction
Esmael Aragaw
 
Building Construction
Wilden How
 
Ad

Similar to Database Security Slide Handout (20)

PDF
Database Security Handout
Anne Lee
 
PDF
Sql ch 15 - sql security
Mukesh Tekwani
 
PPT
8034.ppt
ssuser77162c
 
PPT
UNIT-1-Security.ppt
DharaDarji5
 
PDF
Chapter 6 Database Security and Authorization (4).pdf
abrehamcheru14
 
PPTX
Database Security Methods, DAC, MAC,View
Dr-Dipali Meher
 
PPTX
Security in Relational model
Slideshare
 
PPT
Security and Authorization introductory notes.ppt
SubburamSivakumar1
 
PDF
ch23-Database Security and Authorization.pdf
MULE38
 
PDF
ch23-Database Security and Authorization.pdf
MULE38
 
PPTX
Database security and privacy
Md. Ahasan Hasib
 
PPTX
Presentation on Database Security in DBMS
Gaurav977214
 
PPT
DBMS Security.ppt
Amman Arab University
 
PPT
Database_Security.ppt
missionsk81
 
PPTX
Database Management System Security.pptx
Roshni814224
 
PDF
Database security
pusp220
 
PPTX
unit 5 in the database for master of Engineering
poonkodiraja2806
 
PPTX
Group 8 - Database Security Version 1.pptx
HenryQuang1
 
PPT
Views and security
farhan amjad
 
PPT
Views and security
farhan amjad
 
Database Security Handout
Anne Lee
 
Sql ch 15 - sql security
Mukesh Tekwani
 
8034.ppt
ssuser77162c
 
UNIT-1-Security.ppt
DharaDarji5
 
Chapter 6 Database Security and Authorization (4).pdf
abrehamcheru14
 
Database Security Methods, DAC, MAC,View
Dr-Dipali Meher
 
Security in Relational model
Slideshare
 
Security and Authorization introductory notes.ppt
SubburamSivakumar1
 
ch23-Database Security and Authorization.pdf
MULE38
 
ch23-Database Security and Authorization.pdf
MULE38
 
Database security and privacy
Md. Ahasan Hasib
 
Presentation on Database Security in DBMS
Gaurav977214
 
DBMS Security.ppt
Amman Arab University
 
Database_Security.ppt
missionsk81
 
Database Management System Security.pptx
Roshni814224
 
Database security
pusp220
 
unit 5 in the database for master of Engineering
poonkodiraja2806
 
Group 8 - Database Security Version 1.pptx
HenryQuang1
 
Views and security
farhan amjad
 
Views and security
farhan amjad
 

More from Anne Lee (20)

PDF
Week 17 slides 1 7 multidimensional, parallel, and distributed database
Anne Lee
 
