Security in Relational model
Download as PPTX, PDF0 likes834 views
This document discusses database security and the use of GRANT and REVOKE statements in SQL. It defines authorization identifiers as database users assigned by the DBA. The owner of an object can grant privileges on it to other users using GRANT, and revoke those privileges using REVOKE. GRANT allows specifying privileges like SELECT, INSERT, UPDATE, DELETE etc. and REVOKE removes privileges that were previously granted. Both statements identify the user or users, object, and privileges involved.
![Syntax
Used to grant all privileges to a
user instead of having to
specify the 6 privileges
individually
Syntax:
GRANT [privilege list / All PRIVILEGES]
On object name
To {authorization id list / PUBLIC }
Allow access to be granted to
[WITH GRANT OPTION]
all
present
and
future
Privilege list consists of one or more of the authorized users not just to the
users currently known to the
following
DBMS.
privileges separated by commas;
Select
Can be the name of a base
Delete
table, view, domain, character
Insert[ (column name[….]) ]
set, collation or translation
Update (column name[….]) ]
References (column name[….]) ]
Usage
Clause allows the users in
authorizationIdList to pass the
privileges to other user.](https://image.slidesharecdn.com/security-140121122938-phpapp02/85/Security-in-Relational-model-9-320.jpg)
![GRANT OPTION FOR allows
privileges passed on via the
WITH GRANT OPTION of the
GRANT statement to be revoked
from the privileges themselves.
Syntax
ALL PRIVILEGES granted to
a user by the user revoking
the privileges.
REVOKE [GRANT OPTION FOR] {privilege
List/ALL PRIVILEGES]
ON objectName
FROM { AuthorizationIdList / PUBLIC }
[RESTRICT / CASCADE]](https://image.slidesharecdn.com/security-140121122938-phpapp02/85/Security-in-Relational-model-14-320.jpg)
Security in Relational model
- 1. Security V. Saranya AP/CSE, Sri Vidya College of Engg & Tech, virudhunagar
- 2. • A DBMS should provide a mechanism to ensure that “only authorized users can access the database”
- 3. GRANT AND REVOKE • SQL provides “GRANT” and “REVOKE” statements to “allow security” to be set up on the tables in the database.
- 4. Security Concepts • Authorization identifiers • Ownership • privileges
- 5. Authorization Identifiers • are “Database users” assigned by DBA.
- 6. Owner • “Can pass privileges” on to other users using the “GRANT” statement and can cancel the privileges passed on using “REVOKE” statement.
- 7. Privileges • Are the actions that a user is permitted. – Select privilege to retrieve data from the table – Insert privilege to insert new rows into a table. – Update Privilege to modify rows of data in a table. – Delete Privilege to delete rows of data from a table. – References Privilege to reference columns of a named table in integrity constraints. – Usage Privilege to use domains, collations, character sets and translations.
- 8. Granting Privilege to other users • Used to GRANT privileges on database objects to specified users. • GRANT statement is used by the owner of a table to give other users access to the data.
- 9. Syntax Used to grant all privileges to a user instead of having to specify the 6 privileges individually Syntax: GRANT [privilege list / All PRIVILEGES] On object name To {authorization id list / PUBLIC } Allow access to be granted to [WITH GRANT OPTION] all present and future Privilege list consists of one or more of the authorized users not just to the users currently known to the following DBMS. privileges separated by commas; Select Can be the name of a base Delete table, view, domain, character Insert[ (column name[….]) ] set, collation or translation Update (column name[….]) ] References (column name[….]) ] Usage Clause allows the users in authorizationIdList to pass the privileges to other user.
- 10. Example 1 Give the user with authorization identifier manager full privileges to the staff table. GRANT ALL PRIVILEGES ON STAFF TO manager WITH GRANT OPTION;
- 11. Example 2 Give users personnel and director the privileges select and update on column salary of the staff table. GRANT SELECT ,UPDATE (salary) ON staff WITH GRANT FOR is omitted, here the users TO personnel, Director; personnel & Director cannot pass the privileges on to other users.
- 12. Example 3 Give all users the privileges SELECT on the branch table. GRANT SELECT ON BRANCH TO PUBLIC; Means that all users are able to retrieve all the data in the branch table.
- 13. REVOKE • Revoke statement is used to take away all or some of the privileges that were previously granted to a user.
- 14. GRANT OPTION FOR allows privileges passed on via the WITH GRANT OPTION of the GRANT statement to be revoked from the privileges themselves. Syntax ALL PRIVILEGES granted to a user by the user revoking the privileges. REVOKE [GRANT OPTION FOR] {privilege List/ALL PRIVILEGES] ON objectName FROM { AuthorizationIdList / PUBLIC } [RESTRICT / CASCADE]
- 15. Example 1 Revoke the privilege SELECT on the branch table from all users. REVOKE SELECT ON branch FROM PUBLIC;
- 16. Example 2 REVOKE all privileges you have given to Director on the staff table. REVOKE ALL PRIVILEGES ON STAFF FROM director;