1 access control. 2 grant statement 3 access control grant statement grant statement may be used by...
TRANSCRIPT
1
Access controlAccess control
2
Access controlAccess control
• GRANT statement• GRANT statement
3
Access controlAccess control
• GRANT statement
GRANT statement may be used by
a user to authorise various kinds
of access to his/her tables by another
user or class of users
• GRANT statement
GRANT statement may be used by
a user to authorise various kinds
of access to his/her tables by another
user or class of users
4
Access controlAccess control
• Syntax
GRANT
• Syntax
GRANT ALL<list of privileges>
5
Access controlAccess control
• Syntax
GRANT ON
• Syntax
GRANT ONALL<list of privileges>
<table name><view name>
6
Access controlAccess control
• Syntax
GRANT ON
TO
• Syntax
GRANT ON
TO
ALL<list of privileges>
<table name><view name>
PUBLIC<list of users>
7
Access controlAccess control
• Syntax
GRANT ON
TO [WITH GRANT OPTION];
• Syntax
GRANT ON
TO [WITH GRANT OPTION];
ALL<list of privileges>
<table name><view name>
PUBLIC<list of users>
8
Access controlAccess control
• Privileges• Privileges
9
Access controlAccess control
• Privileges
SELECTGrantee is allowed to select data from a table determined by a grantor
• Privileges
SELECTGrantee is allowed to select data from a table determined by a grantor
10
Access controlAccess control
• Privileges
SELECTGrantee is allowed to selected data from a table determined by a grantor
DELETEGrantee is allowed to delete data from a table determined by a grantor
• Privileges
SELECTGrantee is allowed to selected data from a table determined by a grantor
DELETEGrantee is allowed to delete data from a table determined by a grantor
11
Access controlAccess control
• Privileges
SELECTGrantee is allowed to selected data from a table determined by a grantor
DELETEGrantee is allowed to delete data from a table determined by a grantor
INSERTGrantee is allowed to insert data into a table determined by a grantor
• Privileges
SELECTGrantee is allowed to selected data from a table determined by a grantor
DELETEGrantee is allowed to delete data from a table determined by a grantor
INSERTGrantee is allowed to insert data into a table determined by a grantor
12
Access controlAccess control
• Privileges
SELECTGrantee is allowed to selected data from a table determined by a grantor
DELETEGrantee is allowed to delete data from a table determined by a grantor
INSERTGrantee is allowed to insert data into a table determined by a grantor
• Privileges
SELECTGrantee is allowed to selected data from a table determined by a grantor
DELETEGrantee is allowed to delete data from a table determined by a grantor
INSERTGrantee is allowed to insert data into a table determined by a grantor
13
Access controlAccess control
• Privileges
UPDATE [<list of columns>]Grantee is allowed to update the columns from a table determined by a grantor
• Privileges
UPDATE [<list of columns>]Grantee is allowed to update the columns from a table determined by a grantor
14
Access controlAccess control
• Privileges
UPDATE [<list of columns>]Grantee is allowed to update the columns from a table determined by a grantor
REFERENCES [<list of columns]Grantee is allowed to reference the columns from a table specified by a grantor
• Privileges
UPDATE [<list of columns>]Grantee is allowed to update the columns from a table determined by a grantor
REFERENCES [<list of columns]Grantee is allowed to reference the columns from a table specified by a grantor
15
Access controlAccess control
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
16
Access controlAccess control
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
privilege
17
Access controlAccess control
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
privilege
table (view) name
18
Access controlAccess control
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
privilege
table (view) name
user
19
Access controlAccess control
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
Then user Janusz can say: SELECT * FROM Scott.Supplier;
