Download presentation
Presentation is loading. Please wait.
1
Database Management Fall 2003 Functions, Procedures and Triggers Chapter 10
2
Security Data Control Language (DCL) Data is a valuable resource Access should be controlled SQL security procedures –CREATE VIEW –Authorization commands
3
Authorization Based on privilege concept You cannot execute an operation without the appropriate privilege DBA has all privileges
4
GRANT Defines a user’s privileges GRANT privileges ON object TO users [WITH GRANT OPTION]; An object is a base table or view The keyword privilege can be ALL PRIVILEGES or chosen from –SELECT –UPDATE –DELETE –INSERT Privileges can be granted to everybody using the keyword PUBLIC or to selected users by specifying their user identifier
5
GRANT The UPDATE privilege can specify particular columns in a base table or view WITH GRANT OPTION –Permits a user to pass privileges to another user
6
Using GRANT Give Alice all rights to the STOCK table. GRANT ALL PRIVILEGES ON stock TO alice; Permit the accounting staff, Todd and Nancy, to update the price of a stock. GRANT UPDATE (stkprice) ON stock TO todd, nancy; Give all staff the privilege to select rows from ITEM. GRANT SELECT ON item TO PUBLIC; Give Alice all rights to view STK. GRANT SELECT, UPDATE, DELETE, INSERT ON stk TO alice;
7
REVOKE Removes privileges Format REVOKE privileges ON object FROM users; Cascading REVOKE –Reverses use of the WITH GRANT OPTION –When a user’s privileges are revoked, all users whose privileges were established using WITH GRANT OPTION are also revoked
8
Using REVOKE Remove Sophie's ability to select from ITEM. REVOKE SELECT ON item FROM sophie; Nancy is no longer permitted to update stock prices. REVOKE UPDATE ON stock FROM nancy;
9
The catalog A relational database containing definitions of base tables, view, etc. Also known as data dictionary or metadata Can be interrogated using SQL Called systems tables rather than base tables Key tables are –sysobjects –syscolumns –systypes –sysindexes –sysusers
10
Interrogating the catalog Find how many columns belong to each table: SELECT sysobjects.name 'Table', COUNT(syscolumns.name) 'Number of Columns' FROM sysobjects, syscolumns WHERE sysobjects.id = syscolumns.id GROUP BY sysobjects.name; What columns in what tables store dates? SELECT sysobjects.name 'Table', syscolumns.name 'Column' FROM sysobjects, syscolumns, systypes WHERE sysobjects.id = syscolumns.id AND syscolumns.xtype = systypes.xtype AND systypes.name = 'datetime'
11
SQL Routines SQL code that is stored in the database Provide a controlled interface to data Procedure –Perform some processing of data Function –Similar to procedure, but returns a value –Can be called in a SQL statement Trigger –Code that is invoked automatically by a DML statement
12
FUNCTIONS Take parameter values and return a value Database has built-in system functions We have already used some system functions: –COUNT takes a column and returns the count –SELECT COUNT(*) FROM emp; Aggregate functions –Operate on a collection of values, return a single value Scalar functions –Operate on a single value, return a single value. Rowset functions –Return sets of rows that can be used as tables
13
SYSTEM FUNCTIONS AggregateScalar AVGGETDATE COUNTSUBSTRING MAXUPPER MINLOWER SUMSQUARE ROUND SIN
14
Calling functions Called from within a SELECT statement Parameters enclosed in parentheses SELECT SUBSTRING(empfname, 1, 3) FROM emp; If no parameters, use empty parenthesis SELECT getdate(); 2003-11-16 10:00:48.967
15
Creating functions CREATE FUNCTION function_name (@param1_name param1_data_type, @param2_name param2_data_type, …) RETURNS return_data_type AS BEGIN function_body RETURN scalar_expression END
16
CREATE FUNCTION Example CREATE FUNCTION comp_discount (@price money, @discount_pct int) RETURNS money AS BEGIN DECLARE @new_price money SET @new_price = (@price - (@discount_pct / 100.0)*@price) RETURN (@new_price) END SELECT dbo.comp_discount(5.95, 20) 4.7600
17
PROCEDURES Take input parameters and perform processing No return value Called with the EXECUTE (EXEC) command System built-in stored procedures –Names begin with sp_ We have already seen a system stored procedure: EXEC sp_password null, ‘abc123’
18
Some Other System Stored Procedures sp_columns –Lists columns for a table –EXEC sp_columns 'item‘ sp_addlogin –Adds a new user to the database –EXEC sp_addlogin 'testusr', ‘passwd’, ‘dbname‘ sp_who –Lists database users and processes –EXEC sp_who
19
CREATE PROCEDURE CREATE PROCEDURE procedure_name @parameter1_name parameter1_data_type, @parameter2_name parameter2_data_type, …) AS BEGIN procedure_body END
20
CREATE PROCEDURE Example CREATE PROCEDURE NewSale @saledate datetime, @saletext char(50) AS BEGIN INSERT INTO sale VALUES (dbo.next_saleno(), @saledate, @saletext) END
21
Triggers Procedure that is automatically run when a DML statement is executed –INSERT –UPDATE –DELETE Defined on a single table Triggers can fire before or after the SQL statement Triggers can modify data but cannot call other triggers Access to data being modified is through virtual tables ‘inserted’ and ‘deleted’
22
CREATE TRIGGER CREATE TRIGGER trigger_name FOR|INSTEAD OF INSERT,UPDATE,DELETE ON table_name BEGIN trigger_body END
23
CREATE TRIGGER Example Trigger to audit change on stock table: CREATE TRIGGER stock_update ON stock INSTEAD OF UPDATE AS BEGIN INSERT INTO stock_log (stkcode, date_changed, old_stkprice, new_stkprice, old_stkqty, new_stkqty) SELECT deleted.stkcode, getdate(), deleted.stkprice, inserted.stkprice, deleted.stkqty, inserted.stkqty FROM deleted, inserted END
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.