Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and User Authorization in SQL CIS 4301 Lecture Notes Lecture 24 - 4/18/2006.

Published bySilas Riley Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and User Authorization in SQL CIS 4301 Lecture Notes Lecture 24 - 4/18/2006."— Presentation transcript:

1 Security and User Authorization in SQL CIS 4301 Lecture Notes Lecture 24 - 4/18/2006

2 Lecture 24© CIS 4301 - Spring 20062 Authorization Both a DBMS and O/S have concept of user ID Why? Make sure users only see the data they're supposed to Guard the database against updates by malicious users How is that done under UNIX?

3 Lecture 24© CIS 4301 - Spring 20063 Privileges Aka discretionary access control Users have PRIVILEGES = Users can only operate on data for which they're AUTHORIZED For a relation R and user U, U may be authorized for SELECT ON R INSERT ON R, INSERT(A) ON R UPDATE ON R, UPDATE(A) ON R DELETE ON R … total of nine types of privileges

4 Lecture 24© CIS 4301 - Spring 20064 Example Student(ID, name, address, GPA, SAT) Campus(location, enrollment, rank) Apply(ID, location, date, major, decision) Sample query: UPDATE Apply SET decision = 'Y' WHERE ID IN (SELECT ID FROM Student WHERE GPA > 3.9) Q: What privileges are needed for this statement?

5 Lecture 24© CIS 4301 - Spring 20065 Another Example DELETE FROM Student WHERE ID NOT IN (SELECT ID FROM Apply) Q: What privileges are needed for this statement?

6 Lecture 24© CIS 4301 - Spring 20066 More on Privileges Assume user JH has only update privilege on table S Can JH execute UPDATE S SET S.ratings = 8; How about: UPDATE S SET S.ratings = S.rating + 8;

7 Lecture 24© CIS 4301 - Spring 20067 Obtaining Privileges Creator of relation is OWNER Owner has all privileges and may GRANT privileges SQL GRANT ON R TO [ WITH GRANT OPTION ] : operations as earlier, separated by commas : list of user/group names, or PUBLIC

8 Lecture 24© CIS 4301 - Spring 20068 Example GRANT DELETE, UPDATE(A) ON R TO PUBLIC; A user granted privileges WITH GRANT OPTION may grant equal or lesser privileges to other users

9 Lecture 24© CIS 4301 - Spring 20069 Another Example User JH wants to create the following table which has a table constraint: CREATE TABLE Sneaky ( maxrating INT, CHECK (maxrating >= (SELECT MAX (S.rating) FROM S))); What are the privileges that user JH needs?

10 Lecture 24© CIS 4301 - Spring 200610 More Fine-Grained Protection Operation-level privileges on single relations may not provide sufficient control Example Allow user U to select Student info for Berkeley applicants only Q: Suggestion?

11 Lecture 24© CIS 4301 - Spring 200611 Another Example Allow user U to delete Berkeley application records only Q: How? Authorization is one very important use of views

12 Lecture 24© CIS 4301 - Spring 200612 Grant Diagrams The relationship among objects, privileges, and grant options can get very complex! Use a grant diagram Illustrates the history of privileges granted

13 Lecture 24© CIS 4301 - Spring 200613 Sample Grant Diagram User JH: GRANT SELECT, INSERT ON Student TO CJ, MS WITH GRANT OPTION; GRANT SELECT ON CAMPUS to CJ, MS WITH GRANT OPTION; GRANT SELECT, INSERT ON Student TO AD; User MS: GRANT SELECT, INSERT(ID) ON Student TO AD;

14 Lecture 24© CIS 4301 - Spring 200614 Sample Grant Diagram JH SELECT On STUDENT ** JH INSERT On STUDENT ** JH SELECT On CAMPUS ** CJ SELECT On STUDENT * CJ INSERT On STUDENT * MS SELECT On STUDENT * MS INSERT On STUDENT * CJ SELECT On CAMPUS * MS SELECT On CAMPUS * AD SELECT On STUDENT AD INSERT On STUDENT AD INSERT(ID) On STUDENT

