490 likes | 662 Views
Access control. Access control. GRANT statement. Access control. GRANT statement GRANT statement may be used by a user to authorise various kinds of access to his/her tables by another user or class of users. Access control. Syntax GRANT. ALL <list of privileges>. Access control.
E N D
Access control • GRANT statement
Access control • GRANT statement GRANT statement may be used by a user to authorise various kinds of access to his/her tables by another user or class of users
Access control • Syntax GRANT ALL <list of privileges>
Access control • Syntax GRANT ON ALL <list of privileges> <table name> <view name>
Access control • Syntax GRANT ON TO ALL <list of privileges> <table name> <view name> PUBLIC <list of users>
Access control • Syntax GRANT ON TO[WITH GRANT OPTION]; ALL <list of privileges> <table name> <view name> PUBLIC <list of users>
Access control • Privileges
Access control • Privileges • SELECT Grantee is allowed to select data from a table determined by a grantor
Access control • Privileges • SELECT Grantee is allowed to selected data from a table determined by a grantor • DELETE Grantee is allowed to delete data from a table determined by a grantor
Access control • Privileges • SELECT Grantee is allowed to selected data from a table determined by a grantor • DELETE Grantee is allowed to delete data from a table determined by a grantor • INSERT Grantee is allowed to insert data into a table determined by a grantor
Access control • Privileges • SELECT Grantee is allowed to selected data from a table determined by a grantor • DELETE Grantee is allowed to delete data from a table determined by a grantor • INSERT Grantee is allowed to insert data into a table determined by a grantor
Access control • Privileges • UPDATE [<list of columns>] Grantee is allowed to update the columns from a table determined by a grantor
Access control • Privileges • UPDATE [<list of columns>] Grantee is allowed to update the columns from a table determined by a grantor • REFERENCES [<list of columns] Grantee is allowed to reference the columns from a table specified by a grantor
Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz;
Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; privilege
Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; privilege table (view) name
Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; privilege user table (view) name
Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; Then user Janusz can say: SELECT * FROM Scott.Supplier;
Access control • Granting privileges User Scott says: GRANT SELECT ON Supplier TO Janusz; Then user Janusz can say: SELECT * FROM Scott.Supplier; user.table
Access control • Granting privileges User Janusz says: CREATE SYNONYM Ssupplier FOR Scott.Supplier;
Access control • Granting privileges User Janusz says: CREATE SYNONYM Ssupplier FOR Scott.Supplier; Then user Janusz can say: SELECT * FROM Ssupplier;
Access control • Granting privileges User Scott says: GRANT UPDATE pname, price ON Part TO Janusz;
Access control • Granting privileges User Scott says: GRANT UPDATE pname, price ON Part TO Janusz; Then user Janusz can say: UPDATE Scott.Part SET price = price + 10 WHERE pname =‘bolt’;
Access control • Granting privileges User Scott says: GRANT ALL ON Supplier TO PUBLIC;
Access control • Granting privileges User Scott says: GRANT ALL ON Supplier TO PUBLIC; Then anyone can say: SELECT * FROM Scott.Supplier; UPDATE Scott.Part SET price = price + 10 WHERE pname =‘bolt’; INSERT INTO Scott.Supplier VALUES( ... ); DELETE FROM Scott.Supplier;
Access control • Granting privileges User Scott says: GRANT REFERENCE s# ON Supplier TO Janusz;
Access control • Granting privileges User Scott says: GRANT REFERENCE s# ON Supplier TO Janusz; Then user Janusz can say: CREATE TABLE MySP( s# … CONSTRAINT MySP_fkey FOREIGN KEY(s#) REFERENCES Scott.SP(s#);
Access control • Granting privileges User Scott says: GRANT REFERENCE s# ON Supplier TO Janusz; Then user Janusz can say: CREATE TABLE MySP( s# … CONSTRAINT MySP_fkey FOREIGN KEY(s#) REFERENCES Scott.SP(s#);
Access control • Granting privileges User Scott says: CREATE VIEW SuppliersFrom London AS SELECT * FROM Supplier WHERE city = ‘London;
Access control • Granting privileges User Scott says: CREATE VIEW SuppliersFromLondon AS SELECT * FROM Supplier WHERE city = ‘London; GRANT DELETE ON SuppliersFromLondon TO Janusz;
Access control • Granting privileges Then user Janusz can say: DELETE FROM Scott.SuppliersFromLondon WHERE dob < ‘1-JAN-38’;
Access control • Granting privileges User Scott says: CREATE VIEW PartShort AS SELECT p#, pname FROM Part;
Access control • Granting privileges User Scott says: CREATE VIEW PartShort AS SELECT p#, pname FROM Part; GRANT SELECT ON PartShort TO Janusz;
Access control • Granting privileges Then user Janusz can say: SELECT p# FROM Scott.PartShort WHERE pname = ‘bolt’;
Access control • Grant propagation
Access control • Grant propagation User Scott says: GRANT SELECT ON SP TO JK02
Access control • Grant propagation User Scott says: GRANT SELECT ON SP TO JK02 WITH GRANT OPTION;
Access control • Grant propagation User Scott says: GRANT SELECT ON SP TO JK02 WITH GRANT OPTION; Then user JK02 says: CREATE VIEW SPShort AS SELECT s#, p# FROM SP;
Access control • Grant propagation User Scott says: GRANT SELECT ON SP TO JK02 WITH GRANT OPTION; Then user JK02 says: CREATE VIEW SPShort AS SELECT s#, p# FROM SP; GRANT SELECT ON SPShort TO Janusz;
Access control • Grant propagation Then user Janusz can say: SELECT * FROM JK02.SPShort;
Access control • Grant propagation Then user Janusz can say: SELECT * FROM JK02.SPShort; User Janusz can’t say: GRANT SELECT ON SPShort TO Greg;
Access control • REVOKE statement
Access control • REVOKE statement REVOKE statement may be used to revoke a subset privileges granted to a user
Access control • Syntax REVOKE ON FROM ; <table name> <view name> ALL <list of privileges> PUBLIC <list of users>
Access control • Revoking privileges User Scott says: REVOKE SELECT ON SP FROM JK02 ;
Access control • Revoking privileges User Scott says: REVOKE SELECT ON SP FROM JK02 ; Then user JK02 can’t say: SELECT * FROM Scott.SP;
Access control • Revoking privileges User Scott says: REVOKE SELECT ON SP FROM JK02 ; Then user JK02 can’t say: SELECT * FROM Scott.SP; and user Janusz can’t say: SELECT * FROM JK02.SPShort;
Access control • Bibliography • P. O’Neil, Database - Principles, Programming, Performance, chapter 6.3 • R. Elmasri, S.B. Navathe, Fundamentals of Database Systems, chapter 20.1, 20.2 • R. K. Stephens, et al. Teach Yourself SQL in 21 Days