1 database administration. 2 objectives understand, create, and drop views grant and revoke...

1

Database Administration

2

Objectives

Understand, create, and drop views Grant and revoke users’ privileges Understand and obtain information from the system

catalog

3

Views

Base tables Existing, permanent tables in a relational database

View A derived table where data is derived from a base table User interacts with the view View provides security

4

View Benefits

Views provide data independence Different users can view the same data in different

ways because each user has their own view It can contain only those columns required by a

given user Greatly simplifies user perception of database Furnishes a measure of security since user as access to

data contained only in their view

5

Views

A view is defined by creating a defining query (SQL command that indicates the rows and columns that will appear in the view)

The formulation of the view definition is: CREATE <view name> AS <query>

The defining query can be any valid SQL query Define a view named HOUSEWARES that consists of the

part number, part description, units on hand, and unit price of all parts in item class HW

6

Joins

In general, views that involve joins of base tables can cause problems at update

If two base tables have the same primary key and the primary key is used as the join column, updating the database is not a problem

7

DROP View Command

Deletes a view definition only Table and data on which view is based still exists

8

Security

Security is the prevention of unauthorized access to the database

Two security mechanisms Views GRANT command

9

GRANT and REVOKE Commands

Grant different privileges to users and revoke them later, if necessary: Ability to select rows from a table Insert new rows Update existing rows

GRANT <privilege> TO <user> REVOKE <privilege> FROM <user>

10

Privileges

Privileges that can be granted are SELECT UPDATE DELETE INSERT INDEX

For a user to pass the privilege on to others the database administrator must use GRANT statement and include WITH GRANT OPTION

11

GRANT Command

User Jones must be able to retrieve data from the SALES_REP table GRANT SELECT ON SALES_REP TO JONES;

Users Smith and Brown must be able to add new parts to the PART table. GRANT INSERT ON PART TO SMITH, BROWN;

12

GRANT Command

User Thomas must be able to change the structure of the CUSTOMER table GRANT ALTER ON CUSTOMER TO THOMAS;

User Wilson must have all privileges for the SALES_REP, CUSTOMER, and ORDERS tables GRANT ALL ON SALES_REP, CUSTOMER,

ORDERS TO WILSON;

13

REVOKE Command

User Jones is no longer allowed to retrieve data from the SALES_REP table REVOKE SELECT ON SALES_REP FROM JONES;

14

Comprehensive Example

Allow sales rep number 03 (Mary Jones) to access any data concerning the customers she represents, but do not permit her to access data concerning any other customerCREATE VIEW SLSR3CST AS

SELECT *

FROM CUSTOMER

WHERE SLSREP_NUMBER = ’03’

GRANT SELECT ON SLSR3CST TO MARY JONES;

15

The System Catalog

Information concerning tables known to the DBMS is kept in the system catalog, or the data dictionary

System catalog contains tables USER_TABLES (DBA_TABLES) USER_TAB_COLUMNS (DBA_TAB_COLUMNS) USER_VIEWS (DBA_VIEWS)

System catalog is a relational database Users need special privileges to view the data in the

system catalog

16

System Catalog Example

List the name of every table for which the owner (creator of the table) is PRATT

SELECT TABLE_NAME FROM DBA_TABLES WHERE OWNER = ‘PRATT’;

List the name of every view whose owner is PRATT

SELECT VIEW_NAME FROM DBA_VIEWS WHERE OWNER = ‘PRATT’;

17

Summary

A view is a pseudotable whose contents are derived form data in existing base tables whenever users attempt to access the view

To define a view, use the CREATE VIEW statement This statement includes a defining query that describes

the portion of the database included in the view When a user retrieves data from the view, the query

entered by the user is merged with the defining query, producing the query that SQL actually executes

18

Summary

Views provide data independence, allow database access control, and simplify the database structure for users

You cannot update views that involve statistics and views with joins of non-primary key columns In this case you must make all updates to the base table

Use the DROP VIEW command to delete a view Use the GRANT command to give users access privileges

to various portions of the database Use the REVOKE command to terminate previously

granted privileges

19

Summary

The DBMS maintains information about the tables, columns, indexes, and other system elements in the system catalog

Information about tables is kept in the SYSTABLES table, information about columns is kept in the SYSCOLUMNS table, and information about views is kept in the SYSVIEWS table

In Oracle these same tables are named DBA_TABLES, DBA_TAB_COLUMNS, and DBA_VIEWS

Use the SELECT command to obtain information from the system catalog

The DBMS updates the system catalog continuously; users do not update the catalog directly