Presentation is loading. Please wait.

Presentation is loading. Please wait.

Metadata, Security, and the DBA Chapter 8.1 V3.0 Napier University Dr Gordon Russell.

Published byLouise Banks Modified over 9 years ago

Similar presentations

Presentation on theme: "Metadata, Security, and the DBA Chapter 8.1 V3.0 Napier University Dr Gordon Russell."— Presentation transcript:

1 Metadata, Security, and the DBA Chapter 8.1 V3.0 Copyright @ Napier University Dr Gordon Russell

2 Metadata DBMS table structure is more than user schema. Most DBMS systems use tables internally too. Good orthogonality Once table security is finished, everything is secure.

3 Oracle Metadata Oracle holds system metadata in SYS. E.g. USER_OBJECTSTAB USER_TABLESUSER_VIEWS ALL_TABLESUSER_TAB_COLUMNS USER_CONSTRAINTSUSER_TRIGGERS USER_CATALOGDBA_USERS

4 Example: DBA_USERS USERNAME USER_ID DEFAULT_TABLESPACE TEMPORARY_TABLESPACE CREATED etc

5 Example: USER_CONSTRAINTS OWNER CONSTRAINT_NAME CONSTRAINT_TYPE TABLE_NAME DEFERRABLE DEFERRED LAST_CHANGE

6 Select owner,table_name,constraint_name,constraint_type From all_constraints Where owner = ‘ DBRW ’ And table_name IN ( ‘ EMPLOYEE ’, ’ JOBHISTORY ’, ’ DEPARTMENT ’ )

7 OWNERTABLE_NAMECONSTRAINT_NAMECON DBRWDEPARTMENTSYS_C0010801P DBRWEMPLOYEESYS_C0010803P DBRWEMPLOYEESYS_C0010804R DBRWJOBHISTORYSYS_C0010807P DBRWJOBHISTORYSYS_C0010808R

8 Security Database Security involves protection against: – unauthorised disclosures – alteration – destruction The protection which security gives is usually directed against two classes of user Stop people without db access from having any access. Stop people with database access from performing actions on the database which are not required to perform their duties.

9 Security cont … There are many aspects to security Legal, social and ethical aspects Physical controls Policy questions Operational problems Hardware controls Operating system security Database system security

10 Granularity of DBMS Security The unit of data used in specifying security in the database can be, for example; the entire database a set of relations individual relation a set of tuples in a relation individual tuple a set of attributes of all tuples an attribute of an individual tuple.

11 DBMS-level Protection Data encryption: Often it is hard to prevent people from copying the database and then hacking into the copy at another location. It is easier to simply make copying the data a useless activity by encrypting the data. This means that the data itself is unreadable unless you know a secret code. The encrypted data in combination with the secret key is needed to use the DBMS. Audit Trails: If someone does penetrate the DBMS, it is useful to find out how they did it and what was accessed or altered. Audit Trails can be set up selectively to minimise disk usage, identify system weaknesses, and finger naughty users.

12 User-level Security for SQL Each user has certain access rights on certain objects. Different users may have different access rights on the same object. In order to control the granularity of access rights, users can Have rights of access (authorisations) on a table Have rights of access on a view. Using views, access rights can be control horizontal and vertical subsets in a table, and on dynamically generated data from other tables.

13 The GRANT command GRANT is used to grant privileges to users: GRANT privileges ON tablename TO { grantee... } [ WITH GRANT OPTION ] Possible privileges include: SELECT - user can retrieve data UPDATE - user can modify existing data DELETE - user can remove data INSERT - user can insert new data REFERENCES - user can make references to the table

14 GRANT cont... The WITH GRANT OPTION permits the specified user can grant privileges which that user possesses on that table to other users. This is a good way to permit other users to look after permissions for certain tables, such as allowing a manager to control access to a table for there subordinates. grantee need not be a username or a set of usernames. It is permitted to specify PUBLIC, which means that the privileges are granted to everyone. GRANT SELECT ON userlist TO PUBLIC;

15 GRANT and VIEWs VIEW security validated at view create time GRANT select on employee to jim; Create view empjim as select empno,surname,forenames from employee; GRANT select on empjim to jim; REVOKE select on employee for jim;

16 Restrict Rows CREATE table checker ( usernamevarchar(200),secretinfovarchar(100) ); CREATE VIEW userview as select * from checker where username = USER; Select * from userview;

17 The DBA DBA – Database Administrator Maintain system usability Provide security Target for hate mail …

18 Area of concern System performance and tuning Data backup and recovery Product+tool selection, install, maintain System documentation Support Education Fortune Telling / Future Prediction

Download ppt "Metadata, Security, and the DBA Chapter 8.1 V3.0 Napier University Dr Gordon Russell."

Similar presentations

Creating Tables. 2 home back first prev next last What Will I Learn? List and provide an example of each of the number, character, and date data types.

Creating Tables. 2 home back first prev next last What Will I Learn? List and provide an example of each of the number, character, and date data types.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Administration, Integrity and Performance.

Database Administration, Integrity and Performance.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Dr Gordon Russell, Napier University Unit 5.3 - Data Dictionary 1 Data Dictionary Unit 5.3.

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.
Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.

Chapter 11 Database Security: An Introduction Copyright © 2004 Pearson Education, Inc.
Security and Integrity

Security and Integrity
Database Management System

Database Management System
Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.

Monday, 08 June 2015Dr. Mohamed Osman1 What is Database Administration A high level function (technical Function) that is responsible for ► physical DB.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Database objects User schema DCL Oracle dictionary.

Database objects User schema DCL Oracle dictionary.
View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.

View n A single table derived from other tables which can be a base table or previously defined views n Virtual table: doesn’t exist physically n Limitation.
Chapter 1 Introduction to Databases

Chapter 1 Introduction to Databases
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
Security and Integrity

Security and Integrity
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

1 Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
DATABASE UTILITIES. D ATABASE S YSTEM U TILITIES In addition to possessing the software modules most DBMSs have database utilities that help the DBA in.

DATABASE UTILITIES. D ATABASE S YSTEM U TILITIES In addition to possessing the software modules most DBMSs have database utilities that help the DBA in.
Database Technical Session By: Prof. Adarsh Patel.

Database Technical Session By: Prof. Adarsh Patel.

Similar presentations

Ads by Google