Chapter 5 - Integrity And Security

advertisement
Chapter 5 : Integrity And Security
Domain Constraints
 Referential Integrity
 Security
 Triggers
 Authorization
 Authorization in SQL
 Views
 Assertions

Triggers

A trigger is a statement that is executed
automatically by the system as a side effect
of a modification to the database. Triggers
are fired implicitly and not called by user like
procedure and function
To design a trigger mechanism, we must:


Specify the conditions under which the trigger is
to be executed
Specify the actions to be taken when the trigger
executes
Use of Database Triggers




To access table during regular business
hours or on predetermined weekdays
To keep track of modification of data along
with the user name, the operation
performed and the time when the
operation was performed
To prevent invalid transaction
Enforces complex security authorization
Database Triggers Vs Procedures
Triggers do not accept parameters
whereas procedures can have
parameters
 Triggers are executed (fired)
automatically upon modification of the
table or it’s data whereas to execute a
procedure it has to be explicitly called by
the user

How To apply Database Triggers
A trigger has three parts



A triggering event or statement – An SQL
statement that causes a trigger to be fired. It can be
insert, update or delete statement for a specific
table
A trigger restriction – It specifies a Boolean
expression that must be TRUE for the trigger to fire.
It conditionally controls the execution of trigger.
Specified using WHEN clause
Trigger Action – PL/SQL block to be executed
when triggering statement is encountered and trigger
restriction evaluates to TRUE
Types of Triggers
Row Triggers – A row trigger is fired
each time a row in the table is affected
by triggering statement. If the triggering
statement affects no rows, the trigger is
not executed at all
 Statement Triggers – A statement
trigger is fired once on behalf of the
triggering statement, independent of
number of rows affected by the
triggering statement

Before Vs After Triggers
When defining a trigger it is necessary to specify
the trigger timing i. e. when trigger action is to
be executed in relation to the triggering
Statement. Before and After apply to both row
and statement trigger
 Before Triggers – Trigger action is executed
before triggering statement
 After Triggers – Trigger action is executed
after triggering statement
Creating A Trigger
CREATE OR REPLACE TRIGGER [ schema. ]
< trigger_name >
{ BEFORE, AFTER }
{ DELETE, INSERT, UPDATE [ OF column1, . . . ]
ON [schema.] < table_name >
[ REFERENCING { OLD AS old, NEW AS new} ]
[ FOR EACH ROW [ WHEN condition ] ]
DECLARE
<variable declarations>;
<constant declarations>;
BEGIN
< PL/SQL sub-program body >;
Exception
< exception PL/SQL block >;
End;
Trigger Example
CREATE OR REPLACE TRIGGER t_Audit_trail
BEFORE DELETE OR UPDATE ON Customer
FOR EACH ROW
DECLARE
oper varchar2(8);
BEGIN
If updating then
oper :=‘Update’
end if;
If deleting then
oper :=‘Delete’
end if;
insert into audit_cust values (:OLD.custno, :OLD.fname,
:OLD.lname, :OLD.address, oper, user, sysdate);
End;
Security Management
Granting And Revoking Permissions
The permissions or rights that allow user
to use some of or all of resources on the
server are called Privileges
 Granting of Privileges - Objects that are
created by a user are owned and controlled by
that user. If a user want to access any of the
objects belonging to another user, the owner
of the object will have to give permissions for
such access
 Revoking of Privileges – Privileges once given
can be taken back by the owner of the object
Granting Privileges
GRANT statement provides various types of
access to database objects such as tables,
views, sequences and so on. A user can grant all
or only specific object privileges
GRANT <object_privileges>
ON <object_name>
To <user_name>
[WITH GRANT OPTION];
WITH GRANT OPTION – Allows the grantee to in turn grant
object privileges to other users
Object Privileges






ALTER – Allows grantee to change the table definition
with the ALTER TABLE command
DELETE – Allows grantee to remove records from the
table with DELETE command
INDEX – Allows grantee to create an index on the
table with the CREATE INDEX command
INSERT – Allows grantee to add records to the table
with the INSERT command
SELECT – Allows grantee to query the table with
SELETE command
UPDATE – Allows grantee to modify the records in
the table with the UPDATE command
Granting Privileges