PDF
Data mining
Anne Lee
 
PDF
Data warehousing
Anne Lee
 
PDF
Database backup and recovery
Anne Lee
 
PDF
Database monitoring and performance management
Anne Lee
 
PDF
transportation and assignment models
Anne Lee
 
PDF
03 laboratory exercise 1 - WORKING WITH CTE
Anne Lee
 
PDF
02 laboratory exercise 1 - RETRIEVING DATA FROM SEVERAL TABLES
Anne Lee
 
PDF
01 laboratory exercise 1 - DESIGN A SIMPLE DATABASE APPLICATION
Anne Lee
 
DOCX
Indexes - INSTRUCTOR'S GUIDE
Anne Lee
 
PDF
07 ohp slides 1 - INDEXES
Anne Lee
 
PDF
07 ohp slide handout 1 - INDEXES
Anne Lee
 
PDF
Wk 16 ses 43 45 makrong kasanayan sa pagsusulat
Anne Lee
 
PDF
Wk 15 ses 40 42 makrong kasanayan sa pagbabasa
Anne Lee
 
PDF
Wk 13 ses 35 37 makrong kasanayan sa pagsasalita
Anne Lee
 
PDF
Wk 12 ses 32 34 makrong kasanayan sa pakikinig
Anne Lee
 
PDF
Wk 11 ses 29 31 konseptong pangkomunikasyon - FILIPINO 1
Anne Lee
 
PPSX
07 lcd slides 1 - DEADLOCKS POWERPOINT
Anne Lee
 
PPSX
06 lcd slides 1 - PROCESS SYNCHRONIZATION POWERPOINT
Anne Lee
 
PPSX
05 lcd slides 1 - CPU SCHEDULING (Powerpoint)
Anne Lee
 
Week 17 slides 1 7 multidimensional, parallel, and distributed database
Anne Lee
 
Data mining
Anne Lee
 
Data warehousing
Anne Lee
 
Database backup and recovery
Anne Lee
 
Database monitoring and performance management
Anne Lee
 
transportation and assignment models
Anne Lee
 
03 laboratory exercise 1 - WORKING WITH CTE
Anne Lee
 
02 laboratory exercise 1 - RETRIEVING DATA FROM SEVERAL TABLES
Anne Lee
 
01 laboratory exercise 1 - DESIGN A SIMPLE DATABASE APPLICATION
Anne Lee
 
Indexes - INSTRUCTOR'S GUIDE
Anne Lee
 
07 ohp slides 1 - INDEXES
Anne Lee
 
07 ohp slide handout 1 - INDEXES
Anne Lee
 
Wk 16 ses 43 45 makrong kasanayan sa pagsusulat
Anne Lee
 
Wk 15 ses 40 42 makrong kasanayan sa pagbabasa
Anne Lee
 
Wk 13 ses 35 37 makrong kasanayan sa pagsasalita
Anne Lee
 
Wk 12 ses 32 34 makrong kasanayan sa pakikinig
Anne Lee
 
Wk 11 ses 29 31 konseptong pangkomunikasyon - FILIPINO 1
Anne Lee
 
07 lcd slides 1 - DEADLOCKS POWERPOINT
Anne Lee
 
06 lcd slides 1 - PROCESS SYNCHRONIZATION POWERPOINT
Anne Lee
 
05 lcd slides 1 - CPU SCHEDULING (Powerpoint)
Anne Lee
 

Recently uploaded (20)

PPTX
iec ppt-1 pptx icmr ppt on rehabilitation.pptx
thirishadevan81
 
PPTX
climate analysis of Dhaka ,Banglades.pptx
rrawjatun
 
PDF
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
PDF
Mega Projects Data Mega Projects Data
saidsalah8181
 
PPTX
STUDY DESIGN details- Lt Col Maksud (21).pptx
AyeshaAsha11
 
PPTX
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
PPTX
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
PDF
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
PPTX
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
PDF
Introduction to Business Data Analytics.
jamalmumthaj
 
PDF
168300704-gasification-ppt.pdfhghhhsjsjhsuxush
sriram270905
 
PDF
.pdf is not working space design for the following data for the following dat...
jerinjoy242
 
PPT
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
PPT
Chapter 2 METAL FORMINGhhhhhhhjjjjmmmmmmmmm
JanakiRaman206018
 
PPTX
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
hildogavino28
 
PPTX
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
PDF
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
PPTX
advance b rammar.pptxfdgdfgdfsgdfgsdgfdfgdfgsdfgdfgdfg
rohullahansari5
 
PDF
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
PPTX
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 
iec ppt-1 pptx icmr ppt on rehabilitation.pptx
thirishadevan81
 
climate analysis of Dhaka ,Banglades.pptx
rrawjatun
 
Galatica Smart Energy Infrastructure Startup Pitch Deck
Shahzaib Ajmal
 
Mega Projects Data Mega Projects Data
saidsalah8181
 
STUDY DESIGN details- Lt Col Maksud (21).pptx
AyeshaAsha11
 
Introduction to Firewall Analytics - Interfirewall and Transfirewall.pptx
kuthubussaman1
 
Introduction to Knowledge Engineering Part 1
busyprogrammersguide
 
Fluorescence-microscope_Botany_detailed content
dollydoll12
 
Introduction to Basics of Ethical Hacking and Penetration Testing -Unit No. 1...
AshutoshDeshmukh33
 
Introduction to Business Data Analytics.
jamalmumthaj
 
168300704-gasification-ppt.pdfhghhhsjsjhsuxush
sriram270905
 
.pdf is not working space design for the following data for the following dat...
jerinjoy242
 
