Views and security

Security and Integrity

Database Systems Lecture 11

In This Lecture
• Today database Security and Integrity:
• Aspects of security
• Access to databases
• Making sure the correct data goes in.

1) Privileges
2) Views
3) Integrity constraints

• For more information
• Connolly and Begg chapters 6 and 19

Database Security
• Database security is • Many aspects to
about controlling access consider for security:
to information

• Some information • Legal issues
should be available • Physical security
freely • OS/Network security
• Security policies and
• Other information should
protocols
only be available to
certain people or groups • Encryption and
passwords
• DBMS security


Now then, now then…
• DBMS can provide
some security: • The DBMS verifies
password and checks
a user’s permissions
• Each user has an
account, username when they try to
and password either:

• These are used to • Retrieve data
identify a user and • Modify data
control their access to
• Modify the database
information
structure


Permissions and Privilege
• SQL uses privileges • The owner (creator)
to control access to of a database has all
privileges on all
tables and other objects in the
database objects: database, and can
grant these to others
• SELECT privilege
• INSERT privilege • The owner (creator)
of an object has all
• UPDATE privilege
privileges on that
• DELETE privilege object and can pass
them on to others


Privileges in SQL
GRANT <privileges> • <users> is a list of user
names or PUBLIC
ON <object>
TO <users> • <object> is the name of
[WITH GRANT OPTION] a table or view (later)

• <privileges> is a list of • WITH GRANT OPTION
SELECT <columns>, means that the users can
INSERT <columns>, pass their privileges on
to others
DELETE, and
UPDATE <columns>,
or simply ALL


Privileges Examples
GRANT ALL ON Employee GRANT SELECT,
TO Scooby UPDATE(Salary) ON
WITH GRANT OPTION Employee TO Shaggy

The user ‘Scooby’ can do The user ‘Shaggy’ can
anything to the Employee view the entire Employee
table, and can allow other table, and can change
users to do the same (by Salary values, but cannot
using GRANT statements) change other values or pass
on their privilege


Removing Privileges
• If you want to • If a user has been
remove a privilege given the same
you have granted privilege from other
you use: users then they keep
it. Everyone has to
revoke them.
REVOKE <privileges>
ON <object> • However all
FROM <users> privileges dependent
on the revoked one
are also revoked


An example. …

•‘Waqas’ grants ALL Waqas
privileges to ‘Saleem’, and
SELECT to ‘Sajid’ with the SELECT ALL
grant option

•‘Sajid’ grants SELECT to Sajid Saleem
‘Saqib’
SELECT ALL
•‘Saleem’ grants ALL to
‘Saqib’
Saqib


Removing Privileges. Rut-ro…

•Saqib quickly begins to
annoy everyone so Saleem Waqas
revokes ALL from him…
SELECT ALL
•N.b. Saqib still has SELECT
privileges from ‘Sajid’…
Sajid Saleem
•Waqas revokes SELECT from
SELECT ALL
Sajid…

•And as a consequence Saqib Saqib
loses SELECT also


Views
• Now Privileges work • But Views provide
at the level of ‘derived’ tables:
tables:
• You can restrict • A view is the result of
access by column a SELECT statement
which is treated like a
• You cannot restrict table
access by row

• You can SELECT from
• Views, along with (and sometimes
privileges, allow for UPDATE, etc) views
just like tables
customised access.

Creating Views
CREATE VIEW <name> • Example:
AS <select stmt>
• We want each user to
• <name> is the name be able to view the
names and phone
of the new view.
numbers (only) of
• <select stmt> is a those employees that
are in their own
query that returns department
the rows and
columns of the view


View Example
• Say we want each user to be able to view the names
and phone numbers (only) of those employees in their
own department.

• In Oracle, you can refer to the current user as USER

Employee
ID Name Phone Department Salary
E158 Mark x6387 Accounts £15,000
E159 Mary x6387 Marketing £15,000
E160 Jane x6387 Marketing £15,000


View Example

CREATE VIEW OwnDept AS
SELECT Name, Phone FROM Employee
WHERE Department =
(SELECT Department FROM Employee
WHERE name = USER)

GRANT SELECT ON OwnDept TO PUBLIC


Using Views and Privileges
• Views and privileges are
used together to control User 1 User 2 User 3
access

• A view is made which
contains the information External External
needed View 1 View 2

• Privileges are granted to
that view, rather than Conceptual
the underlying tables DBA
View


View Updating
• Views are like virtual tables:
• Their value depends on the ‘base’ tables that they
are defined from

• You can select from views just like a table

So what the dickens happens
to the updates, inserts, and
deletes?


View Updating

• Updates to the base tables change the views
and vice-versa

• But it is often not clear how to change the base
tables to make the desired change to the view.

• This also affects stuff like Java’s ResultSet.

• Are there any rules to make it clear when
updates, inserts and deletes are possible and
when they are not?


View Updating
• In general it is • In general it is not
possible to update possible to update
views which: views which

• Are defined on a • Are defined on more
single table than one base table
by a join operation
• Contain at least one
primary or candidate • Contain aggregate
key for that relation functions and group
by clauses


Example: Module Enrolment Student
Code Dept ID Code ID Name
DBS CSIT 123 DBS 123 John
RDB CSIT 123 ALG 124 Mary
ALG Math 124 DBS 125 Chris
124 RDB
125 ALG

CREATE VIEW CSIT AS
SELECT S.ID, S.Name, Count(*) AS Num
FROM Student AS S,
Enrolment AS E,
Module AS M
WHERE S.ID = E.ID ID Name Num
AND E.Code = M.Code
AND M.Dept = ‘CSIT’
123 John 1
GROUP BY S.ID, S.Name 124 Mary 2


View Updating Example
CSIT ID Name Num
123 Saqib 1
124 Mahd 2

UPDATE CSIT SET Num = 1 cannot update the result of the
WHERE Name= ‘Saqib’ aggregate function COUNT()…

DELETE FROM CSIT cannot delete because we have
joined several tables to create
WHERE Name = ‘Saqib’
this view…

INSERT INTO CSIT cannot insert because we have
joined several tables and none
VALUES (126, ‘Asif’, 1) have Num in anyway!

Combining Views and
Privileges
To restrict someone's access Employee
to a table:
ID Name Salary Department
• Create a view of that
table that shows only the
information they need to
see. • Say we want to let
the user 'John' read
• Grant them privileges on
the view . the department and
name, and be able to
• Revoke any privileges update the
they have on the
original table department (only)


Using Views and Privileges
Create a view: Set the privileges:

CREATE VIEW forSaqib GRANT SELECT,
AS SELECT Name, UPDATE (Department)
Department ON forSaqib
FROM Employee TO John

REVOKE ALL ON
forSaqib FROM Saqib


Database Integrity
• Security vs Integrity • Integrity constraints

• Domain constraints
• Database security apply to data types
makes sure that the
user is authorised to
access information • Attribute constraints
apply to columns

• Database integrity • Relation constraints
makes sure that apply to rows in a single
(authorised) users table
manipulate that
information correctly • Database constraints
apply between tables

1 Example CHECK
• A check statement allows you to constrain
what can be entered into the database.
• I.e. you can define what makes it consistent.

CREATE TABLE Poker_players
(
name VARCHAR(32),
age INTEGER
CHECK (age > 18) CHECK that we
) only have legal
poker players

Views and security

More Related Content

Similar to Views and security (20)

More from farhan amjad (6)

Recently uploaded (20)

Views and security