SlideShare ist ein Scribd-Unternehmen logo

Views and security

Als PPT, PDF herunterladen
farhan amjad
farhan amjad
Bildung
1 von 24
Security and Integrity Database Systems Lecture 11
In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity

Empfohlen

Inheritance in OOPS
Inheritance in OOPSInheritance in OOPS
Inheritance in OOPSRonak Chhajed
 
Java - Sockets
Java - SocketsJava - Sockets
Java - SocketsRiccardo Cardin
 
MYSQL.ppt
MYSQL.pptMYSQL.ppt
MYSQL.pptwebhostingguy
 
SQL Views
SQL ViewsSQL Views
SQL Viewsbaabtra.com - No. 1 supplier of quality freshers
 
JDBC: java DataBase connectivity
JDBC: java DataBase connectivityJDBC: java DataBase connectivity
JDBC: java DataBase connectivityTanmoy Barman
 
This keyword in java
This keyword in javaThis keyword in java
This keyword in javaHitesh Kumar
 
Bootstrap
BootstrapBootstrap
BootstrapJadson Santos
 
Inheritance in c++
Inheritance in c++Inheritance in c++
Inheritance in c++Paumil Patel
 

Empfohlen

Inheritance in OOPS
Inheritance in OOPSInheritance in OOPS
Inheritance in OOPSRonak Chhajed
 
Java - Sockets
Java - SocketsJava - Sockets
Java - SocketsRiccardo Cardin
 
MYSQL.ppt
MYSQL.pptMYSQL.ppt
MYSQL.pptwebhostingguy
 
SQL Views
SQL ViewsSQL Views
SQL Viewsbaabtra.com - No. 1 supplier of quality freshers
 
JDBC: java DataBase connectivity
JDBC: java DataBase connectivityJDBC: java DataBase connectivity
JDBC: java DataBase connectivityTanmoy Barman
 
This keyword in java
This keyword in javaThis keyword in java
This keyword in javaHitesh Kumar
 
Bootstrap
BootstrapBootstrap
BootstrapJadson Santos
 
Inheritance in c++
Inheritance in c++Inheritance in c++
Inheritance in c++Paumil Patel
 
Data Manipulation Language
Data Manipulation LanguageData Manipulation Language
Data Manipulation LanguageJas Singh Bhasin
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)Gurjot Singh
 
NESTED SUBQUERY.pptx
NESTED SUBQUERY.pptxNESTED SUBQUERY.pptx
NESTED SUBQUERY.pptxAnusha sivakumar
 
String, string builder, string buffer
String, string builder, string bufferString, string builder, string buffer
String, string builder, string bufferSSN College of Engineering, Kalavakkam
 
MULTI THREADING IN JAVA
MULTI THREADING IN JAVAMULTI THREADING IN JAVA
MULTI THREADING IN JAVAVINOTH R
 
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...Simplilearn
 
Characteristics of OOPS
Characteristics of OOPS Characteristics of OOPS
Characteristics of OOPS abhishek kumar
 
Introduction to Design Pattern
Introduction to Design PatternIntroduction to Design Pattern
Introduction to Design PatternSanae BEKKAR
 
Introduction to Visual Studio.NET
Introduction to Visual Studio.NETIntroduction to Visual Studio.NET
Introduction to Visual Studio.NETDutch Dasanaike {LION}
 
Chapter23
Chapter23Chapter23
Chapter23gourab87
 
DBMS Notes: DDL DML DCL
DBMS Notes: DDL DML DCLDBMS Notes: DDL DML DCL
DBMS Notes: DDL DML DCLSreedhar Chowdam
 
Structured Query Language (SQL)
Structured Query Language (SQL)Structured Query Language (SQL)
Structured Query Language (SQL)Syed Hassan Ali
 
Lecture 04 normalization
Lecture 04 normalization Lecture 04 normalization
Lecture 04 normalization emailharmeet
 
Java Data Types
Java Data TypesJava Data Types
Java Data TypesSpotle.ai
 
Trigger
TriggerTrigger
TriggerVForce Infotech
 
ER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMSER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMSssuser20b618
 
Assemblies
AssembliesAssemblies
AssembliesJanas Khan
 
Inheritance in java
Inheritance in javaInheritance in java
Inheritance in javaRahulAnanda1
 