All permissions to secompa user on employee object
GRANT ALL ON employee TO secompa
Give secompb user permission to only view and
modify the records in the table client_master
GRANT SELECT, UPDATE ON client_master TO
secompb
Give secompa user all data manipulation permissions
on table salesman_master along with grant permission
on the same table to other users
GRANT ALL ON salesman_master TO secompa
WITH GRANT OPTION
Revoking Privileges
REVOKE statement is used to deny the
grant given on an object
REVOKE <object_privileges>
ON <object_name>
FROM <user_name>
 REVOKE is used to revoke object privileges
that the user previously granted directly to the
grantee
 REVOKE is not used to revoke the privileges
granted through the operating system
Revoking Privileges


Take back all permissions on employee object from
secompa user
REVOKE ALL ON employee FROM secompa
Take back view and modify permission from secompb
user on table client_master
REVOKE SELECT, UPDATE ON client_master
FROM secompb
VIEWS




Effective way to meet security requirement
Virtual relation / table
A view is mapped to a SELECT statement.
A table on which a view is based is described
in the FROM clause and known as BASE
TABLE / RELATION
SELECT clause consist of sub-set of
columns from BASE table / relation
VIEWS …




DMBS stores definition about a VIEW in the
system catalog, Data Dictionary
VIEW holds no data at all until a call to view
is made
DBMS treats VIEW like a BASE table /
relation
VIEW can be queried same as BASE table
VIEW …

READ ONLY VIEW
VIEW used only for looking at table data i. e retrieval
of data (SELECT) not for manipulation of data
(INSERT, UPDATE, DELETE)

UPDATABLE VIEW
VIEW used for data retrieval as well as INSERT,
UPDATE, DELETE
Why VIEWs Are Created / Benefits


Data Security
To keep data redundancy to the minimum
possible. It reduces redundant data on the
HDD to a very large extent
VIEW - Limitations / drawbacks

VIEWs will run slower than QUERY
Creating VIEW
Syntax :
CREATE VIEW <view_name> AS
SELECT A1, A2, …, An
FROM <table_name>
WHERE P
GROUP BY <group criteria>
HAVING P
Note : ORDER BY clause can not be used
while creating VIEWs
Querying VIEWs
Syntax :
SELECT A1, A2, …, Ak
FROM <view_name>
WHERE P
GROUP BY <group_criteria>
HAVING P
ORDER BY A1, A2, …, Ak
Where ,
A1, A2, …, Ak are attributes of a relation /
table
P predicate
Updatable Views

For a view to be updatable, it should meet
following criteria



Views must be defined from single table
To INSERT records using VIEWs, all the
PRIMARY KEY & NOT NULL columns must be
included in the view definition
UPDATE & DELETE records can be done using
Views even if the all PRIMARY KEY and NOT
NULL columns are excluded from view definition
Restrictions on Updatable Views

VIEW definition must not include






Aggregate functions
DISTINCT, GROUP BY or HAVING Clause
Sub-queries
Constants, String or Value expressions like
SELL_PRICE * 0.15
UNION, INTERSECT or MINUS clause
If a view is defined from another view, the second
view should be updatable
Destroying a VIEW
DROP VIEW command is used to remove a
VIEW from database
Syntax :
DROP VIEW <view_name>
Assertions



An assertion is a predicate expressing a
condition that we wish the database always to
satisfy
An assertion in SQL takes the form
create assertion <assertion-name> check
<predicate>
When an assertion is made, the system tests it
for validity, and tests it again on every update
that may violate the assertion
 This testing may introduce a significant
amount of overhead; hence assertions should
be used with great care
Assertions

The sum of all loan amounts for each branch
must be less than the sum of all account
balances at the branch.
create assertion sum-constraint check
(not exists (select * from branch
where (select sum(amount)
from loan where loan.branch-
name = branch.branch-name)
>= (select sum(amount) from
account where
loan.branch-name =
branch.branch-name)))
Download