Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Unit 5.2b Dr Gordon Russell, Napier University

Published byMillicent Manning Modified over 6 years ago

Similar presentations

Presentation on theme: "Security Unit 5.2b Dr Gordon Russell, Napier University"— Presentation transcript:

1 Security Unit 5.2b Dr Gordon Russell, Copyright @ Napier University
Unit 5.2b - Security

2 Security Database Security involves protection against:
unauthorised disclosures alteration destruction The protection which security gives is usually directed against two classes of user Stop people without database access from having any form of access. Stop people with database access from performing actions on the database which are not required to perform their duties. Dr Gordon Russell, Napier University Unit 5.2b - Security

3 Security cont… There are many aspects to security
Legal, social and ethical aspects Physical controls Policy questions Operational problems Hardware controls Operating system security Database system security Dr Gordon Russell, Napier University Unit 5.2b - Security

4 Granularity of DBMS Security
The unit of data used in specifying security in the database can be, for example; the entire database a set of relations individual relation a set of tuples in a relation individual tuple a set of attributes of all tuples an attribute of an individual tuple. Dr Gordon Russell, Napier University Unit 5.2b - Security

5 DBMS-level Protection
Data encryption: Often it is hard to prevent people from copying the database and then hacking into the copy at another location. It is easier to simply make copying the data a useless activity by encrypting the data. This means that the data itself is unreadable unless you know a secret code. The encrypted data in combination with the secret key is needed to use the DBMS. Audit Trails: If someone does penetrate the DBMS, it is useful to find out how they did it and what was accessed or altered. Audit Trails can be set up selectively to minimise disk usage, identify system weaknesses, and finger naughty users. Dr Gordon Russell, Napier University Unit 5.2b - Security

6 User-level Security for SQL
Each user has certain access rights on certain objects. Different users may have different access rights on the same object. In order to control the granularity of access rights, users can Have rights of access (authorisations) on a table Have rights of access on a view. Using views, access rights can be control horizontal and vertical subsets in a table, and on dynamically generated data from other tables. Dr Gordon Russell, Napier University Unit 5.2b - Security

7 Naming Hierarchy In a DBMS, there is a two layer approach to naming relations. The DBMS is made up of a number of ‘databases’. The Database Administrator (DBA) has permission to create and delete databases, and to grant users access to databases. Each database is a flat name space. Users with the necessary permission can create tables and views in a database. Because it is a flat name space, all table names must be unique within a database. The DBMS helps users in this regard: table and view names are prepended with the name of the user who created it. the database login name is often taken as the username. Dr Gordon Russell, Napier University Unit 5.2b - Security

8 Naming Hierarchy cont... By way of an example, consider a table ‘hello’ created by a user jbloggs. The table will have the name jbloggs.hello The user jbloggs can access the table using the name ‘hello’ Other users must use the table’s full name to access the table The user jbloggs can control who has access to the table using the GRANT command. If the DBA creates a table, and makes it available to PUBLIC, then no user needs to specify the full table name in order to access it. Dr Gordon Russell, Napier University Unit 5.2b - Security

9 The GRANT command GRANT is used to grant privileges to users:
GRANT privileges ON tablename TO { grantee ... } [ WITH GRANT OPTION ] Possible privileges are: SELECT - user can retrieve data UPDATE - user can modify existing data DELETE - user can remove data INSERT - user can insert new data REFERENCES - user can make references to the table Dr Gordon Russell, Napier University Unit 5.2b - Security

10 GRANT cont... The WITH GRANT OPTION permits the specified user can grant privileges which that user possesses on that table to other users. This is a good way to permit other users to look after permissions for certain tables, such as allowing a manager to control access to a table for there subordinates. grantee need not be a username or a set of usernames. It is permitted to specify PUBLIC, which means that the privileges are granted to everyone. GRANT SELECT ON userlist TO PUBLIC; Dr Gordon Russell, Napier University Unit 5.2b - Security

Download ppt "Security Unit 5.2b Dr Gordon Russell, Napier University"

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Relational Algebra 1 Chapter 5.1 V3.0 Napier University Dr Gordon Russell.

Relational Algebra 1 Chapter 5.1 V3.0 Napier University Dr Gordon Russell.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’

A Guide to MySQL 7. 2 Objectives Understand, define, and drop views Recognize the benefits of using views Use a view to update data Grant and revoke users’
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.

Presented By: Matthew Garrison. Basics of Role Based Access Control  Roles are determined based on job functions within a given organization  Users.
Security and Integrity

Security and Integrity
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.
Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.

Week 6 Lecture 2 System and Object Privileges. Learning Objectives  Identify and manage system and object privileges  Grant and revoke privileges to.
SEC835 Practical aspects of security implementation Part 1.

SEC835 Practical aspects of security implementation Part 1.
MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.

MICROSOFT SQL SERVER 2005 SECURITY  Special Purpose Logins and Users  SQL Server 2005 Authentication Modes  Permissions  Roles  Managing Server Logins.
Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.

Controlling User Access. Objectives After completing this lesson, you should be able to do the following: Create users Create roles to ease setup and.
1 IT420: Database Management and Organization Database Security 5 April 2006 Adina Crăiniceanu www.cs.usna.edu/~adina.

1 IT420: Database Management and Organization Database Security 5 April 2006 Adina Crăiniceanu
Chapter 6 Database Administration

Chapter 6 Database Administration
Copyright © 2013 Curt Hill Database Security An Overview with some SQL.

Copyright © 2013 Curt Hill Database Security An Overview with some SQL.
Metadata, Security, and the DBA Chapter 8.1 V3.0 Napier University Dr Gordon Russell.

Metadata, Security, and the DBA Chapter 8.1 V3.0 Napier University Dr Gordon Russell.

Similar presentations

Ads by Google