Arrays in Java
Arrays in JavaArrays in Java
Arrays in JavaAbhilash Nair
 
Features of java
Features of javaFeatures of java
Features of javaWILLFREDJOSE W
 
The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionislam is terrorism realy
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bibleislam is terrorism realy
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data Manipulation Language
Data Manipulation LanguageData Manipulation Language
Data Manipulation LanguageJas Singh Bhasin
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)Gurjot Singh
 
MULTI THREADING IN JAVA
MULTI THREADING IN JAVAMULTI THREADING IN JAVA
MULTI THREADING IN JAVAVINOTH R
 
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...Simplilearn
 
Characteristics of OOPS
Characteristics of OOPS Characteristics of OOPS
Characteristics of OOPS abhishek kumar
 
Introduction to Design Pattern
Introduction to Design PatternIntroduction to Design Pattern
Introduction to Design PatternSanae BEKKAR
 
Structured Query Language (SQL)
Structured Query Language (SQL)Structured Query Language (SQL)
Structured Query Language (SQL)Syed Hassan Ali
 
Lecture 04 normalization
Lecture 04 normalization Lecture 04 normalization
Lecture 04 normalization emailharmeet
 
Java Data Types
Java Data TypesJava Data Types
Java Data TypesSpotle.ai
 
ER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMSER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMSssuser20b618
 
Inheritance in java
Inheritance in javaInheritance in java
Inheritance in javaRahulAnanda1
 

Was ist angesagt? (20)

Data Manipulation Language
Data Manipulation LanguageData Manipulation Language
Data Manipulation Language
 
HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)HyperText Transfer Protocol (HTTP)
HyperText Transfer Protocol (HTTP)
 
NESTED SUBQUERY.pptx
NESTED SUBQUERY.pptxNESTED SUBQUERY.pptx
NESTED SUBQUERY.pptx
 
String, string builder, string buffer
String, string builder, string bufferString, string builder, string buffer
String, string builder, string buffer
 
MULTI THREADING IN JAVA
MULTI THREADING IN JAVAMULTI THREADING IN JAVA
MULTI THREADING IN JAVA
 
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
C++ Inheritance Tutorial | Introduction To Inheritance In C++ Programming Wit...
 
Characteristics of OOPS
Characteristics of OOPS Characteristics of OOPS
Characteristics of OOPS
 
Introduction to Design Pattern
Introduction to Design PatternIntroduction to Design Pattern
Introduction to Design Pattern
 
Introduction to Visual Studio.NET
Introduction to Visual Studio.NETIntroduction to Visual Studio.NET
Introduction to Visual Studio.NET
 
Chapter23
Chapter23Chapter23
Chapter23
 
DBMS Notes: DDL DML DCL
DBMS Notes: DDL DML DCLDBMS Notes: DDL DML DCL
DBMS Notes: DDL DML DCL
 
Structured Query Language (SQL)
Structured Query Language (SQL)Structured Query Language (SQL)
Structured Query Language (SQL)
 
Lecture 04 normalization
Lecture 04 normalization Lecture 04 normalization
Lecture 04 normalization
 
Java Data Types
Java Data TypesJava Data Types
Java Data Types
 
Trigger
TriggerTrigger
Trigger
 
ER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMSER DIAGRAM & ER MODELING IN DBMS
ER DIAGRAM & ER MODELING IN DBMS
 
Assemblies
AssembliesAssemblies
Assemblies
 
Inheritance in java
Inheritance in javaInheritance in java
Inheritance in java
 
Arrays in Java
Arrays in JavaArrays in Java
Arrays in Java
 
Features of java
Features of javaFeatures of java
Features of java
 

Andere mochten auch

The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionislam is terrorism realy
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bibleislam is terrorism realy
 
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeThe spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeislam is terrorism realy
 
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeThe priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeislam is terrorism realy
 
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeThe spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeislam is terrorism realy
 
Nahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all MuslimsNahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all Muslimsislam is terrorism realy
 
9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaintislam is terrorism realy
 

Andere mochten auch (9)

The two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religionThe two faces of Islam by father Zakaria - Comparative religion
The two faces of Islam by father Zakaria - Comparative religion
 
12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible12 nihility of-falsification_of_the_holy_bible
12 nihility of-falsification_of_the_holy_bible
 
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox popeThe spiritual means by h.h pope shenoda 3 the coptic orthodox pope
The spiritual means by h.h pope shenoda 3 the coptic orthodox pope
 
Islamic hadeeth and teachings
Islamic hadeeth and teachingsIslamic hadeeth and teachings
Islamic hadeeth and teachings
 
