Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views 

Published byPhilomena Freeman Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views "— Presentation transcript:

1 Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views  Assertions

2 Triggers A trigger is a statement that is executed automatically by the system as a side effect of a modification to the database. Triggers are fired implicitly and not called by user like procedure and function To design a trigger mechanism, we must:  Specify the conditions under which the trigger is to be executed  Specify the actions to be taken when the trigger executes

3 Use of Database Triggers To access table during regular business hours or on predetermined weekdays To keep track of modification of data along with the user name, the operation performed and the time when the operation was performed To prevent invalid transaction Enforces complex security authorization

4 Database Triggers Vs Procedures  Triggers do not accept parameters whereas procedures can have parameters  Triggers are executed (fired) automatically upon modification of the table or it’s data whereas to execute a procedure it has to be explicitly called by the user

5 How To apply Database Triggers A trigger has three parts  A triggering event or statement – An SQL statement that causes a trigger to be fired. It can be insert, update or delete statement for a specific table  A trigger restriction – It specifies a Boolean expression that must be TRUE for the trigger to fire. It conditionally controls the execution of trigger. Specified using WHEN clause  Trigger Action – PL/SQL block to be executed when triggering statement is encountered and trigger restriction evaluates to TRUE

6 Types of Triggers  Row Triggers – A row trigger is fired each time a row in the table is affected by triggering statement. If the triggering statement affects no rows, the trigger is not executed at all  Statement Triggers – A statement trigger is fired once on behalf of the triggering statement, independent of number of rows affected by the triggering statement

7 Before Vs After Triggers When defining a trigger it is necessary to specify the trigger timing i. e. when trigger action is to be executed in relation to the triggering Statement. Before and After apply to both row and statement trigger  Before Triggers – Trigger action is executed before triggering statement  After Triggers – Trigger action is executed after triggering statement

8 Creating A Trigger CREATE OR REPLACE TRIGGER [ schema. ] { BEFORE, AFTER } { DELETE, INSERT, UPDATE [ OF column1,... ] ON [schema.] [ REFERENCING { OLD AS old, NEW AS new} ] [ FOR EACH ROW [ WHEN condition ] ] DECLARE ; BEGIN ; Exception ; End;

9 Trigger Example CREATE OR REPLACE TRIGGER t_Audit_trail BEFORE DELETE OR UPDATE ON Customer FOR EACH ROW DECLARE oper varchar2(8); BEGIN If updating then oper :=‘Update’ end if; If deleting then oper :=‘Delete’ end if; insert into audit_cust values (:OLD.custno, :OLD.fname, :OLD.lname, :OLD.address, oper, user, sysdate); End;

10 Security Management Granting And Revoking Permissions The permissions or rights that allow user to use some of or all of resources on the server are called Privileges  Granting of Privileges - Objects that are created by a user are owned and controlled by that user. If a user want to access any of the objects belonging to another user, the owner of the object will have to give permissions for such access  Revoking of Privileges – Privileges once given can be taken back by the owner of the object

11 Granting Privileges GRANT statement provides various types of access to database objects such as tables, views, sequences and so on. A user can grant all or only specific object privileges GRANT ON To [WITH GRANT OPTION]; WITH GRANT OPTION – Allows the grantee to in turn grant object privileges to other users

12 Object Privileges  ALTER – Allows grantee to change the table definition with the ALTER TABLE command  DELETE – Allows grantee to remove records from the table with DELETE command  INDEX – Allows grantee to create an index on the table with the CREATE INDEX command  INSERT – Allows grantee to add records to the table with the INSERT command  SELECT – Allows grantee to query the table with SELETE command  UPDATE – Allows grantee to modify the records in the table with the UPDATE command

13 Granting Privileges  All permissions to secompa user on employee object GRANT ALL ON employee TO secompa  Give secompb user permission to only view and modify the records in the table client_master GRANT SELECT, UPDATE ON client_master TO secompb  Give secompa user all data manipulation permissions on table salesman_master along with grant permission on the same table to other users GRANT ALL ON salesman_master TO secompa WITH GRANT OPTION

14 Revoking Privileges REVOKE statement is used to deny the grant given on an object REVOKE ON FROM  REVOKE is used to revoke object privileges that the user previously granted directly to the grantee  REVOKE is not used to revoke the privileges granted through the operating system

15 Revoking Privileges  Take back all permissions on employee object from secompa user REVOKE ALL ON employee FROM secompa  Take back view and modify permission from secompb user on table client_master REVOKE SELECT, UPDATE ON client_master FROM secompb

16 VIEWS Effective way to meet security requirement Virtual relation / table A view is mapped to a SELECT statement. A table on which a view is based is described in the FROM clause and known as BASE TABLE / RELATION SELECT clause consist of sub-set of columns from BASE table / relation

17 VIEWS … DMBS stores definition about a VIEW in the system catalog, Data Dictionary VIEW holds no data at all until a call to view is made DBMS treats VIEW like a BASE table / relation VIEW can be queried same as BASE table

