Presentation is loading. Please wait.

Presentation is loading. Please wait.

Virtual Private Databases Dr. Gabriel. 2 Overview of Virtual Private Databases A VPD deals with data access VPD controls data access at the row or column.

Published byElijah Gallagher Modified over 9 years ago

Similar presentations

Presentation on theme: "Virtual Private Databases Dr. Gabriel. 2 Overview of Virtual Private Databases A VPD deals with data access VPD controls data access at the row or column."— Presentation transcript:

1 Virtual Private Databases Dr. Gabriel

2 2 Overview of Virtual Private Databases A VPD deals with data access VPD controls data access at the row or column level SQL Server 2005: use VIEW data object Oracle10g: –Specific functions

3 3 Overview of Virtual Private Databases (continued)

4 4 Shared database schema: –Containing data that belongs to different users –User view or update only data he or she owns Purposes/benefits: –Security requirements necessitate data access be restricted at row or column level –One database schema serves multiple unrelated groups or entities

5 5 Implementing Row- and Column-level Security with SQL Server SQL Server 2000 does not support VPDs; you can mimic their functionality Use views and expand security models

6 6 Implementing a VPD Using Views View object limits what users can see and do with existing data: hides columns or rows from users CREATE VIEW statement: creates data views

7 7 Hiding Rows Based on the Current User System function USER: –Returns database user –Used to implement row-based security Implementing row-based security with views: –Need a column in your tables for the row’s owner –Preface it with “CTL”

8 8 Hiding Rows Based on the Current User Example: Create table customers ( ID int not null primary key, LName varchar(50) not null, …, CtlUpdUser varchar(200) not null default user) Create view vcustomer As Select id, lname From customers Where CtlUpdUser =user

9 9 Row-based Security Using Access Levels Variation of both: –Application table-based security model –Application function-based security model Access levels: –0 = No access –1 = select –2 = select, insert –3 = select, insert, update

10 10 Row-based Security Using Access Levels (continued) Access levels (continued): –4 = select, insert, update, delete –5 = administrator access Steps: –Create the APPLICATION USERS table –Alter the CUSTOMER table to include the ACCESS CONTROL column –With the security structure in place use a view to retrieve data

11 11 Row-based Security Using Application Functions Steps (continued): apply privileges Drawbacks: it allows insertion, update, and deletion of records Alternatives: –Use stored procedures –Use application functions: access table list a function instead of a level

12 12 Row-based Security Using Application Functions create table tappusersaccess ( username varchar(200) not null primary key, AccessLevel int not null default 0 ) create table tcustomers ( ID int not null primary key, LName varchar(200) not null,..., AccessLevel int not null default 0 ) create view vcustomer as select id, lname from tcustomers where accesslevel>0 and accesslevel <=(select isnull(accesslevel,0) from tappusersaccess where username=user)

13 13 Row-based Security Using Application Functions create procedure pcustomerselect as select id,lname from tcustomers where accesslevel>0 and accesslevel <=(select isnull(accesslevel,0) from tappusersaccess where username=user) create procedure pcustomerdelete @id int as declare @level int select @level=select isnull(accesslevel,0) from tappusersaccess where username=user if @level>=4 begin delete from tcustomers where id=@id and accesslevel>=@level end

14 14 Column-based Security (continued) Access-level control with SQL Server steps: –Create the APP_TABLES table –Create the APP_COLUMNS columns –All access to the tables must be performed with stored procedures

15 15 Column-based Security (continued) create table tapptables ( tableid int not null primary key, tablename varchar(200) not null ) create table tapptablecolumns ( columnid int not null primary key, tableid int not null, columnname varchar(200) not null, AccessLevel int not null default 0 ) create table tappuseraccess ( username varchar(200), accesslevel int )

16 16 Column-based Security (continued) alter proc pcustomerselect as declare @qry varchar(max), @level int, @col varchar(128),@ct int; select @level=(select isnull(accesslevel,0) from tappuseraccess where username=user); declare cur cursor for select columnname from tapptablecolumns a inner join tapptables b on a.tableid=b.tableid where b.tablename='tcustomers' and a.accesslevel<=@level select @qry='select ' select @ct=0 open cur fetch next from cur into @col while @@fetch_status=0 begin if @ct=0 begin select @qry=@qry+@col end else begin select @qry=@qry+', '+@col end select @ct=@ct+1 fetch next from cur into @col end close cur deallocate cur select @qry=@qry + ' from tcustomers' print @qry execute (@qry)

17 17 Column-based Security (continued) Column Privileges with SQL Server –set update permissions for a user/role on a particular column in a particular table Ex. grant update on customer(phone) to abc

18 18 Questions?