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox popeThe priesthood by h.h pope shenoda 3 the coptic orthodox pope
The priesthood by h.h pope shenoda 3 the coptic orthodox pope
 
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox popeThe spiritual man by h.h pope shenoda 3 the coptic orthodox pope
The spiritual man by h.h pope shenoda 3 the coptic orthodox pope
 
Nahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all MuslimsNahed mahmoud metwalli message to all Muslims
Nahed mahmoud metwalli message to all Muslims
 
13 inquiries about-the_quran
13 inquiries about-the_quran13 inquiries about-the_quran
13 inquiries about-the_quran
 
9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint9 they crucified-him_not,they_killed_him_not,with_certaint
9 they crucified-him_not,they_killed_him_not,with_certaint
 

Ähnlich wie Views and security

Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For DevelopersSzymon Skorupinski
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data baseSalman Memon
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and AuthorizationMegha yadav
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaRandy Goering
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaRandy Goering
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingAntonios Chatzipavlis
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oraclexKinAnx
 
Less06 users
Less06 usersLess06 users
Less06 usersImran Ali
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in SalesforceSaurabh Kulkarni
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.pptRahafKhalid14
 
Les14[1]Controlling User Access
Les14[1]Controlling User AccessLes14[1]Controlling User Access
Les14[1]Controlling User Accesssiavosh kaviani
 
03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptxKareemBullard1
 

Ähnlich wie Views and security (20)

DBMS Security.ppt
DBMS Security.pptDBMS Security.ppt
DBMS Security.ppt
 
6232 b 04
6232 b 046232 b 04
6232 b 04
 
Oracle Database Security For Developers
Oracle Database Security For DevelopersOracle Database Security For Developers
Oracle Database Security For Developers
 
Controlling User Access -Data base
Controlling User Access -Data baseControlling User Access -Data base
Controlling User Access -Data base
 
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQLKangaroot EDB Webinar Best Practices in Security with PostgreSQL
Kangaroot EDB Webinar Best Practices in Security with PostgreSQL
 
Security and Authorization
Security and AuthorizationSecurity and Authorization
Security and Authorization
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Solving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration DilemmaSolving the DB2 LUW Administration Dilemma
Solving the DB2 LUW Administration Dilemma
 
Les13
Les13Les13
Les13
 
Isaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditingIsaca sql server 2008 r2 security & auditing
Isaca sql server 2008 r2 security & auditing
 
Presentation database security enhancements with oracle
Presentation database security enhancements with oraclePresentation database security enhancements with oracle
Presentation database security enhancements with oracle
 
Les01
Les01Les01
Les01
 
Less06 users
Less06 usersLess06 users
Less06 users
 
Sharing and security in Salesforce
Sharing and security in SalesforceSharing and security in Salesforce
Sharing and security in Salesforce
 
98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt98_364_Slides_Lesson05.ppt
98_364_Slides_Lesson05.ppt
 
Oracle Database
Oracle DatabaseOracle Database
Oracle Database
 
Les14
Les14Les14
Les14
 
Sql injection
Sql injectionSql injection
Sql injection
 
Les14[1]Controlling User Access
Les14[1]Controlling User AccessLes14[1]Controlling User Access
Les14[1]Controlling User Access
 
03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx03_DP_300T00A_Secure_Environment.pptx
03_DP_300T00A_Secure_Environment.pptx
 

Mehr von farhan amjad

Views and security
Views and securityViews and security
Views and securityfarhan amjad
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templatesfarhan amjad
 
Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)farhan amjad
 
Operator overloading
Operator overloadingOperator overloading
Operator overloadingfarhan amjad
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methodsfarhan amjad
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented languagefarhan amjad
 

Mehr von farhan amjad (6)

Views and security
Views and securityViews and security
Views and security
 
Exception handling and templates
Exception handling and templatesException handling and templates
Exception handling and templates
 
Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)Inheritance, polymorphisam, abstract classes and composition)
Inheritance, polymorphisam, abstract classes and composition)
 
Operator overloading
Operator overloadingOperator overloading
Operator overloading
 
Classes, objects and methods
Classes, objects and methodsClasses, objects and methods
Classes, objects and methods
 
Introduction to object oriented language
Introduction to object oriented languageIntroduction to object oriented language
Introduction to object oriented language
 

