Presentation is loading. Please wait.

Presentation is loading. Please wait.

Access Control & Views Reading: C&B, Chap 7. Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the principles of object.

Published byGabriel Wilkinson Modified over 10 years ago

Similar presentations

Presentation on theme: "Access Control & Views Reading: C&B, Chap 7. Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the principles of object."— Presentation transcript:

1 Access Control & Views Reading: C&B, Chap 7

2 Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the principles of object ownership & privileges how virtual tables (views) are defined how views can be implemented how views & privileges may be combined to provide access control

3 Dept of Computing Science, University of Aberdeen3 The Importance of Views & Privileges In large organisations, DBMSs are used by a range of staff: –directors, managers, analysts, engineers, personnel, secretarial, etc. Consequently, access to data in different tables may need to be controlled to: –provide access to authorised users –restrict access to unauthorised users –enforce business rules or government regulations Views & privileges can help implement access control...

4 Dept of Computing Science, University of Aberdeen4 SQL's Access Control Model Access Control in SQL is similar to multi-user operating systems (e.g. Unix, Windows,...) A user supplies an Authorisation Id and password to the DBMS The DBMS opens a session for the user The DBMS runs SQL statements on behalf of the user The user becomes the owner of any objects he creates By default, only the owner may access his objects The owner may grant and revoke access privileges to other users

5 Dept of Computing Science, University of Aberdeen5 Granting Privileges GRANT { PrivilegeList | ALL PRIVILEGES } ON ObjectName TO { AuthIdList | PUBLIC } [ WITH GRANT OPTION ] where (typically): –ObjectName is a table –PrivilegeList may be a combination of: SELECT, INSERT, UPDATE, DELETE (can specify column names) REFERENCES (column names referenced by integrity constraints) USAGE (use of domain definitions)

6 Dept of Computing Science, University of Aberdeen6 Examples of Using SQL Access Control Allow any member of staff (with an Auth ID) to access the Client table: GRANT ALL PRIVILEGES ON Client TO PUBLIC Allow only personnel staff to hire staff or to change their salaries: GRANT SELECT, INSERT, UPDATE (Salary) ON Staff TO personnel Privileges are revoked in a similar manner: REVOKE { PrivilegeList | ALL PRIVILEGES } ON ObjectName FROM { AuthIdList | PUBLIC } [ RESTRICT | CASCADE ]

7 Dept of Computing Science, University of Aberdeen7 What are Views? A view is a virtual table, constructed from base tables Only the definition of a view is stored permanently A view is realised dynamically when it is first referenced Views are manipulated like other DBMS objects: CREATE VIEW ViewName... (next slide) DROP VIEW ViewName GRANT ALL PRIVILEGES ON ViewName TO PUBLIC REVOKE ALL PRIVILEGES ON ViewName FROM PUBLIC

8 Dept of Computing Science, University of Aberdeen8 Creating Views - Horizontal Views A horizontal view restricts the rows that may be seen: CREATE VIEW Manager3Staff AS SELECT * FROM Staff WHERE BranchNo = 'B003'; Then... SELECT * FROM Manager3Staff; Manager3Staff StaffNoFnameLnamePositionSexSalaryBranchNo SG37AnnBeechAssistantF12000B003 SG5SusanBrandManagerF24000B003

9 Dept of Computing Science, University of Aberdeen9 Creating Views - Vertical Views A vertical view restricts the columns that may be seen: CREATE VIEW Staff3 AS SELECT StaffNo, Fname, Lname, Position FROM Manager3Staff; Then... SELECT * FROM Staff3; Staff3 StaffNoFnameLnamePosition SG37AnnBeechAssistant SG5SusanBrandManager

10 Dept of Computing Science, University of Aberdeen10 General Syntax for Creating Views General syntax: CREATE VIEW ViewName [ (NewColNames) ] AS SubSelect; The SubSelect clause is called the defining query To create a view, a user must have SELECT privilege on the base tables Once created, views often behave like ordinary base tables... Views can be used in SELECT or JOIN clauses Views can be updated (with some restrictions)

11 Dept of Computing Science, University of Aberdeen11 Final Example Grouped & Joined Views Views can be used to help simplify complex queries Example: create a view showing the number of properties managed by each member of staff and the branches they work at: CREATE VIEW StaffProperties (StaffNo, BranchNo, Properties) AS SELECT s.StaffNo, s.BranchNo, COUNT (*) FROM Staff s, PropertyForRent p WHERE s.StaffNo = p.StaffNo GROUP BY s.BranchNo, s.StaffNo; Can now query StaffProperties as if its a base table SELECT * FROM StaffProperties;

12 Dept of Computing Science, University of Aberdeen12 How Are Views Implemented? Most DBMSs implement views using view resolution: SQL re-writes the view references back to the underlying base tables (the algorithm is given in C&B Ch.6 p 180) The alternative is view materialisation: SQL populates a temporary table when the view is first referenced However, keeping the temporary table up-to-date can be difficult... View materialisation is an active area of DB research

13 Dept of Computing Science, University of Aberdeen13 How to Access Other Users' Objects In SQL, the full name of a table has the form: server.schema.owner.table If the System Administrator (user 'sa') owns all of the DreamHome tables, and user 'sbrand' manages Branch 3, The sa might enter: USE Dreamhome; GRANT SELECT ON Manager3Staff TO sbrand; Then, user sbrand could reference the view as: SELECT * FROM Dreamhome.sa.Manager3Staff; Or equally: SELECT * FROM Dreamhome.Manager3Staff;

