SQL Authorization - York University · SQL identifies a more detailed set of privileges on objects...

SQLAuthorization

PRIVILEGESGRANTANDREVOKEGRANTDIAGRAMS

1INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY

AuthorizationAfilesystemidentifiescertainprivilegesontheobjects(files)itmanages.◦ Typicallyread,write,execute.

Afilesystemidentifiescertainparticipantstowhomprivilegesmaybegranted.◦ Typicallytheowner,agroup,allusers.


Privileges– (1)SQLidentifiesamoredetailedsetofprivilegesonobjects(relations)thanthetypicalfilesystem.

Nineprivilegesinall,someofwhichcanberestrictedtoonecolumnofonerelation.


Privileges– (2)Someimportantprivilegesonarelation:

1. SELECT =righttoquerytherelation.2. INSERT =righttoinserttuples.

◗ Mayapplytoonlyoneattribute.

3. DELETE =righttodeletetuples.4. UPDATE =righttoupdatetuples.

◗ Mayapplytoonlyoneattribute.


Example:PrivilegesForthestatementbelow:INSERTINTOBeers(name)SELECTbeerFROMSellsWHERENOTEXISTS

(SELECT*FROMBeersWHEREname=beer);

WerequireprivilegesSELECTonSellsandBeers,andINSERTonBeersorBeers.name.

5

Beers appearing in Sells that donot appear inBeers. We addthem to Beerswith a NULLmanufacturer.

INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY

DatabaseObjectsTheobjectsonwhichprivilegesexistincludingstoredtables andviews.

Otherprivilegesaretherighttocreateobjectsofatype,e.g.,triggers.

Viewsformanimportanttoolforaccesscontrol.


Example:ViewsasAccessControlWemightnotwanttogivetheSELECTprivilegeonEmps(name,addr,salary).

ButitissafertogiveSELECTon:

CREATE VIEW SafeEmps AS

SELECT name, addr FROM Emps;

QueriesonSafeEmpsdonotrequireSELECTonEmps,justonSafeEmps.


AuthorizationID’sAuserisreferredtobyauthorization ID,typicallytheirloginname.

ThereisanauthorizationIDPUBLIC.◦ GrantingaprivilegetoPUBLICmakesitavailabletoanyauthorizationID.


GrantingPrivilegesYouhaveallpossibleprivilegesontheobjects,suchasrelations,thatyoucreate.

Youmaygrantprivilegestootherusers(authorizationID’s),includingPUBLIC.

YoumayalsograntprivilegesWITHGRANTOPTION,whichletsthegranteealsograntthisprivilege.


TheGRANTStatementTograntprivileges,say:

GRANT<listofprivileges>

ON<relationorotherobject>

TO<listofauthorizationID’s>;

Ifyouwanttherecipient(s)tobeabletopasstheprivilege(s)toothersadd:

WITHGRANTOPTION


Example:GRANTSupposeyouaretheownerofSells.Youmaysay:

GRANT SELECT, UPDATE(price)

ON Sells

TO sally;

NowSallyhastherighttoissueanyqueryonSellsandcanupdatethepricecomponentonly.


Example:GrantOptionSupposewealsogrant:

GRANT UPDATE ON Sells TO sally

WITH GRANT OPTION;

Now,SallynotonlycanupdateanyattributeofSells,butcangranttootherstheprivilegeUPDATEONSells.◦ Also,shecangrantmorespecificprivilegeslikeUPDATE(price)ON Sells.


TaskAssumeforsimplicitythereisatableMovies(movieID,movie,gross,type),ownedbyyou.

WriteSQLstatement(s) usingview givingaccess(SELECT)to JohntocolumnsmovieID,movie andmovietypeonly,suchthat:1) Johncanpassgrantprivilegastootherusers2) Johncannotpassprivilegestootheruser


RevokingPrivilegesREVOKE<listofprivileges>

ON<relationorotherobject>

FROM<listofauthorizationID’s>;

Yourgrantoftheseprivilegescannolongerbeusedbytheseuserstojustifytheiruseoftheprivilege.◦ Buttheymaystillhavetheprivilegebecausetheyobtaineditindependentlyfromelsewhere.


REVOKEOptionsWemustappendtotheREVOKEstatementeither:

1. CASCADE.Now,anygrantsmadebyarevokeearealsonotinforce,nomatterhowfartheprivilegewaspassed.

2. RESTRICT.Iftheprivilegehasbeenpassedtoothers,theREVOKEfailsasawarningthatsomethingelsemustbedoneto“chasetheprivilegedown.”


GrantDiagramsNodes=user/privilege/grantoption?/isowner?◦ UPDATEONR,UPDATE(a)onR,andUPDATE(b)ONRliveindifferentnodes.◦ SELECTONRandSELECTONRWITHGRANTOPTIONliveindifferentnodes.

EdgeX ->Y meansthatnodeXwasusedtograntY.


NotationforNodesUseAP forthenoderepresentingauthorizationIDA havingprivilegeP.◦ P *=privilegeP withgrantoption.◦ P **=thesourceoftheprivilegeP.

◦ I.e., A istheowneroftheobjectonwhichP isaprivilege.◦ Note**impliesgrantoption.


ManipulatingEdges– (1)WhenA grantsP toB,wedrawanedgefromAP *orAP **toBP.◦ OrtoBP *ifthegrantiswithgrantoption.

IfA grantsasubprivilegeQ ofP [sayUPDATE(a)onRwhenP isUPDATEONR]thentheedgegoestoBQ orBQ *,instead.


ManipulatingEdges– (2)Fundamentalrule:UserC hasprivilegeQ aslongasthereisapathfromXP **toCQ,CQ*,orCQ**,andP isasuperprivilegeofQ.◦ RememberthatP couldbeQ,andX couldbeC.


ManipulatingEdges– (3)IfA revokesP fromB withtheCASCADEoption,deletetheedgefromAPtoBP.

ButifA usesRESTRICTinstead,andthereisanedgefromBP toanywhere,thenrejecttherevocationandmakenochangetothegraph.


ManipulatingEdges– (4)Havingrevisedtheedges,wemustcheckthateachnodehasapathfromsome**node,representingownership.

Anynodewithnosuchpathrepresentsarevokedprivilegeandisdeletedfromthediagram.


Example:GrantDiagram

22

AP**

A owns theobject onwhich P isa privilege

BP*

A: GRANT PTO B WITHGRANT OPTION

CP*

B: GRANT PTO C WITHGRANT OPTION

CP

A: GRANT PTO C


Example:GrantDiagram

23

AP** BP* CP*

CP

A executesREVOKE P FROM B CASCADE;

However, C stillhas P without grantoption because ofthe direct grant.

Not only does B loseP*, but C loses P*.Delete BP* and CP*.

Even hadC passed Pto B, bothnodes arestill cut off.


Date post:	14-Aug-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

SQL Authorization - York University · SQL identifies a more detailed set of privileges on objects...

Documents