Kürzlich hochgeladen

Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structuredhanjurrannsibayan2
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxheathfieldcps1
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxAreebaZafar22
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxPooja Bhuva
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxPooja Bhuva
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxUmeshTimilsina1
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.MaryamAhmad92
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsKarakKing
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...Poonam Aher Patil
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSCeline George
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17Celine George
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxJisc
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jisc
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomPooky Knightsmith
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentationcamerronhm
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxJisc
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.christianmathematics
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxEsquimalt MFRC
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - Englishneillewis46
 

Kürzlich hochgeladen (20)

Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Interdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptxInterdisciplinary_Insights_Data_Collection_Methods.pptx
Interdisciplinary_Insights_Data_Collection_Methods.pptx
 
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptxExploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
Exploring_the_Narrative_Style_of_Amitav_Ghoshs_Gun_Island.pptx
 
Plant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptxPlant propagation: Sexual and Asexual propapagation.pptx
Plant propagation: Sexual and Asexual propapagation.pptx
 
ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.ICT role in 21st century education and it's challenges.
ICT role in 21st century education and it's challenges.
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17How to Add New Custom Addons Path in Odoo 17
How to Add New Custom Addons Path in Odoo 17
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
Fostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the ClassroomFostering Friendships - Enhancing Social Bonds in the Classroom
Fostering Friendships - Enhancing Social Bonds in the Classroom
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Graduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - EnglishGraduate Outcomes Presentation Slides - English
Graduate Outcomes Presentation Slides - English
 

