Presentation is loading. Please wait.

Presentation is loading. Please wait.

Privileges Grant and Revoke Grant Diagrams

Published byAileen Singleton Modified over 6 years ago

Similar presentations

Presentation on theme: "Privileges Grant and Revoke Grant Diagrams"— Presentation transcript:

1 Privileges Grant and Revoke Grant Diagrams
SQL Authorization Privileges Grant and Revoke Grant Diagrams

2 Authorization (Ch 10.1) A file system:
Identifies certain privileges on the objects (files) it manages. Typically read, write, execute. Identifies certain participants to whom privileges may be granted. Typically the owner, a group, all users.

3 Privileges – (1) SQL identifies a more detailed set of privileges on objects (relations) than the typical file system. Nine privileges in all are defined, some of which can be restricted to specific attributes of a relation.

4 Privileges – (2) Some important privileges on a relation (see the text for the complete list): SELECT = right to query the relation. INSERT = right to insert tuples. DELETE = right to delete tuples. UPDATE = right to update tuples. SELECT, INSERT, and UPDATE may apply to only a specified subset of the attributes. A relation may be either a base table or view

5 Example: Privileges Consider the statement below:
INSERT INTO Beers(name) SELECT beer FROM Sells WHERE NOT EXISTS (SELECT * FROM Beers WHERE name = beer); We require privileges SELECT on Sells and Beers, and INSERT on Beers or Beers.name. beers that do not appear in Beers but are in Sells. We add them to Beers with a NULL manufacturer.

6 Database Objects The objects on which privileges exist include stored tables and views. Other privileges give the right to create objects of a type, e.g., triggers. Views are another important tool for access control.

7 Example: Views as Access Control
We might not want to give the SELECT privilege for salary on Emps(name, addr, salary). It is safer to give SELECT on: CREATE VIEW SafeEmps AS SELECT name, addr FROM Emps; Queries on SafeEmps do not require SELECT on Emps, just on SafeEmps.

8 Triggers and Privileges
Triggers can be tricky wrt privileges A user with a TRIGGER privilege for a relation can attempt to create any trigger for that relation However the condition and action part of a trigger may refer to other relations The user needs the appropriate privileges for those relations also But when someone does something that awakens a trigger, they don’t need the privileges for the condition and action parts of the trigger E.g.: Recall the INSTEAD OF example for inserting into a view.

9 Authorization ID’s A user is referred to by authorization ID, typically their login name. There is an authorization ID called PUBLIC. Granting a privilege to PUBLIC makes it available to any authorization ID.

10 Granting Privileges: General Points
A user has all possible privileges on the objects (such as relations) that they create. The object owner may grant privileges to other users (authorization ID’s), including PUBLIC. The object owner may also grant privileges WITH GRANT OPTION, which lets the grantee also grant this privilege.

11 The GRANT Statement To grant privileges:
GRANT <list of privileges> ON <relation or other object> TO <list of authorization ID’s>; If you want the recipient(s) to be able to pass the privilege(s) to others add: WITH GRANT OPTION

12 Example: GRANT Suppose you are the owner of Sells. You may say:
GRANT SELECT, UPDATE(price) ON Sells TO sally; Now Sally has the right to issue any query on Sells She can update the price component only.

13 Example: Grant Option Suppose we also grant:
GRANT UPDATE ON Sells TO sally WITH GRANT OPTION; Now, Sally not only can update any attribute of Sells, but she can grant to others the privilege UPDATE ON Sells. Also, she can grant more specific privileges like UPDATE(price) ON Sells.

14 Revoking Privileges Form: REVOKE <list of privileges>
ON <relation or other object> FROM <list of authorization ID’s>; Your granting of these privileges can no longer be used by these users to justify their use of the privilege. But they may still have the privilege because they obtained it from elsewhere.

15 REVOKE Options We must append to the REVOKE statement either:
CASCADE. Now, any grants made by a revokee are also not in force, no matter how far the privilege was passed. RESTRICT. If the privilege has been passed to others, the REVOKE fails as a warning that something else must be done to “chase the privilege down.”

16 Grant Diagrams It is useful to represent grants and privileges by means of a graph called a grant diagram. Nodes = user / privilege / grant option (y/n) / is owner (y/n) Note that: UPDATE ON R, UPDATE(a) ON R, and UPDATE(b) ON R are represented by different nodes. Also: SELECT ON R and SELECT ON R WITH GRANT OPTION similarly are represented by different nodes. Edge X ->Y means that node X was used to grant Y.

17 Notation for Nodes Use AP for the node representing authorization ID A with privilege P. P * = privilege P with grant option. P ** = the owner/source of the privilege P. I.e., A is the owner of the object on which P is a privilege. Note ** implies grant option.

18 Manipulating Edges – (1)
When A grants P to B, we draw an edge from AP* or AP** to BP. Or to BP* if the grant is with grant option. If A grants a subprivilege Q of P to B (say, UPDATE(a) on R when P is UPDATE ON R) then the edge goes to BQ or BQ*, instead.

19 Manipulating Edges – (2)
Fundamental rule: User C has privilege Q as long as there is a path from XP** to CQ, CQ*, or CQ**, and P is a superprivilege of Q. P is a superprivilege of Q if having P implies a user has Q Remember that P could be Q, and X could be C.

20 Manipulating Edges – (3)
If A revokes P from B with the CASCADE option, delete the edge from AP to BP. But if A uses RESTRICT instead, and there is an edge from BP to anywhere, then reject the revocation and make no change to the graph.

