SystemSystem AspectsAspects ofof SQLSQL

SQL Environment User Access Control SQL in Programming Environment Embedded SQL SQL and Java Transactions (Programmers View) SQLSQL Environment:Environment: IntroductionIntroduction

SQL server
Supports operations on database elements
Typically runs on large host machine

SQL client
Supports user connections to server
Runs on (different) host machine FU-Berlin, DBS I 2006, Hinze / Scholz FU-Berlin,/ Hinze 2006, DBS I
Connection
Channel between client and server

2 SQLSQL Environment:Environment: IntroductionIntroduction

Session
All SQL operations performed while connection open
Current catalog, current schema , authorized user

SQL Environment SQL agent

Connection SQL Server SQL Client Session FU-Berlin, DBS I 2006, Hinze / Scholz FU-Berlin,/ Hinze 2006, DBS I

Application
Module: application program
SQL agent: execution of module

3 SQLSQL Environment:Environment: ModuleModule TypesTypes

Generic SQL Interface:
Module: each query or statement

Embedded SQL:
SQL statements within host-language program
SQL statements pre-processed to function calls
Calls executed at run-time

True modules:
Collection of stored procedures FU-Berlin, DBS I 2006, Hinze / Scholz FU-Berlin,/ Hinze 2006, DBS I
Host language code, SQL code

4 SQLSQL Environment:Environment: PrivilegesPrivileges

User
Outside schema, handling implementation dependent
Identification by Authorization ID (user name)

Role
Defines user group
Inside schema, handling via SQL statements
Identification by Authorization ID (role name)
All users: special role PUBLIC
Examples: FU-Berlin, DBS I 2006, Hinze / Scholz FU-Berlin,/ Hinze 2006, DBS I CREATE ROLE Customer; CREATE ROLE Secretary WITH ADMIN Klaus; CREATE ROLE Movie_staff; CREATE ROLE Shop_owner;

5 UserUser AccessAccess Control:Control: IntroductionIntroduction

Secrecy:
Users should not be able to see things they are not supposed to.
e.g., A student can’t see other students’ grades.

Integrity:
Users should not be able to modify things they are not supposed to.
e.g., Only instructors can assign grades.

FU-Berlin, DBS I 2006, Hinze / Scholz FU-Berlin,/ Hinze 2006, DBS I
Availability:
Users should be able to see and modify things they are allowed to.

6 UserUser AccessAccess Control:Control: IntroductionIntroduction

Security policy specifies authorization
Security mechanism enforces a security policy

Two mechanisms at DBMS level

Discretionary access control
Concept of privileges for objects (tables and views)
Mechanisms for giving and revoking users privileges

FU-Berlin, DBS I 2006, Hinze / Scholz FU-Berlin,/ Hinze 2006, DBS I Mandatory access control
System-wide policies for DBS
DB object have security class
Rules on security classes govern access
Used for specialized (e.g., military) applications

7 UserUser AccessAccess Control:Control: PrivilegesPrivileges

Privileges
Right to perform SQL statement type on objects
Assigned to roles (authorization IDs)
Creator of object: all privileges
DBMS: management of privileges and access rights

Privilege types:
SELECT on table or view
INSERT on table or view
DELETE on table or view FU-Berlin, DBS I 2006, Hinze / Scholz FU-Berlin,/ Hinze 2006, DBS I
UPDATE on table or view
REFERENCES: right to refer to relation in constraint
USAGE: (SQL-92) right to use specified domain
ALL PRIVILEGES: short form for all privileges

8 UserUser AccessAccess Control:Control: PrivilegesPrivileges

Example INSERT INTO Format(name) SELECT format FROM Tape t WHERE t.format NOT IN (SELECT name FROM format);

Privileges:
SELECT on Tape
SELECT on Format FU-Berlin, DBS I 2006, Hinze / Scholz FU-Berlin,/ Hinze 2006, DBS I
INSERT on Format

9 UserUser AccessAccess Control:Control: PrivilegesPrivileges

Grant privilege

GRANT ON