14 Dept of Computing Science, University of Aberdeen14 Restrictions on Views With views, some queries are not permitted: –Queries that resolve to nested aggregates –Queries that give aggregates in a WHERE clause Views can be updated provided: –There are no aggregates in the columns to be updated –There are no GROUP BY or HAVING clauses –The view contains only one source table with no nested SELECTs

15 Dept of Computing Science, University of Aberdeen15 Updating Views An Important Subtlety SQL allows a view to be updated provided the changed rows in the base tables still satisfy all of the conditions of the defining query's WHERE clause. For example: UPDATE Manager3Staff SET BranchNo = 'B005' WHERE StaffNo = 'SG37'; This would fail because the modified row (BranchNo = 'B005') would no longer be selected by the view definition (WHERE BranchNo = 'B003'). –View updates may not allow rows to migrate into or out of the view –Can exploit this behaviour to help enforce DB integrity –Put domain/business constraints into the view definition & only update views

16 Dept of Computing Science, University of Aberdeen16 Summary of Views Advantages: –Views help provide granularity of access control –Views can help reduce complexity and improve access control –Views can help maintain DB integrity (e.g. by doing updates via views) Disadvantages: –There are some restrictions on their use –Resolution method can cause a performance penalty –Materialisation method can cause consistency problems

17 Dept of Computing Science, University of Aberdeen17 SQL - Overall Summary SQL is a powerful relational DB query language SQL is declarative, not procedural (e.g. no variables) SQL is showing its age... (e.g. quirky syntax, bolted-on features) ANSI SQL resolves some inconsistencies between DBMS vendors But despite being over 25 years old... SQL remains THE world-standard for DBMSs

Download ppt "Access Control & Views Reading: C&B, Chap 7. Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the principles of object."

Similar presentations

Views-basics 1. 2 Introduction a view is a perspective of the database different users may need to see the database differently; this is achieved through.

Views-basics 1. 2 Introduction a view is a perspective of the database different users may need to see the database differently; this is achieved through.
1 Term 2, 2004, Lecture 6, Views and SecurityMarian Ursu, Department of Computing, Goldsmiths College Views and Security 3.

1 Term 2, 2004, Lecture 6, Views and SecurityMarian Ursu, Department of Computing, Goldsmiths College Views and Security 3.
SQL -I Reading: C&B, Chaps 6, 7, 8 & 9. Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn The basic concepts and principles.

SQL -I Reading: C&B, Chaps 6, 7, 8 & 9. Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn The basic concepts and principles.
Dept. of Computing Science, University of Aberdeen1 Writing SELECT SQL Queries Nigel Beacham based on materials.

Dept. of Computing Science, University of Aberdeen1 Writing SELECT SQL Queries Nigel Beacham based on materials.
Transaction Management Reading: CB, Ch. 22. Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the problems of concurrency.

Transaction Management Reading: CB, Ch. 22. Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the problems of concurrency.
Logical Database Design Reading: C&B, Chap 17. Dept. of Computer Science, University of Aberdeen2 In this lecture you will learn What is logical database.

Logical Database Design Reading: C&B, Chap 17. Dept. of Computer Science, University of Aberdeen2 In this lecture you will learn What is logical database.
Database Design: ER Modelling

Database Design: ER Modelling
Query Processing Reading: CB, Chaps 5 & 23. Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the basic concepts of Query.

Query Processing Reading: CB, Chaps 5 & 23. Dept of Computing Science, University of Aberdeen2 In this lecture you will learn the basic concepts of Query.
Data Definition and Integrity Constraints

Data Definition and Integrity Constraints
File Organization & Indexing Reading: C&B, Ch 18 & 23.

File Organization & Indexing Reading: C&B, Ch 18 & 23.
SQL-II Reading: C&B, Chap 6, 7, 8 & 9. Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn how to sort and group query.

SQL-II Reading: C&B, Chap 6, 7, 8 & 9. Dept. of Computing Science, University of Aberdeen2 In this lecture you will learn how to sort and group query.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.
CSC271 Database Systems Lecture # 13. Summary: Previous Lecture  Grouping through GROUP BY clause  Restricted groupings  Subqueries  Multi-Table queries.

CSC271 Database Systems Lecture # 13. Summary: Previous Lecture  Grouping through GROUP BY clause  Restricted groupings  Subqueries  Multi-Table queries.
Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.

Copyright © 2011 Pearson Education, Inc. Publishing as Pearson Addison-Wesley Chapter 5 More SQL: Complex Queries, Triggers, Views, and Schema Modification.
Database Management System

Database Management System
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
1 Minggu 5, Pertemuan 10 SQL: Views and Access Control Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.

1 Minggu 5, Pertemuan 10 SQL: Views and Access Control Matakuliah: T0206-Sistem Basisdata Tahun: 2005 Versi: 1.0/0.0.
Introduction to Structured Query Language (SQL)

Introduction to Structured Query Language (SQL)
Database Systems: A Practical Approach to Design, Implementation and Management International Computer Science S. Carolyn Begg, Thomas Connolly Lecture.

Database Systems: A Practical Approach to Design, Implementation and Management International Computer Science S. Carolyn Begg, Thomas Connolly Lecture.
Chapter 7 SQL: Data Definition Pearson Education © 2009.

Chapter 7 SQL: Data Definition Pearson Education © 2009.

Similar presentations

Ads by Google