15 Lecture 24© CIS 4301 - Spring 200615 Revoking Privileges SQL: REVOKE ON R FROM [ CASCADE | RESTRICT ] Ex: REVOKE INSERT(A), DELETE ON R FROM JH; CASCADE: Also revoke privileges granted from the privileges now being revoked (transitively), except for privileges granted from some other source as well

16 Lecture 24© CIS 4301 - Spring 200616 Example JH now executes: REVOKE SELECT, INSERT ON Student FROM MS CASCADE; REVOKE SELECT ON Campus FROM MS CASCADE;

17 Lecture 24© CIS 4301 - Spring 200617 Sample Grant Diagram JH SELECT On STUDENT ** JH INSERT On STUDENT ** JH SELECT On CAMPUS ** CJ SELECT On STUDENT * CJ INSERT On STUDENT * MS SELECT On STUDENT * MS INSERT On STUDENT * CJ SELECT On CAMPUS * MS SELECT On CAMPUS * AD SELECT On STUDENT AD INSERT On STUDENT AD INSERT(ID) On STUDENT

18 Lecture 24© CIS 4301 - Spring 200618 Not Covered Many subtleties when it comes to granting and revoking privileges Checking of privileges by DBMS Handling of triggers and other modules Mandatory access control

Download ppt "Security and User Authorization in SQL CIS 4301 Lecture Notes Lecture 24 - 4/18/2006."

Similar presentations

1 Term 2, 2004, Lecture 6, Views and SecurityMarian Ursu, Department of Computing, Goldsmiths College Views and Security 3.

1 Term 2, 2004, Lecture 6, Views and SecurityMarian Ursu, Department of Computing, Goldsmiths College Views and Security 3.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Jan. 2014Dr. Yangjun Chen ACS-49021 Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )

Jan. 2014Dr. Yangjun Chen ACS Database security and authorization (Ch. 22, 3 rd ed. – Ch. 23, 4 th ed. – Ch. 24, 6 th )
Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.

Database Security by Muhammad Waheed Aslam SIS Project Leader ITC/KFUPM.
Database Management System

Database Management System
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
1 SQL Authorization Privileges Grant and Revoke Grant Diagrams.

1 SQL Authorization Privileges Grant and Revoke Grant Diagrams.
Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.

Security and Authorization. Introduction to DB Security Secrecy: Users shouldn’t be able to see things they are not supposed to. –E.g., A student can’t.
CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.

CSCI 5707: Database Security Pusheng Zhang University of Minnesota March 2, 2004.
Security and Transaction Management Pertemuan 8 Matakuliah: T0413/Current Popular IT II Tahun: 2007.

Security and Transaction Management Pertemuan 8 Matakuliah: T0413/Current Popular IT II Tahun: 2007.
Dec 15, 2003Murali Mani Transactions and Security B term 2004: lecture 17.

Dec 15, 2003Murali Mani Transactions and Security B term 2004: lecture 17.
Cs3431 Transactions, Logging and Security. cs3431 Transactions: What and Why? A set of operations on a database must appear as one “unit”. Example: Consider.

Cs3431 Transactions, Logging and Security. cs3431 Transactions: What and Why? A set of operations on a database must appear as one “unit”. Example: Consider.
Triggers, security and authorization in SQL Niki Sardjono Niki Sardjono CS 157A sect 2 Prof. S. M. Lee.

Triggers, security and authorization in SQL Niki Sardjono Niki Sardjono CS 157A sect 2 Prof. S. M. Lee.
Security and Integrity

Security and Integrity
Chapter 9 SQL and RDBMS Part C. SQL Copyright 2005 Radian Publishing Co.

Chapter 9 SQL and RDBMS Part C. SQL Copyright 2005 Radian Publishing Co.
Database Systems Marcus Kaiser School of Computing Science Newcastle University.

Database Systems Marcus Kaiser School of Computing Science Newcastle University.
Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.

Database Security John Ortiz. Lecture 23Database Security2 Secure Passwords  Two main requirements for choosing a secure password:  1) MUST be easy.
Switch off your Mobiles Phones or Change Profile to Silent Mode.

Switch off your Mobiles Phones or Change Profile to Silent Mode.
Copyright س Oracle Corporation, 1998. All rights reserved. 14 Controlling User Access.

Copyright س Oracle Corporation, All rights reserved. 14 Controlling User Access.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Similar presentations

Ads by Google