21 Manipulating Edges – (4)
Having revised the edges, we must check that each node has a path from some ** node, representing ownership. This strategy also handles cycles in granting. Any node with no such path represents a revoked privilege and is deleted from the diagram.

22 Example: Grant Diagram
AP** A owns the object on which P is a privilege

23 Example: Grant Diagram
AP** BP* A: GRANT P TO B WITH GRANT OPTION A owns the object on which P is a privilege

24 Example: Grant Diagram
CP* B: GRANT P TO C WITH GRANT OPTION AP** BP* A: GRANT P TO B WITH GRANT OPTION A owns the object on which P is a privilege

25 Example: Grant Diagram
CP* B: GRANT P TO C WITH GRANT OPTION AP** BP* A: GRANT P TO B WITH GRANT OPTION CP A: GRANT P TO C A owns the object on which P is a privilege

26 Example: Grant Diagram
A executes REVOKE P FROM B CASCADE; AP** Not only does B lose P*, but C loses P*. Delete BP* and CP*. BP* CP* CP However, C still has P without grant option because of the direct grant.

27 Example: Grant Diagram
A executes REVOKE P FROM B CASCADE; Even had C passed P to B, both nodes are still cut off. AP** Not only does B lose P*, but C loses P*. Delete BP* and CP*. BP* CP* CP However, C still has P without grant option because of the direct grant.

28 Subtle Cases Consider the sequence: U: GRANT INSERT ON R TO V
U: GRANT INSERT(A) ON R TO V U: REVOKE INSERT ON R FROM V RESTRICT V retains INSERT(A) privilege from U

29 Subtle Cases (2) Consider the sequence:
U: GRANT p TO V WITH GRANT OPTION V: GRANT p TO W U: REVOKE GRANT OPTION FOR p FROM V CASCADE V retains p privilege, but W does not. When U revokes the grant option, a new node is created for V having the p privilege but without the grant option. Then the arc from U/p** to V/p* is deleted, disconnecting the W/p node

30 End of SQL Authorization

Download ppt "Privileges Grant and Revoke Grant Diagrams"

Similar presentations

Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Chapter 7 Notes on Foreign Keys Local and Global Constraints Triggers.

Chapter 7 Notes on Foreign Keys Local and Global Constraints Triggers.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Constraints and Triggers Foreign Keys Local and Global Constraints Triggers.

Constraints and Triggers Foreign Keys Local and Global Constraints Triggers.
1 Chapter 7 System Aspects of SQL uSQL in a Programming Environment uTransactions uAuthorization.

1 Chapter 7 System Aspects of SQL uSQL in a Programming Environment uTransactions uAuthorization.
1 SQL Authorization Privileges Grant and Revoke Grant Diagrams.

1 SQL Authorization Privileges Grant and Revoke Grant Diagrams.
1 SQL Authorization Privileges Grant and Revoke Grant Diagrams.

1 SQL Authorization Privileges Grant and Revoke Grant Diagrams.
Winter 2002Arthur Keller – CS 18013–1 Schedule Today: Feb. 21 (TH) u Transactions, Authorization. u Read Sections 8.6-8.7. Project Part 5 due. Feb. 26.

Winter 2002Arthur Keller – CS 18013–1 Schedule Today: Feb. 21 (TH) u Transactions, Authorization. u Read Sections Project Part 5 due. Feb. 26.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
CPSC-608 Database Systems Fall 2011 Instructor: Jianer Chen Office: HRBB 315C Phone: 845-4259 Notes #4.

CPSC-608 Database Systems Fall 2011 Instructor: Jianer Chen Office: HRBB 315C Phone: Notes #4.
Fall 2001Arthur Keller – CS 18012–1 Schedule Nov. 6 (T) Transactions, Authorization. u Read Sections 8.6-8.7. Nov. 8 (TH) Object-Oriented Database Design.

Fall 2001Arthur Keller – CS 18012–1 Schedule Nov. 6 (T) Transactions, Authorization. u Read Sections Nov. 8 (TH) Object-Oriented Database Design.
Dec 15, 2003Murali Mani Transactions and Security B term 2004: lecture 17.

Dec 15, 2003Murali Mani Transactions and Security B term 2004: lecture 17.
Cs3431 Transactions, Logging and Security. cs3431 Transactions: What and Why? A set of operations on a database must appear as one “unit”. Example: Consider.

Cs3431 Transactions, Logging and Security. cs3431 Transactions: What and Why? A set of operations on a database must appear as one “unit”. Example: Consider.
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
Database Systems Marcus Kaiser School of Computing Science Newcastle University.

Database Systems Marcus Kaiser School of Computing Science Newcastle University.
Database Programming Sections 13–Creating, revoking objects privileges.

Database Programming Sections 13–Creating, revoking objects privileges.
Data Modeling and Database Design

Data Modeling and Database Design
Constraints on Relations Foreign Keys Local and Global Constraints Triggers Following lecture slides are modified from Jeff Ullman’s slides

Constraints on Relations Foreign Keys Local and Global Constraints Triggers Following lecture slides are modified from Jeff Ullman’s slides
Winter 2006Keller, Ullman, Cushing9–1 Constraints Commercial relational systems allow much more “fine-tuning” of constraints than do the modeling languages.

Winter 2006Keller, Ullman, Cushing9–1 Constraints Commercial relational systems allow much more “fine-tuning” of constraints than do the modeling languages.

Similar presentations

Ads by Google