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
Then user Janusz can say: SELECT * FROM Scott.Supplier;
20
Access controlAccess control
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
Then user Janusz can say: SELECT * FROM Scott.Supplier;
• Granting privileges
User Scott says:GRANT SELECT ON Supplier TO Janusz;
Then user Janusz can say: SELECT * FROM Scott.Supplier;
user.table
21
Access controlAccess control
• Granting privileges
User Janusz says:CREATE SYNONYM Ssupplier
FOR Scott.Supplier;
• Granting privileges
User Janusz says:CREATE SYNONYM Ssupplier
FOR Scott.Supplier;
22
Access controlAccess control
• Granting privileges
User Janusz says:CREATE SYNONYM Ssupplier
FOR Scott.Supplier;
Then user Janusz can say:SELECT * FROM Ssupplier;
• Granting privileges
User Janusz says:CREATE SYNONYM Ssupplier
FOR Scott.Supplier;
Then user Janusz can say:SELECT * FROM Ssupplier;
23
Access controlAccess control
• Granting privileges
User Scott says:GRANT UPDATE pname, price ON Part
TO Janusz;
• Granting privileges
User Scott says:GRANT UPDATE pname, price ON Part
TO Janusz;
24
Access controlAccess control
• Granting privileges
User Scott says:GRANT UPDATE pname, price ON Part
TO Janusz;
Then user Janusz can say:UPDATE Scott.Part SET price = price + 10
WHERE pname =‘bolt’;
• Granting privileges
User Scott says:GRANT UPDATE pname, price ON Part
TO Janusz;
Then user Janusz can say:UPDATE Scott.Part SET price = price + 10
WHERE pname =‘bolt’;
25
Access controlAccess control
• Granting privileges
User Scott says:GRANT ALL ON Supplier TO PUBLIC;
• Granting privileges
User Scott says:GRANT ALL ON Supplier TO PUBLIC;
26
Access controlAccess control
• Granting privileges
User Scott says:GRANT ALL ON Supplier TO PUBLIC;
Then anyone can say:SELECT * FROM Scott.Supplier;
UPDATE Scott.Part SET price = price + 10
WHERE pname =‘bolt’;
INSERT INTO Scott.Supplier VALUES( ... );
DELETE FROM Scott.Supplier;
• Granting privileges
User Scott says:GRANT ALL ON Supplier TO PUBLIC;
Then anyone can say:SELECT * FROM Scott.Supplier;
UPDATE Scott.Part SET price = price + 10
WHERE pname =‘bolt’;
INSERT INTO Scott.Supplier VALUES( ... );
DELETE FROM Scott.Supplier;
27
Access controlAccess control
• Granting privileges
User Scott says:GRANT REFERENCE s# ON Supplier
TO Janusz;
• Granting privileges
User Scott says:GRANT REFERENCE s# ON Supplier
TO Janusz;
28
Access controlAccess control
• Granting privileges
User Scott says:GRANT REFERENCE s# ON Supplier
TO Janusz;
Then user Janusz can say:CREATE TABLE MySP( s# …
CONSTRAINT MySP_fkey FOREIGN KEY(s#) REFERENCES Scott.SP(s#);
• Granting privileges
User Scott says:GRANT REFERENCE s# ON Supplier
TO Janusz;
Then user Janusz can say:CREATE TABLE MySP( s# …
CONSTRAINT MySP_fkey FOREIGN KEY(s#) REFERENCES Scott.SP(s#);
29
Access controlAccess control
• Granting privileges
User Scott says:GRANT REFERENCE s# ON Supplier
TO Janusz;
Then user Janusz can say:CREATE TABLE MySP( s# …
CONSTRAINT MySP_fkey FOREIGN KEY(s#) REFERENCES Scott.SP(s#);
• Granting privileges
User Scott says:GRANT REFERENCE s# ON Supplier
TO Janusz;
Then user Janusz can say:CREATE TABLE MySP( s# …
CONSTRAINT MySP_fkey FOREIGN KEY(s#) REFERENCES Scott.SP(s#);
30
Access controlAccess control
• Granting privileges
User Scott says:CREATE VIEW SuppliersFrom London AS
SELECT *
FROM Supplier
WHERE city = ‘London;
• Granting privileges
User Scott says:CREATE VIEW SuppliersFrom London AS
SELECT *
FROM Supplier
WHERE city = ‘London;
31
Access controlAccess control
• Granting privileges
User Scott says:CREATE VIEW SuppliersFromLondon AS
SELECT *
FROM Supplier
WHERE city = ‘London;
GRANT DELETE ON SuppliersFromLondon TO Janusz;
• Granting privileges
User Scott says:CREATE VIEW SuppliersFromLondon AS
SELECT *
FROM Supplier
WHERE city = ‘London;
GRANT DELETE ON SuppliersFromLondon TO Janusz;
32
Access controlAccess control
• Granting privileges
Then user Janusz can say:DELETE FROM Scott.SuppliersFromLondon
WHERE dob < ‘1-JAN-38’;
• Granting privileges
Then user Janusz can say:DELETE FROM Scott.SuppliersFromLondon
WHERE dob < ‘1-JAN-38’;
33
