Security, Transactions, Security, Transactions, and Viewsand Views

About SecurityAbout Security

As is the case in most shared As is the case in most shared environments, the DBMS also must environments, the DBMS also must implement a security mechanism that implement a security mechanism that allows the setting of permissions to allows the setting of permissions to data and actions pertaining to that data and actions pertaining to that data.data.

This is required to ensure data security.This is required to ensure data security.

SecuritySecurity

• Achieved through GRANT & REVOKEAchieved through GRANT & REVOKE

• Assumes the database can recognize its Assumes the database can recognize its users and verify their identityusers and verify their identity

• can also be controlled through the use of can also be controlled through the use of views - subsets of dataviews - subsets of data

• usually maintained by the database usually maintained by the database administrator or DBAadministrator or DBA

GRANT CommandGRANT Command

This “grants” a user or group of users This “grants” a user or group of users permission to manipulate specified permission to manipulate specified data in specified ways.data in specified ways.

GRANT {ALL | privilege_list}GRANT {ALL | privilege_list}ON {table_name | view_name ON {table_name | view_name [(col_list)]}[(col_list)]}TO {PUBLIC | user_list}TO {PUBLIC | user_list}

REVOKE CommandREVOKE Command

This “revokes” a granted permission issued by GRANT This “revokes” a granted permission issued by GRANT from a specified user.from a specified user.

REVOKE {ALL | privilege_list}REVOKE {ALL | privilege_list}ON {table_name | view_name [(col_list)]}ON {table_name | view_name [(col_list)]}FROM {PUBLIC | user_list}FROM {PUBLIC | user_list}

Tip:Tip:1) You GRANT TO and REVOKE FROM.1) You GRANT TO and REVOKE FROM.2) The most recently issued statement supercedes all 2) The most recently issued statement supercedes all others.others.

ViewsViewsA view is representation of an existing table which corresponds to the SELECT statement that created it. The view can then be manipulated much like an actual table.

A view is not a separate table or entity. It’s more like a mask of the actual table.

Uses of a VIEWUses of a VIEW

• Hiding sensitive data from usersHiding sensitive data from users

• Preserving a previous table schemaPreserving a previous table schema

• Presenting data to users in a desired Presenting data to users in a desired format.format.

• Simplify a complex querySimplify a complex query

Creating a VIEWCreating a VIEW

CREATE VIEW view_name CREATE VIEW view_name [(col_name…)][(col_name…)]ASASSELECT _statementSELECT _statement

Dropping a VIEWDropping a VIEW

DROP VIEW view_nameDROP VIEW view_name

Only drops the view… not the table.Only drops the view… not the table.

More about ViewsMore about Views• The view displays like any table and The view displays like any table and

the data you see is the actual data in the data you see is the actual data in the table(s).the table(s).

• A view is more for viewing rather than A view is more for viewing rather than updating since an update could updating since an update could disqualify a record from the view.disqualify a record from the view.

• Updates made to a view are made to Updates made to a view are made to the table(s) and any changes made to the table(s) and any changes made to the table(s) are reflected in the view.the table(s) are reflected in the view.

Naming View ColumnsNaming View Columns

• Column names are inherited from the Column names are inherited from the underlying tables.underlying tables.

• New names can be assignedNew names can be assigned

• Columns must be renamed when Columns must be renamed when using arithmetic expressions or when using arithmetic expressions or when more than one column has the same more than one column has the same name.name.

Transactions are...Transactions are...

TransactionTransaction

- Logical unit of work- Logical unit of work

Transaction ManagementTransaction Management

- ensuring that a set of SQL statements - ensuring that a set of SQL statements is treated as a unit - an indivisible entityis treated as a unit - an indivisible entity

TransactionsTransactionsA transaction is a set of SQL statements A transaction is a set of SQL statements

that represent a unit of work or a that represent a unit of work or a procedural operation.procedural operation.

A transaction is not complete unless all off A transaction is not complete unless all off its steps are followed through.its steps are followed through.

This can be critical to maintaining data This can be critical to maintaining data integrity such as when an account must integrity such as when an account must be credited while debiting another.be credited while debiting another.

Why transactions?Why transactions?Transactions are necessary for the purpose of Transactions are necessary for the purpose of

concurrency control and recoveryconcurrency control and recovery

concurrency controlconcurrency control - allowing multiple users simultaneous - allowing multiple users simultaneous accessaccess

recoveryrecovery- allowing the database system to return the - allowing the database system to return the database to a reliable state after a failure.database to a reliable state after a failure.

ConcurrencyConcurrency

• Lost-update problemLost-update problem

• LockingLocking– database system puts a lock on database system puts a lock on

accessed data so it cannot be altered accessed data so it cannot be altered until lock is released.until lock is released.

LockingLocking

Since many users may be trying to Since many users may be trying to access the same data simultaneously access the same data simultaneously the DBMS has a locking mechanism the DBMS has a locking mechanism which locks data which is in use.which locks data which is in use.

This provides a solution to concurrency This provides a solution to concurrency problems which would arise if locking problems which would arise if locking were not available.were not available.

2 Types of Locks2 Types of LocksExclusiveExclusive

- for UPDATE, INSERT, and DELETE (write - for UPDATE, INSERT, and DELETE (write operations)operations)- no other transaction can acquire lock until - no other transaction can acquire lock until original is releasedoriginal is released

SharedShared- applied during non-update or read operations - - applied during non-update or read operations - usually SELECTusually SELECT- prevents write operations from acquiring lock- prevents write operations from acquiring lock- allows other read operations to share lock- allows other read operations to share lock

RecoveryRecovery

• Allows a database to bounce back Allows a database to bounce back after a system failureafter a system failure

• must decidemust decide– what transactions are incompletewhat transactions are incomplete

– which transactions completed but were which transactions completed but were not written and must be redonenot written and must be redone

User-defined TransactionsUser-defined Transactions

• Allows user to define any number of Allows user to define any number of SQL statements as a transaction SQL statements as a transaction and instruct the database to process and instruct the database to process them as one unit.them as one unit.

Defining a TransactionDefining a Transaction

• A transaction starts with the keyword A transaction starts with the keyword BEGINBEGIN

BEGINBEGINSQL statementSQL statementSQL statementSQL statementSQL statementSQL statement

COMMITCOMMIT

Finishing the TransactionFinishing the Transaction

• If the transaction goes successfully If the transaction goes successfully then the COMMIT command will then the COMMIT command will commit the changes to the database.commit the changes to the database.

• However, if an error occurs the However, if an error occurs the ROLLBACK command can be used to ROLLBACK command can be used to restore the database to its state prior restore the database to its state prior to the transaction.to the transaction.