Access control

Access control

Access control • GRANT statement

Access control • GRANT statement GRANT statement may be used by a user to authorise various kinds of access to his/her tables by another user or class of users

Access control • Syntax GRANT ALL <list of privileges>

Access control • Syntax GRANT ON ALL <list of privileges> <table name> <view name>

Access control • Syntax GRANT ON TO ALL <list of privileges> <table name> <view name> PUBLIC <list of users>

Access control • Syntax GRANT ON TO[WITH GRANT OPTION]; ALL <list of privileges> <table name> <view name> PUBLIC <list of users>

Access control • Privileges

Access control • Privileges • SELECT Grantee is allowed to select data from a table determined by a grantor

Access control • Privileges • SELECT Grantee is allowed to selected data from a table determined by a grantor • DELETE Grantee is allowed to delete data from a table determined by a grantor

Access control • Privileges • SELECT Grantee is allowed to selected data from a table determined by a grantor • DELETE Grantee is allowed to delete data from a table determined by a grantor • INSERT Grantee is allowed to insert data into a table determined by a grantor

Access control • Privileges • UPDATE [<list of columns>] Grantee is allowed to update the columns from a table determined by a grantor

Access control • Privileges • UPDATE [<list of columns>] Grantee is allowed to update the columns from a table determined by a grantor • REFERENCES [<list of columns] Grantee is allowed to reference the columns from a table specified by a grantor

Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz;

Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; privilege

Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; privilege table (view) name

Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; privilege user table (view) name

Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; Then user Janusz can say: SELECT * FROM Scott.Supplier;

Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; Then user Janusz can say: SELECT * FROM Scott.Supplier; user.table

Access control • Granting privileges User Janusz says: CREATE SYNONYM Ssupplier FOR Scott.Supplier;

Access control • Granting privileges User Janusz says: CREATE SYNONYM Ssupplier FOR Scott.Supplier; Then user Janusz can say: SELECT * FROM Ssupplier;

Access control • Granting privileges User Scott says: GRANT UPDATE pname, price ON Part TO Janusz;

Access control • Granting privileges User Scott says: GRANT UPDATE pname, price ON Part TO Janusz; Then user Janusz can say: UPDATE Scott.Part SET price = price + 10 WHERE pname =‘bolt’;

Access control • Granting privileges User Scott says: GRANT ALL ON Supplier TO PUBLIC;

Access control • Granting privileges User Scott says: GRANT ALL ON Supplier TO PUBLIC; Then anyone can say: SELECT * FROM Scott.Supplier; UPDATE Scott.Part SET price = price + 10 WHERE pname =‘bolt’; INSERT INTO Scott.Supplier VALUES( ... ); DELETE FROM Scott.Supplier;

Access control • Granting privileges User Scott says: GRANT REFERENCE s# ON Supplier TO Janusz;

Access control • Granting privileges User Scott says: GRANT REFERENCE s# ON Supplier TO Janusz; Then user Janusz can say: CREATE TABLE MySP( s# … CONSTRAINT MySP_fkey FOREIGN KEY(s#) REFERENCES Scott.SP(s#);

Access control • Granting privileges User Scott says: CREATE VIEW SuppliersFrom London AS SELECT * FROM Supplier WHERE city = ‘London;

Access control • Granting privileges User Scott says: CREATE VIEW SuppliersFromLondon AS SELECT * FROM Supplier WHERE city = ‘London; GRANT DELETE ON SuppliersFromLondon TO Janusz;

Access control • Granting privileges Then user Janusz can say: DELETE FROM Scott.SuppliersFromLondon WHERE dob < ‘1-JAN-38’;

Access control • Granting privileges User Scott says: CREATE VIEW PartShort AS SELECT p#, pname FROM Part;

Access control • Granting privileges User Scott says: CREATE VIEW PartShort AS SELECT p#, pname FROM Part; GRANT SELECT ON PartShort TO Janusz;

Access control • Granting privileges Then user Janusz can say: SELECT p# FROM Scott.PartShort WHERE pname = ‘bolt’;

Access control • Grant propagation

Access control • Grant propagation User Scott says: GRANT SELECT ON SP TO JK02

Access control • Grant propagation User Scott says: GRANT SELECT ON SP TO JK02 WITH GRANT OPTION;

Access control • Grant propagation User Scott says: GRANT SELECT ON SP TO JK02 WITH GRANT OPTION; Then user JK02 says: CREATE VIEW SPShort AS SELECT s#, p# FROM SP;

Access control • Grant propagation User Scott says: GRANT SELECT ON SP TO JK02 WITH GRANT OPTION; Then user JK02 says: CREATE VIEW SPShort AS SELECT s#, p# FROM SP; GRANT SELECT ON SPShort TO Janusz;

Access control • Grant propagation Then user Janusz can say: SELECT * FROM JK02.SPShort;

Access control • Grant propagation Then user Janusz can say: SELECT * FROM JK02.SPShort; User Janusz can’t say: GRANT SELECT ON SPShort TO Greg;

Access control • REVOKE statement

Access control • REVOKE statement REVOKE statement may be used to revoke a subset privileges granted to a user

Access control • Syntax REVOKE ON FROM ; <table name> <view name> ALL <list of privileges> PUBLIC <list of users>

Access control • Revoking privileges User Scott says: REVOKE SELECT ON SP FROM JK02 ;

Access control • Revoking privileges User Scott says: REVOKE SELECT ON SP FROM JK02 ; Then user JK02 can’t say: SELECT * FROM Scott.SP;

Access control • Revoking privileges User Scott says: REVOKE SELECT ON SP FROM JK02 ; Then user JK02 can’t say: SELECT * FROM Scott.SP; and user Janusz can’t say: SELECT * FROM JK02.SPShort;

Access control • Bibliography • P. O’Neil, Database - Principles, Programming, Performance, chapter 6.3 • R. Elmasri, S.B. Navathe, Fundamentals of Database Systems, chapter 20.1, 20.2 • R. K. Stephens, et al. Teach Yourself SQL in 21 Days

Access control

Access control

Presentation Transcript

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access Control

Access control

ACCESS CONTROL

Access Control

Access Control