18 VIEW … READ ONLY VIEW VIEW used only for looking at table data i. e retrieval of data (SELECT) not for manipulation of data (INSERT, UPDATE, DELETE) UPDATABLE VIEW VIEW used for data retrieval as well as INSERT, UPDATE, DELETE

19 Why VIEWs Are Created / Benefits Data Security To keep data redundancy to the minimum possible. It reduces redundant data on the HDD to a very large extent

20 VIEW - Limitations / drawbacks VIEWs will run slower than QUERY

21 Creating VIEW Syntax : CREATE VIEW AS SELECT A1, A2, …, An FROM WHERE P GROUP BY HAVING P Note : ORDER BY clause can not be used while creating VIEWs

22 Querying VIEWs Syntax : SELECT A1, A2, …, Ak FROM WHERE P GROUP BY HAVING P ORDER BY A1, A2, …, Ak

23 Where, A1, A2, …, Ak are attributes of a relation / table P predicate

24 Updatable Views For a view to be updatable, it should meet following criteria  Views must be defined from single table  To INSERT records using VIEWs, all the PRIMARY KEY & NOT NULL columns must be included in the view definition  UPDATE & DELETE records can be done using Views even if the all PRIMARY KEY and NOT NULL columns are excluded from view definition

25 Restrictions on Updatable Views VIEW definition must not include  Aggregate functions  DISTINCT, GROUP BY or HAVING Clause  Sub-queries  Constants, String or Value expressions like SELL_PRICE * 0.15  UNION, INTERSECT or MINUS clause  If a view is defined from another view, the second view should be updatable

26 Destroying a VIEW DROP VIEW command is used to remove a VIEW from database Syntax : DROP VIEW

27 Assertions An assertion is a predicate expressing a condition that we wish the database always to satisfy An assertion in SQL takes the form create assertion check When an assertion is made, the system tests it for validity, and tests it again on every update that may violate the assertion  This testing may introduce a significant amount of overhead; hence assertions should be used with great care

28 The sum of all loan amounts for each branch must be less than the sum of all account balances at the branch. create assertion sum-constraint check (not exists (select * from branch where (select sum(amount) from loan where loan.branch- name = branch.branch-name) >= (select sum(amount) from account where loan.branch-name = branch.branch-name))) Assertions

Download ppt "Chapter 5 : Integrity And Security  Domain Constraints  Referential Integrity  Security  Triggers  Authorization  Authorization in SQL  Views "

Similar presentations

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.
Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Database Administration, Integrity and Performance.

Database Administration, Integrity and Performance.
SQL Constraints and Triggers

SQL Constraints and Triggers
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.
Database Management System

Database Management System
Triggers The different types of integrity constraints discussed so far provide a declarative mechanism to associate “simple” conditions with a table such.

Triggers The different types of integrity constraints discussed so far provide a declarative mechanism to associate “simple” conditions with a table such.
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.

A Guide to Oracle9i1 Advanced SQL And PL/SQL Topics Chapter 9.
Concepts of Database Management Sixth Edition

Concepts of Database Management Sixth Edition
Database Systems More SQL Database Design -- More SQL1.

Database Systems More SQL Database Design -- More SQL1.
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
A Guide to SQL, Seventh Edition. Objectives Understand, create, and drop views Recognize the benefits of using views Grant and revoke user’s database.

A Guide to SQL, Seventh Edition. Objectives Understand, create, and drop views Recognize the benefits of using views Grant and revoke user’s database.
Chapter 5 Data Manipulation and Transaction Control Oracle 10g: SQL

Chapter 5 Data Manipulation and Transaction Control Oracle 10g: SQL
Chapter 6: Integrity Objective Key Constraints (Chapter 2) Cardinality Constraints (Chapter 2) Domain Constraints Referential Integrity Assertions Triggers.

Chapter 6: Integrity Objective Key Constraints (Chapter 2) Cardinality Constraints (Chapter 2) Domain Constraints Referential Integrity Assertions Triggers.
Security and Integrity

Security and Integrity
Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.

Chapter 6: Integrity and Security Thomas Nikl 19 October, 2004 CS157B.
©Silberschatz, Korth and Sudarshan6.1Database System Concepts Chapter 6: Integrity and Security Domain Constraints Referential Integrity Assertions Triggers.

©Silberschatz, Korth and Sudarshan6.1Database System Concepts Chapter 6: Integrity and Security Domain Constraints Referential Integrity Assertions Triggers.
Chapter 4: Advanced SQL. 4.2Unite International CollegeDatabase Management Systems Chapter 4: Advanced SQL SQL Data Types and Schemas Integrity Constraints.

Chapter 4: Advanced SQL. 4.2Unite International CollegeDatabase Management Systems Chapter 4: Advanced SQL SQL Data Types and Schemas Integrity Constraints.
Chapter 6 Additional Database Objects

Chapter 6 Additional Database Objects

Similar presentations

Ads by Google