Miokarditis (Inflamasi pada Otot Jantung)
NandaAndini1
 
Chapter 2 METAL FORMINGhhhhhhhjjjjmmmmmmmmm
JanakiRaman206018
 
CEE 2 REPORT G7.pptxbdbshjdgsgjgsjfiuhsd
hildogavino28
 
Major-Components-ofNKJNNKNKNKNKronment.pptx
dushyantsharma1221
 
Recruitment and Placement PPT.pdfbjfibjdfbjfobj
Alka392097
 
advance b rammar.pptxfdgdfgdfsgdfgsdgfdfgdfgsdfgdfgdfg
rohullahansari5
 
"Python Programming for Geospatial Data Science." ...
institute of Geoinformatics and Earth Observation at PMAS ARID Agriculture University of Rawalpindi
 
1_Introduction to advance data techniques.pptx
AshutoshDeshmukh33
 

Database Security Slide Handout

  • 1. F0004 * Property of STI Page 1 of 11 Database Security Introduction to Database Security  The security issues that the database users or administrators must address are broken down into basic situations as follows:  Accessing data in a table should be limited only to qualified users.  Modifying tables must be limited only to qualified users with administrator rights.  Accessibility to columns/rows of a table must be defined for certain users.
  • 2. F0004 * Property of STI Page 2 of 11 Database Security The SQL Security Model  The SQL security model provides a basic syntax used to specify security restrictions.  There are three concepts of SQL security as follows: • Users • Objects • Privileges
  • 3. F0004 * Property of STI Page 3 of 11 Database Security The SQL Security Model Figure 11.1 Assigning Privileges
  • 4. F0004 * Property of STI Page 4 of 11 Database Security User IDs  Setting up security begins with creating user IDs and passwords that varies enormously from DBMS to DBMS.  In a secure DBMS, a user ID is a name/password pair that allows some entity to perform actions in the database.
  • 5. F0004 * Property of STI Page 5 of 11 Database Security Objects  The SQL standard defines security in terms of objects to which actions are performed.  In the SQL1 standard, the only objects that security is applied are tables and views. Figure 11.2 Using Grant
  • 6. F0004 * Property of STI Page 6 of 11 Database Security Privileges  Privileges are issued via the GRANT command and are taken away via the REVOKE command.  The privileges that can be granted are divided into four groups:  Column privileges relate to one specific column of a table.  Table privileges relate to all data of one specific table.  Database privileges relate to all tables of one specific database.  User privileges relate to all databases that are known to SQL.
  • 7. F0004 * Property of STI Page 7 of 11 Database Security Privileges  There are two types of privileges:  System privileges  Object privileges  SQL supports the following object privileges:  SELECT  INSERT  DELETE  UPDATE  REFERENCES  ALTER  INDEX
  • 8. F0004 * Property of STI Page 8 of 11 Database Security Adding Users  Some DBMSs have SQL statements, extensions to the SQL standard specific to that DBMS that allow creating users.  In Oracle the statement is as follow: CREATE USER username IDENTIFIED {BY password | EXTERNALLY | GLOBALLY AS external_name} Options  In Sybase, the syntax is as follow: GRANT CONNECT TO userid , . . . [ AT starting-id ] IDENTIFIED BY password, . . .
  • 9. F0004 * Property of STI Page 9 of 11 Database Security Granting Privileges  The basic GRANT statement is used to grant security privileges on database objects to specific users or, in some DBMS implementations, to groups.  The syntax is as follow: GRANT { ALL [ PRIVILEGES ], ALTER, DELETE, INSERT, REFERENCES [ ( column- name, . . . ) ], SELECT [ ( column-name, . . . ) ], UPDATE [ ( column-name, . . . ) ], } ON [ owner.]table-name TO userid , . . . [ WITH GRANT OPTION ] [ FROM userid ]
  • 10. F0004 * Property of STI Page 10 of 11 Database Security Granting Privileges  Example: GRANT SELECT, UPDATE ( street ) ON employee TO Laurel
  • 11. F0004 * Property of STI Page 11 of 11 Database Security Revoking Privileges  Use the REVOKE statement if you have granted privileges and later you need to revoke these privileges.  Syntax 1 REVOKE special-priv , . . . FROM userid , . . . special-priv : CONNECT  Syntax 2 REVOKE table-priv , . . . ON [ owner.]table-name FROM userid , . . . table-priv : ALL [PRIVILEGES] | ALTER | DELETE | INSERT | REFERENCES [ ( column-name, . . . ) ] | SELECT [ ( column-name, . . . ) ] | UPDATE [ ( column-name, . . . ) ]