Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 10: Dr. Taysir Hassan Abdel Hamid May 10, 2015.

Published byAngelica Butler Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 10: Dr. Taysir Hassan Abdel Hamid May 10, 2015."— Presentation transcript:

1 Lecture 10: Dr. Taysir Hassan Abdel Hamid May 10, 2015

2 Outline Data Control Language (DCL) Views JDBC Object-oriented Data Modeling

3 Data Control Language (DCL)

4 Sub-sets of SQL Data retrieval: SELECT Data Manipulation Language (DML): INSERT, UPDATE, DELETE Data Definition Language (DDL): CREATE, ALTER, DROP, RENAME Data Control Language (DCL): GRANT, REVOKE 4

5 Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t see other students’ grades. Integrity: Users shouldn’t be able to modify things they are not supposed to. –E.g., Only instructors can assign grades. Availability: Users should be able to see and modify things they are allowed to.

6 GRANT Command GRANT privileges ON object TO users [WITH GRANT OPTION] The following privileges can be specified: –SELECT Can read all columns including those added later via ALTER TABLE command –INSERT(column-name) Can insert tuples with non-null or nondefault values in this column. –INSERT means same right with respect to all columns. –DELETE Can delete tuples. –REFERENCES (column-name) Can define foreign keys (in other tables) that refer to this column. If you want the recipient(s) to be able to pass the privilege(s) to others add: WITH GRANT OPTION

7 Grant Example I Suppose Joe has created the tables –Sailors(sid, sname, rating, age) –Boats(bid, bname, color) –Reserves(sid, bid, day) Joe now executes the following: GRANT INSERT, DELETE ON Reserves TO Omar WITH GRANT OPTION; Omar can now insert or delete Reserves rows and authorize someone else to do the same.

8 Grant Example II Joe further executes: GRANT SELECT ON Reserves TO Michael; GRANT SELECT ON Sailors TO Michael WITH GRANT OPTION; Michael can now execute SELECT queries on Sailors and Reserves, and he can pass this privilege to others for Sailors but not for Reserves.

9 Grant Example V Suppose now that Joe executes: GRANT SELECT, REFERENCES(bid) ON Boats TO Bill; Bill can then refer to the bid column of Boats as a foreign key in another table. E.g. CREATE TABLE BillTable ( bid INTEGER, … FOREIGN KEY (bid) REFERENCES Boats ); But, why the SQL standard chose to introduce the REFERENCES privilege rather than to simply allow the SELECT privilege to be used when creating a Foreign Key?

10 Role-Based Authorization Privileges can also be assigned to roles. Roles can then be granted to users and to other roles. Reflects how real organizations work. Example. CREATE ROLE some_role; GRANT SELECT ON Reserves TO some_role; GRANT INSERT ON Sailors TO some_role; GRANT UPDATE ON Boats TO some_role; GRANT some_role TO Michael; GRANT some_role TO Bill;

11 Revoke Example I REVOKE [GRANT OPTION FOR] privileges ON object FROM users {RESTRICT | CASCADE} Suppose Joe is the creator of Sailors. GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Joe) GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Art) REVOKE SELECT ON Sailors FROM Art CASCADE (executed by Joe)

12 Revoke Example II Art loses the SELECT privilege on Sailors. Then Bob, who received this privilege from Art, and only Art, also loses this privilege. –Bob’s privilege is said to be abandoned When CASCADE is specified, all abandoned privileges are also revoked –Possibly causing privileges held by other users to become abandoned and thereby revoked recursively. If the RESTRICT keyword is specified, the command is rejected if revoking privileges causes other privileges becoming abandoned.

13 Revoke Example III Joe executes: GRANT SELECT ON Sailors TO Art WITH GRANT OPTION Joe executes: GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION Art executes: GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION Joe executes: REVOKE SELECT ON Sailors FROM Art CASCADE As before, Art loses the SELECT privilege on Sailors. But what about Bob? Bob received this privilege from Art, but he also received it independently from Joe. So, he doesn’t lose the privilege.

14 Revoke Example IV Joe executes: GRANT SELECT ON Sailors TO Art WITH GRANT OPTION REVOKE SELECT ON Sailors FROM Art CASCADE Since Joe granted the privilege to Art twice and only revoked it once, does Art get to keep the privilege? As per the SQL, NO. It doesn’t matter how many times we grant a privilege.

