Access Control & Views Reading: C&B, Chap 7

Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the principles of object ownership & privileges how virtual tables (views) are defined how views can be implemented how views & privileges may be combined to provide access control

Dept of Computing Science, University of Aberdeen3 The Importance of Views & Privileges In large organisations, DBMSs are used by a range of staff: –directors, managers, analysts, engineers, personnel, secretarial, etc. Consequently, access to data in different tables may need to be controlled to: –provide access to authorised users –restrict access to unauthorised users –enforce business rules or government regulations Views & privileges can help implement access control...

Dept of Computing Science, University of Aberdeen4 SQL's Access Control Model Access Control in SQL is similar to multi-user operating systems (e.g. Unix, Windows,...) A user supplies an Authorisation Id and password to the DBMS The DBMS opens a session for the user The DBMS runs SQL statements on behalf of the user The user becomes the owner of any objects he creates By default, only the owner may access his objects The owner may grant and revoke access privileges to other users

Dept of Computing Science, University of Aberdeen5 Granting Privileges GRANT { PrivilegeList | ALL PRIVILEGES } ON ObjectName TO { AuthIdList | PUBLIC } [ WITH GRANT OPTION ] where (typically): –ObjectName is a table –PrivilegeList may be a combination of: SELECT, INSERT, UPDATE, DELETE (can specify column names) REFERENCES (column names referenced by integrity constraints) USAGE (use of domain definitions)

Dept of Computing Science, University of Aberdeen6 Examples of Using SQL Access Control Allow any member of staff (with an Auth ID) to access the Client table: GRANT ALL PRIVILEGES ON Client TO PUBLIC Allow only personnel staff to hire staff or to change their salaries: GRANT SELECT, INSERT, UPDATE (Salary) ON Staff TO personnel Privileges are revoked in a similar manner: REVOKE { PrivilegeList | ALL PRIVILEGES } ON ObjectName FROM { AuthIdList | PUBLIC } [ RESTRICT | CASCADE ]

Dept of Computing Science, University of Aberdeen7 What are Views? A view is a virtual table, constructed from base tables Only the definition of a view is stored permanently A view is realised dynamically when it is first referenced Views are manipulated like other DBMS objects: CREATE VIEW ViewName... (next slide) DROP VIEW ViewName GRANT ALL PRIVILEGES ON ViewName TO PUBLIC REVOKE ALL PRIVILEGES ON ViewName FROM PUBLIC

Dept of Computing Science, University of Aberdeen8 Creating Views - Horizontal Views A horizontal view restricts the rows that may be seen: CREATE VIEW Manager3Staff AS SELECT * FROM Staff WHERE BranchNo = 'B003'; Then... SELECT * FROM Manager3Staff; Manager3Staff StaffNoFnameLnamePositionSexSalaryBranchNo SG37AnnBeechAssistantF12000B003 SG5SusanBrandManagerF24000B003

Dept of Computing Science, University of Aberdeen9 Creating Views - Vertical Views A vertical view restricts the columns that may be seen: CREATE VIEW Staff3 AS SELECT StaffNo, Fname, Lname, Position FROM Manager3Staff; Then... SELECT * FROM Staff3; Staff3 StaffNoFnameLnamePosition SG37AnnBeechAssistant SG5SusanBrandManager

Dept of Computing Science, University of Aberdeen10 General Syntax for Creating Views General syntax: CREATE VIEW ViewName [ (NewColNames) ] AS SubSelect; The SubSelect clause is called the defining query To create a view, a user must have SELECT privilege on the base tables Once created, views often behave like ordinary base tables... Views can be used in SELECT or JOIN clauses Views can be updated (with some restrictions)

Dept of Computing Science, University of Aberdeen11 Final Example Grouped & Joined Views Views can be used to help simplify complex queries Example: create a view showing the number of properties managed by each member of staff and the branches they work at: CREATE VIEW StaffProperties (StaffNo, BranchNo, Properties) AS SELECT s.StaffNo, s.BranchNo, COUNT (*) FROM Staff s, PropertyForRent p WHERE s.StaffNo = p.StaffNo GROUP BY s.BranchNo, s.StaffNo; Can now query StaffProperties as if its a base table SELECT * FROM StaffProperties;

Dept of Computing Science, University of Aberdeen12 How Are Views Implemented? Most DBMSs implement views using view resolution: SQL re-writes the view references back to the underlying base tables (the algorithm is given in C&B Ch.6 p 180) The alternative is view materialisation: SQL populates a temporary table when the view is first referenced However, keeping the temporary table up-to-date can be difficult... View materialisation is an active area of DB research

Dept of Computing Science, University of Aberdeen13 How to Access Other Users' Objects In SQL, the full name of a table has the form: server.schema.owner.table If the System Administrator (user 'sa') owns all of the DreamHome tables, and user 'sbrand' manages Branch 3, The sa might enter: USE Dreamhome; GRANT SELECT ON Manager3Staff TO sbrand; Then, user sbrand could reference the view as: SELECT * FROM Dreamhome.sa.Manager3Staff; Or equally: SELECT * FROM Dreamhome.Manager3Staff;

Dept of Computing Science, University of Aberdeen14 Restrictions on Views With views, some queries are not permitted: –Queries that resolve to nested aggregates –Queries that give aggregates in a WHERE clause Views can be updated provided: –There are no aggregates in the columns to be updated –There are no GROUP BY or HAVING clauses –The view contains only one source table with no nested SELECTs

Dept of Computing Science, University of Aberdeen15 Updating Views An Important Subtlety SQL allows a view to be updated provided the changed rows in the base tables still satisfy all of the conditions of the defining query's WHERE clause. For example: UPDATE Manager3Staff SET BranchNo = 'B005' WHERE StaffNo = 'SG37'; This would fail because the modified row (BranchNo = 'B005') would no longer be selected by the view definition (WHERE BranchNo = 'B003'). –View updates may not allow rows to migrate into or out of the view –Can exploit this behaviour to help enforce DB integrity –Put domain/business constraints into the view definition & only update views

Dept of Computing Science, University of Aberdeen16 Summary of Views Advantages: –Views help provide granularity of access control –Views can help reduce complexity and improve access control –Views can help maintain DB integrity (e.g. by doing updates via views) Disadvantages: –There are some restrictions on their use –Resolution method can cause a performance penalty –Materialisation method can cause consistency problems

Dept of Computing Science, University of Aberdeen17 SQL - Overall Summary SQL is a powerful relational DB query language SQL is declarative, not procedural (e.g. no variables) SQL is showing its age... (e.g. quirky syntax, bolted-on features) ANSI SQL resolves some inconsistencies between DBMS vendors But despite being over 25 years old... SQL remains THE world-standard for DBMSs