Download ppt "Virtual Private Databases Dr. Gabriel. 2 Overview of Virtual Private Databases A VPD deals with data access VPD controls data access at the row or column."

Similar presentations

Basic SQL Introduction Presented by: Madhuri Bhogadi.

Basic SQL Introduction Presented by: Madhuri Bhogadi.
PL/SQL. Introduction to PL/SQL PL/SQL is the procedure extension to Oracle SQL. It is used to access an Oracle database from various environments (e.g.

PL/SQL. Introduction to PL/SQL PL/SQL is the procedure extension to Oracle SQL. It is used to access an Oracle database from various environments (e.g.
یا ذالامن و الامان. Virtual Private Database Mohammad Amin Sabbaghian.

یا ذالامن و الامان. Virtual Private Database Mohammad Amin Sabbaghian.
Fundamentals, Design, and Implementation, 9/e Chapter 7 Using SQL in Applications.

Fundamentals, Design, and Implementation, 9/e Chapter 7 Using SQL in Applications.
SQL DDL constraints Restrictions on the columns and tables 1SQL DDL Constraints.

SQL DDL constraints Restrictions on the columns and tables 1SQL DDL Constraints.
DAT702.  Standard Query Language  Ability to access and manipulate databases ◦ Retrieve data ◦ Insert, delete, update records ◦ Create and set permissions.

DAT702.  Standard Query Language  Ability to access and manipulate databases ◦ Retrieve data ◦ Insert, delete, update records ◦ Create and set permissions.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
Database Application Security Models

Database Application Security Models
SQL Basics. SQL SQL (Structured Query Language) is a special-purpose programming language designed from managing data in relational database management.

SQL Basics. SQL SQL (Structured Query Language) is a special-purpose programming language designed from managing data in relational database management.
MySQL Dr. Hsiang-Fu Yu National Taipei University of Education

MySQL Dr. Hsiang-Fu Yu National Taipei University of Education
PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.

PHP Programming with MySQL Slide 8-1 CHAPTER 8 Working with Databases and MySQL.
Databases in Visual Studio. Database in VisualStudio An MS SQL database are built in Visual studio The Name can be something like ”(localdb)\Projects”

Databases in Visual Studio. Database in VisualStudio An MS SQL database are built in Visual studio The Name can be something like ”(localdb)\Projects”
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 6 Virtual Private Databases.
CSIS 4310 – Advanced Databases Virtual Private Databases.

CSIS 4310 – Advanced Databases Virtual Private Databases.
Constraints  Constraints are used to enforce rules at table level.  Constraints prevent the deletion of a table if there is dependencies.  The following.

Constraints  Constraints are used to enforce rules at table level.  Constraints prevent the deletion of a table if there is dependencies.  The following.
Dinamic SQL & Cursor. Why Dinamic SQL ? Sometimes there is a need to dynamically create a SQL statement on the fly and then run that command. This can.

Dinamic SQL & Cursor. Why Dinamic SQL ? Sometimes there is a need to dynamically create a SQL statement on the fly and then run that command. This can.
Dexterity | CONFIDENTIAL 2009 MRO | Analytics | Insights 1 Stored Procedures.

Dexterity | CONFIDENTIAL 2009 MRO | Analytics | Insights 1 Stored Procedures.
CHAPTER:14 Simple Queries in SQL Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.

CHAPTER:14 Simple Queries in SQL Prepared By Prepared By : VINAY ALEXANDER ( विनय अलेक्सजेंड़र ) PGT(CS),KV JHAGRAKHAND.
SQL Server 7.0 Maintaining Referential Integrity.

SQL Server 7.0 Maintaining Referential Integrity.
SQL pepper. Why SQL File I/O is a great deal of code Optimal file organization and indexing is critical and a great deal of code and theory implementation.

SQL pepper. Why SQL File I/O is a great deal of code Optimal file organization and indexing is critical and a great deal of code and theory implementation.

Similar presentations

Ads by Google