15 Privilege Descriptors When a GRANT is executed, a privilege descriptor is added to a table of such descriptors maintained by the DBMS. The privilege descriptor specifies the: –grantor of the privilege, –grantee who receives the privilege, –granted privilege –grant option When a user creates a table or view he 'automatically' gets privileges, –A privilege descriptor with system as the grantor is entered into the descriptors table.

16 Authorization Graphs Nodes are users. Arcs indicate how privileges are passed. GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Joe) GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Art) GRANT SELECT ON Sailors TO Art WITH GRANT OPTION (executed by Bob) GRANT SELECT ON Sailors TO Cal WITH GRANT OPTION (executed by Joe) GRANT SELECT ON Sailors TO Bob WITH GRANT OPTION (executed by Cal)

17 Views in SQL - A view is a “virtual” table that is derived from other tables - Allows for limited update operations (since the table may not physically be stored) - Allows full query operations - A convenience for defining complex operations once and reusing the definition - Can also be used as a security mechanism

18 Specification of Views SQL command: CREATE VIEW - a virtual table (view) name - a possible list of attribute names (for example, when arithmetic operations are specified or when we want the names to be different from the attributes in the base relations) - a query to specify the view contents

19 SQL Views: An Example - Specify a virtual DEPT_INFO table to summarize departmental information - M akes it easier to query without having to specify the aggregate functions, GROUP BY, and HAVING CREATE VIEW DEPT_INFO(DNO, NO_EMPS, TOTAL_SAL) AS SELECT DNO, COUNT(*), SUM(SALARY) FROM EMPLOYEE GROUP BY DNO;

20 Querying the View - We can specify SQL retrieval queries on a view table, same as on a base table: SELECT DNO FROM DEPT_INFO WHERE NO_OF_EMPS > 100; - Can also specify joins and other retrieval operations on the view

21 SQL Views: Another Example - Specify a virtual WORKS_ON table (called WORKS_ON_NEW), with EMPLOYEE and PROJECT names (instead of numbers) - This makes it easier to query by names without having to specify the two join conditions CREATE VIEW WORKS_ON_NEW AS SELECT FNAME, LNAME, PNAME, HOURS FROM EMPLOYEE, PROJECT, WORKS_ON WHERE SSN=ESSN AND PNO=PNUMBER GROUP BY PNAME;

22 Querying a View (cont.) We can specify SQL retrieval queries on a view table, same as on a base table: SELECT FNAME, LNAME FROM WORKS_ON_NEW WHERE PNAME=‘Research’; When no longer needed, a view can be dropped: DROP WORKS_ON_NEW;

23 Schema modification in SQL - There are two main commands for modifying schema constructs - DROP statement can remove named schema constructs, such as tables, constraints, assertions, views, and even schemas - ALTER statement can be used to change a table by adding or dropping of attributes and table constraints

24 Example: DROP TABLE Used to remove a relation (base table) and its definition The relation can no longer be used in queries, updates, or any other commands since its description no longer exists Example: DROP TABLE DEPENDENT;

25 Example: DROP TABLE (cont.) If the table being dropped is referenced from other tables, it cannot be dropped and an error is generated By adding CASCADE, all references to the table are automatically removed Example: DROP TABLE DEPENDENT CASCADE;

26 Example: ALTER TABLE Can be used to add or drop an attribute from a base relation –Suppose we want to remove the attribute BDATE from the EMPLOYEE table Example: ALTER TABLE EMPLOYEE DROP BDATE ; If the attribute is referenced from another table, an error is generated unless CASCADE is used ALTER TABLE EMPLOYEE DROP BDATE CASCADE;

27 Example: ALTER TABLE (cont.) Suppose we want to add an attribute JOB –Will have NULLs (or some default) in all the tuples after command is executed; hence, NOT NULL not allowed for new JOB attribute Example: ALTER TABLE EMPLOYEE ADD JOB VARCHAR(12); The database users must enter values for the new attribute JOB for each EMPLOYEE tuple. –This can be done using the UPDATE command.

