SQLAuthorization
PRIVILEGESGRANTANDREVOKEGRANTDIAGRAMS
1INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
AuthorizationAfilesystemidentifiescertainprivilegesontheobjects(files)itmanages.◦ Typicallyread,write,execute.
Afilesystemidentifiescertainparticipantstowhomprivilegesmaybegranted.◦ Typicallytheowner,agroup,allusers.
2INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
Privileges– (1)SQLidentifiesamoredetailedsetofprivilegesonobjects(relations)thanthetypicalfilesystem.
Nineprivilegesinall,someofwhichcanberestrictedtoonecolumnofonerelation.
3INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
Privileges– (2)Someimportantprivilegesonarelation:
1. SELECT =righttoquerytherelation.2. INSERT =righttoinserttuples.
◗ Mayapplytoonlyoneattribute.
3. DELETE =righttodeletetuples.4. UPDATE =righttoupdatetuples.
◗ Mayapplytoonlyoneattribute.
4INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
Example:PrivilegesForthestatementbelow:INSERTINTOBeers(name)SELECTbeerFROMSellsWHERENOTEXISTS
(SELECT*FROMBeersWHEREname=beer);
WerequireprivilegesSELECTonSellsandBeers,andINSERTonBeersorBeers.name.
5
Beers appearing in Sells that donot appear inBeers. We addthem to Beerswith a NULLmanufacturer.
INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
DatabaseObjectsTheobjectsonwhichprivilegesexistincludingstoredtables andviews.
Otherprivilegesaretherighttocreateobjectsofatype,e.g.,triggers.
Viewsformanimportanttoolforaccesscontrol.
6INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
Example:ViewsasAccessControlWemightnotwanttogivetheSELECTprivilegeonEmps(name,addr,salary).
ButitissafertogiveSELECTon:
CREATE VIEW SafeEmps AS
SELECT name, addr FROM Emps;
QueriesonSafeEmpsdonotrequireSELECTonEmps,justonSafeEmps.
7INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
AuthorizationID’sAuserisreferredtobyauthorization ID,typicallytheirloginname.
ThereisanauthorizationIDPUBLIC.◦ GrantingaprivilegetoPUBLICmakesitavailabletoanyauthorizationID.
8INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
GrantingPrivilegesYouhaveallpossibleprivilegesontheobjects,suchasrelations,thatyoucreate.
Youmaygrantprivilegestootherusers(authorizationID’s),includingPUBLIC.
YoumayalsograntprivilegesWITHGRANTOPTION,whichletsthegranteealsograntthisprivilege.
9INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
TheGRANTStatementTograntprivileges,say:
GRANT<listofprivileges>
ON<relationorotherobject>
TO<listofauthorizationID’s>;
Ifyouwanttherecipient(s)tobeabletopasstheprivilege(s)toothersadd:
WITHGRANTOPTION
10INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
Example:GRANTSupposeyouaretheownerofSells.Youmaysay:
GRANT SELECT, UPDATE(price)
ON Sells
TO sally;
NowSallyhastherighttoissueanyqueryonSellsandcanupdatethepricecomponentonly.
11INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
Example:GrantOptionSupposewealsogrant:
GRANT UPDATE ON Sells TO sally
WITH GRANT OPTION;
Now,SallynotonlycanupdateanyattributeofSells,butcangranttootherstheprivilegeUPDATEONSells.◦ Also,shecangrantmorespecificprivilegeslikeUPDATE(price)ON Sells.
12INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
TaskAssumeforsimplicitythereisatableMovies(movieID,movie,gross,type),ownedbyyou.
WriteSQLstatement(s) usingview givingaccess(SELECT)to JohntocolumnsmovieID,movie andmovietypeonly,suchthat:1) Johncanpassgrantprivilegastootherusers2) Johncannotpassprivilegestootheruser
13INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
RevokingPrivilegesREVOKE<listofprivileges>
ON<relationorotherobject>
FROM<listofauthorizationID’s>;
Yourgrantoftheseprivilegescannolongerbeusedbytheseuserstojustifytheiruseoftheprivilege.◦ Buttheymaystillhavetheprivilegebecausetheyobtaineditindependentlyfromelsewhere.
14INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
REVOKEOptionsWemustappendtotheREVOKEstatementeither:
1. CASCADE.Now,anygrantsmadebyarevokeearealsonotinforce,nomatterhowfartheprivilegewaspassed.
2. RESTRICT.Iftheprivilegehasbeenpassedtoothers,theREVOKEfailsasawarningthatsomethingelsemustbedoneto“chasetheprivilegedown.”
15INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
GrantDiagramsNodes=user/privilege/grantoption?/isowner?◦ UPDATEONR,UPDATE(a)onR,andUPDATE(b)ONRliveindifferentnodes.◦ SELECTONRandSELECTONRWITHGRANTOPTIONliveindifferentnodes.
EdgeX ->Y meansthatnodeXwasusedtograntY.
16INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
NotationforNodesUseAP forthenoderepresentingauthorizationIDA havingprivilegeP.◦ P *=privilegeP withgrantoption.◦ P **=thesourceoftheprivilegeP.
◦ I.e., A istheowneroftheobjectonwhichP isaprivilege.◦ Note**impliesgrantoption.
17INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
ManipulatingEdges– (1)WhenA grantsP toB,wedrawanedgefromAP *orAP **toBP.◦ OrtoBP *ifthegrantiswithgrantoption.
IfA grantsasubprivilegeQ ofP [sayUPDATE(a)onRwhenP isUPDATEONR]thentheedgegoestoBQ orBQ *,instead.
18INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
ManipulatingEdges– (2)Fundamentalrule:UserC hasprivilegeQ aslongasthereisapathfromXP **toCQ,CQ*,orCQ**,andP isasuperprivilegeofQ.◦ RememberthatP couldbeQ,andX couldbeC.
19INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
ManipulatingEdges– (3)IfA revokesP fromB withtheCASCADEoption,deletetheedgefromAPtoBP.
ButifA usesRESTRICTinstead,andthereisanedgefromBP toanywhere,thenrejecttherevocationandmakenochangetothegraph.
20INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
ManipulatingEdges– (4)Havingrevisedtheedges,wemustcheckthateachnodehasapathfromsome**node,representingownership.
Anynodewithnosuchpathrepresentsarevokedprivilegeandisdeletedfromthediagram.
21INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
Example:GrantDiagram
22
AP**
A owns theobject onwhich P isa privilege
BP*
A: GRANT PTO B WITHGRANT OPTION
CP*
B: GRANT PTO C WITHGRANT OPTION
CP
A: GRANT PTO C
INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY
Example:GrantDiagram
23
AP** BP* CP*
CP
A executesREVOKE P FROM B CASCADE;
However, C stillhas P without grantoption because ofthe direct grant.
Not only does B loseP*, but C loses P*.Delete BP* and CP*.
Even hadC passed Pto B, bothnodes arestill cut off.
INTRODUCTION TO DATABASE SYSTEMS, EECS-3421M PARKE GODFREY