Access controlAccess control
• Granting privileges
User Scott says:CREATE VIEW PartShort AS
SELECT p#, pname
FROM Part;
• Granting privileges
User Scott says:CREATE VIEW PartShort AS
SELECT p#, pname
FROM Part;
34
Access controlAccess control
• Granting privileges
User Scott says:CREATE VIEW PartShort AS
SELECT p#, pname
FROM Part;
GRANT SELECT ON PartShort TO Janusz;
• Granting privileges
User Scott says:CREATE VIEW PartShort AS
SELECT p#, pname
FROM Part;
GRANT SELECT ON PartShort TO Janusz;
35
Access controlAccess control
• Granting privileges
Then user Janusz can say:SELECT p#
FROM Scott.PartShort
WHERE pname = ‘bolt’;
• Granting privileges
Then user Janusz can say:SELECT p#
FROM Scott.PartShort
WHERE pname = ‘bolt’;
36
Access controlAccess control
• Grant propagation• Grant propagation
37
Access controlAccess control
• Grant propagation
User Scott says:GRANT SELECT ON SP TO JK02
• Grant propagation
User Scott says:GRANT SELECT ON SP TO JK02
38
Access controlAccess control
• Grant propagation
User Scott says:GRANT SELECT ON SP TO JK02
WITH GRANT OPTION;
• Grant propagation
User Scott says:GRANT SELECT ON SP TO JK02
WITH GRANT OPTION;
39
Access controlAccess control
• Grant propagation
User Scott says:GRANT SELECT ON SP TO JK02
WITH GRANT OPTION;
Then user JK02 says:CREATE VIEW SPShort AS
SELECT s#, p#
FROM SP;
• Grant propagation
User Scott says:GRANT SELECT ON SP TO JK02
WITH GRANT OPTION;
Then user JK02 says:CREATE VIEW SPShort AS
SELECT s#, p#
FROM SP;
40
Access controlAccess control
• Grant propagation
User Scott says:GRANT SELECT ON SP TO JK02
WITH GRANT OPTION;
Then user JK02 says:CREATE VIEW SPShort AS
SELECT s#, p#
FROM SP;
GRANT SELECT ON SPShort TO Janusz;
• Grant propagation
User Scott says:GRANT SELECT ON SP TO JK02
WITH GRANT OPTION;
Then user JK02 says:CREATE VIEW SPShort AS
SELECT s#, p#
FROM SP;
GRANT SELECT ON SPShort TO Janusz;
41
Access controlAccess control
• Grant propagation
Then user Janusz can say:SELECT *
FROM JK02.SPShort;
• Grant propagation
Then user Janusz can say:SELECT *
FROM JK02.SPShort;
42
Access controlAccess control
• Grant propagation
Then user Janusz can say:SELECT *
FROM JK02.SPShort;
User Janusz can’t say:GRANT SELECT ON SPShort TO Greg;
• Grant propagation
Then user Janusz can say:SELECT *
FROM JK02.SPShort;
User Janusz can’t say:GRANT SELECT ON SPShort TO Greg;
43
Access controlAccess control
• REVOKE statement• REVOKE statement
44
Access controlAccess control
• REVOKE statement
REVOKE statement may be used to revoke
a subset privileges granted to a user
• REVOKE statement
REVOKE statement may be used to revoke
a subset privileges granted to a user
45
Access controlAccess control
• Syntax
REVOKE ON
FROM ;
• Syntax
REVOKE ON
FROM ;
ALL<list of privileges>
<table name><view name>
PUBLIC<list of users>
46
Access controlAccess control
• Revoking privileges
User Scott says:REVOKE SELECT ON SP FROM JK02 ;
• Revoking privileges
User Scott says:REVOKE SELECT ON SP FROM JK02 ;
47
Access controlAccess control
• Revoking privileges
User Scott says:REVOKE SELECT ON SP FROM JK02 ;
Then user JK02 can’t say:SELECT * FROM Scott.SP;
• Revoking privileges
User Scott says:REVOKE SELECT ON SP FROM JK02 ;
Then user JK02 can’t say:SELECT * FROM Scott.SP;
48
Access controlAccess control
• Revoking privileges
User Scott says:REVOKE SELECT ON SP FROM JK02 ;
Then user JK02 can’t say:SELECT * FROM Scott.SP;
and user Janusz can’t say:SELECT * FROM JK02.SPShort;
• Revoking privileges
User Scott says:REVOKE SELECT ON SP FROM JK02 ;
Then user JK02 can’t say:SELECT * FROM Scott.SP;
and user Janusz can’t say:SELECT * FROM JK02.SPShort;
49
Access controlAccess control
• Bibliography
P. O’Neil, Database - Principles, Programming, Performance, chapter 6.3
R. Elmasri, S.B. Navathe, Fundamentals of Database Systems, chapter 20.1, 20.2
R. K. Stephens, et al. Teach Yourself SQL in 21 Days
• Bibliography
P. O’Neil, Database - Principles, Programming, Performance, chapter 6.3
R. Elmasri, S.B. Navathe, Fundamentals of Database Systems, chapter 20.1, 20.2
R. K. Stephens, et al. Teach Yourself SQL in 21 Days