28 DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 14-28 JDBC JDBC is an alternative to ODBC and ADO that provides database access to programs written in Java. JDBC is not an acronym — it doesn’t stand for anything! JDBC drivers are available for most DBMS products: –http://java.sun.com/products/jdbchttp://java.sun.com/products/jdbc

29 DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 14-29 JDBC Driver Types

30 DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 14-30 JDBC Components

31 14-31 Using JDBC 1. Load the driver: –The driver class libraries need to be in the CLASSPATH for the Java compiler and for the Java virtual machine. –The most reliable way to load the driver into the program is: Class.forName(string).newInstance(); 2. Establish a connection to the database: –A connection string includes the literal jdbc:, followed by the name of the driver and a URL to the database. Connection conn = DriverManager.getConnection(string);

32 14-32 Using JDBC (Continued) 3. Create a statement: Statement stmt = conn.createStatement(); 4. Process a the statement: Example statements: ResultSet rs = stmt.executeQuery(querystring); int result = stmt.executeUpdate(updatestring); ResultSetMetaData rsMeta = rs.getMetaData(); Both compiled queries and stored procedures can be processed via JDBC using PreparedStatement and CallableStatement objects.

33 Import java.sql.*; Public class type_one { public static void main (String[] args) { try { class.forName(“sun.jdbc.odbc.JdbcOdbcDriver”)//load driver Connection con=DriverManager.getConnection(“jdbc:odbc:HOD_DATA ”) //create connection with datasource Statement s = con.createStatement(); //create statement

34 String query = “select * from Data”; //create query S.execute(query); Resultset rs = s.getResultSet(); //return data from state While (rs.next() ) //retrieve data from ResultSet { System.out.println(“serial number “+rs.getString(1)); System.out.println(“, name “+rs.getString(2)); System.out.println(“ city “+rs.getString(3)); System.out.println(“ and Age “+rs.getString(4)); } s.close(); con.close(); } catch (Exception e) { System.out.println(“Exception”+e); } } }

35 Object-oriented data modeling

36 Key Definitions Object-oriented techniques view a system as a collection of self-contained objects which include both data and processes. The Unified Modeling Language (UML) –the object modeling standard –adds a variety of techniques to the field of system development.

37 Object Concepts An object is a person, place, event, or thing about which we want to capture information. Each object has properties (or attributes). The state of an object is defined by the value of its properties and relations with other objects at a point in time. Objects have behaviors -- things that they can do -- which are described by methods (or operations). Objects do not use primary or foreign keys, instead each instance is assigned a unique identifier (UID) when it is created.

38 15 - 38 Classes and Objects

39 15 - 39 Class A class is a general template we use to define and create specific instances or objects.

40 15 - 40 Object An object is an instantiation of a class. An object is a person, place, event, or thing about which we want to capture information.

41 15 - 41 Messages and Methods Messages are information sent to objects to trigger methods

42 15 - 42 Class Hierarchy

43 PowerPoint Presentation for Dennis, Wixom, & Roth Systems Analysis and Design, 3rd Edition Copyright 2006 © John Wiley & Sons, Inc. All rights reserved. 15 - 43 Inheritance

44 15 - 44 Unified Modeling Language – UML (Version 2) Defines a set of fourteen object diagramming techniques The key building block is the use case Diagrams are tightly integrated syntactically and conceptually to represent an integrated whole Application of UML can vary among organizations

45 15 - 45 UML 2.0 Diagram Summary

46 15 - 46 Integration of four UML Diagrams

47 15 - 47 USE CASE DIAGRAM

48 15 - 48 Use Case Diagram Concepts Summarizes all use cases (for the part of the system being modeled) together in one picture Shows the associations between actors and use cases

49 PowerPoint Presentation for Dennis, Wixom, & Roth Systems Analysis and Design, 3rd Edition Copyright 2006 © John Wiley & Sons, Inc. All rights reserved. 15 - 49 Use Case Diagram for Appointment System

50 15 - 50 Syntax for Use Case Diagram

51 15 - 51 Use Case Diagram for Specialized Actor

52 15 - 52 Steps in Creating the Use Case Diagram 1. Identify Use Cases 2. Draw the system boundary 3. Place Use Cases on the diagram G roup Use Cases into packages Add special Use Case associations 4. Identify the actors 5. Add associations

