Presentation is loading. Please wait.

Presentation is loading. Please wait.

Database Security Advanced Database Dr. AlaaEddin Almabhouh.

Published byDoris Howard Modified over 8 years ago

Similar presentations

Presentation on theme: "Database Security Advanced Database Dr. AlaaEddin Almabhouh."— Presentation transcript:

1 Database Security Advanced Database Dr. AlaaEddin Almabhouh

2 Introduction to DB Security  Secrecy: Users should not be able to see things they are not supposed to.  E.g., A student can’t see other students’ grades.  Integrity: Users should not be able to modify things they are not supposed to.  E.g., Only instructors can assign grades.  Availability: Users should be able to see and modify things they are allowed to.

3 Access Controls  A security policy specifies who is authorized to do what. [to achieve secrecy, integrity, availability]  A security mechanism allows us to enforce a chosen security policy.  Two main mechanisms at the DBMS level:  Discretionary access control [supported in SQL]  Mandatory access control [does not supported by SQL  OBJECT – SECURITY CLASS; USER – CLEARANCE (SECURITY CLASS)

4 Data Control Language (DCL)  The Data Control Language (DCL) is a subset of the Structured Query Language (SQL) that allows database administrators to configure security access to relational databases.  DCL consists of only three commands:  GRANT  REVOKE  DENY

5 GRANT Command  The following privileges can be specified:  GRANT SELECT ON Orders TO Art  GRANT SELECT, INSERT ON Orders, Products TO Bob  GRANT SELECT, UPDATE, DELETE ON Orders, Products TO Smith, Adam GRANT privileges ON object TO users, groups [WITH GRANT OPTION]  can pass to another person The GRANT command is used by database administrators to add new permissions to a database user. It has a very simple syntax, defined as follows:

6 GRANT Command (cont’d)  If a user has a privilege with the GRANT OPTION, can pass privilege on to other users (with or without passing on the GRANT OPTION ).  GRANT SELECT ON Orders TO Art WITH GRANT OPTION (executed by Joe)  Only owner can execute CREATE, ALTER, and DROP.

7 GRANT Command (cont’d)  GRANT INSERT, SELECT ON Sailor TO rusty  rusty can query Sailors or insert tuples into it  GRANT DELETE ON Sailors TO Yuppy WITH GRANT OPTION  Yuppy can delete tuples, and also authorize others to do so. Sailor

8  GRANT UPDATE (rating) ON Sailors TO guppy  guppy can update (only) the rating field of Sailors tuples.  GRANT SELECT ON ActiveSailors TO Guppy, Yuppy  This does NOT allow them both to query Sailors directly!  REVOKE: When a privilege is revoked from X, it is also revoked from all users who got it solely from X. GRANT Command (cont’d)

9 GRANT/REVOKE on Views  If the creator of a view loses the SELECT privilege on an underlying table, the view is dropped!  If the creator of a view loses a privilege held with the grant option on an underlying table, (s)he loses the privilege on the view as well; so do users who were granted that privilege on the view!

10 Views and Security  Views can be used to present necessary information (or a summary), while hiding details in underlying relation(s).  Creator of view has a privilege on the view if (s)he has the privilege on all underlying tables.  GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Joe)  GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Art)  GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Bob)  GRANT SELECT ON Sailors TO Cal WITH GRANT OPTION (executed by Joe)  GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Cal)  REVOKE SELECT ON Sailors FROM Art CASCADE (executed by Joe) Draw a authorization graph

11 REVOKE command  The following privileges can be specified:  REVOKE SELECT ON Employees FROM Joe  REVOKE SELECT, INSERT ON Orders, Products From Bob  REVOKE SELECT, UPDATE, DELETE ON Orders, Products From Smith, Adam REVOK privileges ON object FROM users, groups The REVOKE command is used to remove database access from a user previously granted such access. The syntax for this command is defined as follows:

12 DENY command  The following privileges can be specified:  GRANT DELETE ON Employees To Emps  DENY DELETE ON Employees To Joe DENY privileges ON object TO users, groups The DENY command may be used to explicitly prevent a user from receiving a particular permission. This is helpful when a user may be a member of a role or group that is granted a permission and you want to prevent that user from inheriting the permission by creating an exception. The syntax for this command is as follows:

13 Slide 81 (of 82) Q & A

Download ppt "Database Security Advanced Database Dr. AlaaEddin Almabhouh."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Basic SQL Introduction Presented by: Madhuri Bhogadi.

Basic SQL Introduction Presented by: Madhuri Bhogadi.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Security and Authorization Chapter 21.

Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Security and Authorization Chapter 21.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Database Query Security

Database Query Security
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Database Management System

Database Management System
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.

ICS 421 Spring 2010 Security & Authorization Asst. Prof. Lipyeow Lim Information & Computer Science Department University of Hawaii at Manoa 4/20/20101Lipyeow.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
1 Lecture 14: Midterm Review Security Friday, February 4, 2005.

1 Lecture 14: Midterm Review Security Friday, February 4, 2005.
Database Integrity and Security HAP 709 – Healthcare Databases George Mason University Janusz Wojtusiak, PhD Fall, 2010.

Database Integrity and Security HAP 709 – Healthcare Databases George Mason University Janusz Wojtusiak, PhD Fall, 2010.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.

Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
1 Database Administration. 2 Objectives  Understand, create, and drop views  Grant and revoke users’ privileges  Understand and obtain information.

1 Database Administration. 2 Objectives  Understand, create, and drop views  Grant and revoke users’ privileges  Understand and obtain information.
Database Management COP4540, SCS, FIU Constraints and security in SQL (Ch. 8.6, Ch22.2)

Database Management COP4540, SCS, FIU Constraints and security in SQL (Ch. 8.6, Ch22.2)
D ISCRETIONARY A CCESS C ONTROLS Truong Quynh Chi Faculty of Computer Science & Engineering HCMC University of Technology

D ISCRETIONARY A CCESS C ONTROLS Truong Quynh Chi Faculty of Computer Science & Engineering HCMC University of Technology

Similar presentations

Ads by Google