Views and security

  • 1. Security and Integrity Database Systems Lecture 11
  • 2. In This Lecture • Today database Security and Integrity: • Aspects of security • Access to databases • Making sure the correct data goes in. 1) Privileges 2) Views 3) Integrity constraints • For more information • Connolly and Begg chapters 6 and 19 Security and Integrity
  • 3. Database Security • Database security is • Many aspects to about controlling access consider for security: to information • Some information • Legal issues should be available • Physical security freely • OS/Network security • Security policies and • Other information should protocols only be available to certain people or groups • Encryption and passwords • DBMS security Security and Integrity
  • 4. Now then, now then… • DBMS can provide some security: • The DBMS verifies password and checks a user’s permissions • Each user has an account, username when they try to and password either: • These are used to • Retrieve data identify a user and • Modify data control their access to • Modify the database information structure Security and Integrity
  • 5. Permissions and Privilege • SQL uses privileges • The owner (creator) to control access to of a database has all privileges on all tables and other objects in the database objects: database, and can grant these to others • SELECT privilege • INSERT privilege • The owner (creator) of an object has all • UPDATE privilege privileges on that • DELETE privilege object and can pass them on to others Security and Integrity
  • 6. Privileges in SQL GRANT <privileges> • <users> is a list of user names or PUBLIC ON <object> TO <users> • <object> is the name of [WITH GRANT OPTION] a table or view (later) • <privileges> is a list of • WITH GRANT OPTION SELECT <columns>, means that the users can INSERT <columns>, pass their privileges on to others DELETE, and UPDATE <columns>, or simply ALL Security and Integrity
  • 7. Privileges Examples GRANT ALL ON Employee GRANT SELECT, TO Scooby UPDATE(Salary) ON WITH GRANT OPTION Employee TO Shaggy The user ‘Scooby’ can do The user ‘Shaggy’ can anything to the Employee view the entire Employee table, and can allow other table, and can change users to do the same (by Salary values, but cannot using GRANT statements) change other values or pass on their privilege Security and Integrity
  • 8. Removing Privileges • If you want to • If a user has been remove a privilege given the same you have granted privilege from other you use: users then they keep it. Everyone has to revoke them. REVOKE <privileges> ON <object> • However all FROM <users> privileges dependent on the revoked one are also revoked Security and Integrity
  • 9. An example. … •‘Waqas’ grants ALL Waqas privileges to ‘Saleem’, and SELECT to ‘Sajid’ with the SELECT ALL grant option •‘Sajid’ grants SELECT to Sajid Saleem ‘Saqib’ SELECT ALL •‘Saleem’ grants ALL to ‘Saqib’ Saqib Security and Integrity
  • 10. Removing Privileges. Rut-ro… •Saqib quickly begins to annoy everyone so Saleem Waqas revokes ALL from him… SELECT ALL •N.b. Saqib still has SELECT privileges from ‘Sajid’… Sajid Saleem •Waqas revokes SELECT from SELECT ALL Sajid… •And as a consequence Saqib Saqib loses SELECT also Security and Integrity
  • 11. Views • Now Privileges work • But Views provide at the level of ‘derived’ tables: tables: • You can restrict • A view is the result of access by column a SELECT statement which is treated like a • You cannot restrict table access by row • You can SELECT from • Views, along with (and sometimes privileges, allow for UPDATE, etc) views just like tables customised access. Security and Integrity
  • 12. Creating Views CREATE VIEW <name> • Example: AS <select stmt> • We want each user to • <name> is the name be able to view the names and phone of the new view. numbers (only) of • <select stmt> is a those employees that are in their own query that returns department the rows and columns of the view Security and Integrity
  • 13. View Example • Say we want each user to be able to view the names and phone numbers (only) of those employees in their own department. • In Oracle, you can refer to the current user as USER Employee ID Name Phone Department Salary E158 Mark x6387 Accounts £15,000 E159 Mary x6387 Marketing £15,000 E160 Jane x6387 Marketing £15,000 Security and Integrity
  • 14. View Example CREATE VIEW OwnDept AS SELECT Name, Phone FROM Employee WHERE Department = (SELECT Department FROM Employee WHERE name = USER) GRANT SELECT ON OwnDept TO PUBLIC Security and Integrity
  • 15. Using Views and Privileges • Views and privileges are used together to control User 1 User 2 User 3 access • A view is made which contains the information External External needed View 1 View 2 • Privileges are granted to that view, rather than Conceptual the underlying tables DBA View Security and Integrity
  • 16. View Updating • Views are like virtual tables: • Their value depends on the ‘base’ tables that they are defined from • You can select from views just like a table So what the dickens happens to the updates, inserts, and deletes? Security and Integrity
  • 17. View Updating • Updates to the base tables change the views and vice-versa • But it is often not clear how to change the base tables to make the desired change to the view. • This also affects stuff like Java’s ResultSet. • Are there any rules to make it clear when updates, inserts and deletes are possible and when they are not? Security and Integrity
  • 18. View Updating • In general it is • In general it is not possible to update possible to update views which: views which • Are defined on a • Are defined on more single table than one base table by a join operation • Contain at least one primary or candidate • Contain aggregate key for that relation functions and group by clauses Security and Integrity
  • 19. Example: Module Enrolment Student Code Dept ID Code ID Name DBS CSIT 123 DBS 123 John RDB CSIT 123 ALG 124 Mary ALG Math 124 DBS 125 Chris 124 RDB 125 ALG CREATE VIEW CSIT AS SELECT S.ID, S.Name, Count(*) AS Num FROM Student AS S, Enrolment AS E, Module AS M WHERE S.ID = E.ID ID Name Num AND E.Code = M.Code AND M.Dept = ‘CSIT’ 123 John 1 GROUP BY S.ID, S.Name 124 Mary 2 Security and Integrity
  • 20. View Updating Example CSIT ID Name Num 123 Saqib 1 124 Mahd 2 UPDATE CSIT SET Num = 1 cannot update the result of the WHERE Name= ‘Saqib’ aggregate function COUNT()… DELETE FROM CSIT cannot delete because we have joined several tables to create WHERE Name = ‘Saqib’ this view… INSERT INTO CSIT cannot insert because we have joined several tables and none VALUES (126, ‘Asif’, 1) have Num in anyway! Security and Integrity
  • 21. Combining Views and Privileges To restrict someone's access Employee to a table: ID Name Salary Department • Create a view of that table that shows only the information they need to see. • Say we want to let the user 'John' read • Grant them privileges on the view . the department and name, and be able to • Revoke any privileges update the they have on the original table department (only) Security and Integrity
  • 22. Using Views and Privileges Create a view: Set the privileges: CREATE VIEW forSaqib GRANT SELECT, AS SELECT Name, UPDATE (Department) Department ON forSaqib FROM Employee TO John REVOKE ALL ON forSaqib FROM Saqib Security and Integrity
  • 23. Database Integrity • Security vs Integrity • Integrity constraints • Domain constraints • Database security apply to data types makes sure that the user is authorised to access information • Attribute constraints apply to columns • Database integrity • Relation constraints makes sure that apply to rows in a single (authorised) users table manipulate that information correctly • Database constraints apply between tables Security and Integrity
  • 24. 1 Example CHECK • A check statement allows you to constrain what can be entered into the database. • I.e. you can define what makes it consistent. CREATE TABLE Poker_players ( name VARCHAR(32), age INTEGER CHECK (age > 18) CHECK that we ) only have legal poker players Security and Integrity