53 15 - 53 CLASS DIAGRAM

54 15 - 54 Elements of a Class Diagram A static model that shows the classes and relationships among classes that remain constant in the system over time Resembles the ERD, but depicts classes which include both behaviors and states, while entities in the ERD include only attributes Scope not system wide, but pertaining to a single Use Case

55 15 - 55 Class Diagram for Manage Appointment

56 15 - 56 Class Diagram Syntax

57 15 - 57 Operation Types Similar to relationships in ERDs Multiplicity shows how an instance of an object can be associated with other instances

58 15 - 58 Multiplicity

59 15 - 59 Steps in Creating a Class Diagram 1. Identify classes 2. Identify attributes and operations 3. Draw associations between classes

60 15 - 60 Initial Attributes for Class Diagrams

61 15 - 61 Revised Attributes and Associations

62 15 - 62 Final Class Diagram

63 Your final exam 6 questions and you will answer FIVE ONLY ERD, EER, schema, SQL, Normalization, RA, security

64 Grading Scheme: Total 100 Final Exam (50 points): Year Work: (30 points) Midterm Exam: 15 points Attendance: 3 Assignments & quizzes: 12 Lab exam: (20 points) Project: 10 points Lab final: 10 points

Download ppt "Lecture 10: Dr. Taysir Hassan Abdel Hamid May 10, 2015."

Similar presentations

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.
Relational Database. Relational database: a set of relations Relation: made up of 2 parts: − Schema : specifies the name of relations, plus name and type.

Relational Database. Relational database: a set of relations Relation: made up of 2 parts: − Schema : specifies the name of relations, plus name and type.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design Copyright 2000 © John Wiley & Sons, Inc. All rights reserved. Slide 1 The.

PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design Copyright 2000 © John Wiley & Sons, Inc. All rights reserved. Slide 1 The.
Fundamentals, Design, and Implementation, 9/e Chapter 14 JDBC, Java Server Pages, and MySQL.

Fundamentals, Design, and Implementation, 9/e Chapter 14 JDBC, Java Server Pages, and MySQL.
PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design Copyright 2000 © John Wiley & Sons, Inc. All rights reserved. Slide 1 The.

PowerPoint Presentation for Dennis & Haley Wixom, Systems Analysis and Design Copyright 2000 © John Wiley & Sons, Inc. All rights reserved. Slide 1 The.
SQL components In Oracle. SQL in Oracle SQL is made up of 4 components: –DDL Data Definition Language CREATE, ALTER, DROP, TRUNCATE. Creates / Alters.

SQL components In Oracle. SQL in Oracle SQL is made up of 4 components: –DDL Data Definition Language CREATE, ALTER, DROP, TRUNCATE. Creates / Alters.
95-712 Object Oriented Programming Java Java’s JDBC Allows access to any ANSI SQL-2 DBMS Does its work in terms of SQL The JDBC has classes that represent:

Object Oriented Programming Java Java’s JDBC Allows access to any ANSI SQL-2 DBMS Does its work in terms of SQL The JDBC has classes that represent:
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
Database Systems More SQL Database Design -- More SQL1.

Database Systems More SQL Database Design -- More SQL1.
Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.

Chapter 4 Relational Databases Copyright © 2012 Pearson Education, Inc. publishing as Prentice Hall 4-1.
A Guide to SQL, Seventh Edition. Objectives Understand, create, and drop views Recognize the benefits of using views Grant and revoke user’s database.

A Guide to SQL, Seventh Edition. Objectives Understand, create, and drop views Recognize the benefits of using views Grant and revoke user’s database.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 7-1 David M. Kroenke’s Chapter Seven: SQL for Database Construction and.

DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 7-1 David M. Kroenke’s Chapter Seven: SQL for Database Construction and.
Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –

Advance Computer Programming Java Database Connectivity (JDBC) – In order to connect a Java application to a database, you need to use a JDBC driver. –
Information storage: Introduction of database 10/7/2004 Xiangming Mu.

Information storage: Introduction of database 10/7/2004 Xiangming Mu.
Database Programming in Java Corresponds with Chapter 32, 33.

Database Programming in Java Corresponds with Chapter 32, 33.
JDBC. JDBC Drivers JDBC is an alternative to ODBC and ADO that provides database access to programs written in Java.

JDBC. JDBC Drivers JDBC is an alternative to ODBC and ADO that provides database access to programs written in Java.

Similar presentations

Ads by Google