SystemSystem AspectsAspects ofof SQLSQL SQL Environment User Access Control SQL in Programming Environment Embedded SQL SQL and Java Transactions (Programmers View) SQLSQL Environment:Environment: IntroductionIntroduction SQL server Supports operations on database elements Typically runs on large host machine SQL client Supports user connections to server Runs on (different) host machine FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Connection Channel between client and server 2 SQLSQL Environment:Environment: IntroductionIntroduction Session All SQL operations performed while connection open Current catalog, current schema , authorized user SQL Environment SQL agent Connection SQL Server SQL Client Session FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Application Module: application program SQL agent: execution of module 3 SQLSQL Environment:Environment: ModuleModule TypesTypes Generic SQL Interface: Module: each query or statement Embedded SQL: SQL statements within host-language program SQL statements pre-processed to function calls Calls executed at run-time True modules: Collection of stored procedures FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Host language code, SQL code 4 SQLSQL Environment:Environment: PrivilegesPrivileges User Outside schema, handling implementation dependent Identification by Authorization ID (user name) Role Defines user group Inside schema, handling via SQL statements Identification by Authorization ID (role name) All users: special role PUBLIC Examples: FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz CREATE ROLE Customer; CREATE ROLE Secretary WITH ADMIN Klaus; CREATE ROLE Movie_staff; CREATE ROLE Shop_owner; 5 UserUser AccessAccess Control:Control: IntroductionIntroduction Secrecy: Users should not be able to see things they are not supposed to. e.g., A student can’t see other students’ grades. Integrity: Users should not be able to modify things they are not supposed to. e.g., Only instructors can assign grades. FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Availability: Users should be able to see and modify things they are allowed to. 6 UserUser AccessAccess Control:Control: IntroductionIntroduction Security policy specifies authorization Security mechanism enforces a security policy Two mechanisms at DBMS level Discretionary access control Concept of privileges for objects (tables and views) Mechanisms for giving and revoking users privileges FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Mandatory access control System-wide policies for DBS DB object have security class Rules on security classes govern access Used for specialized (e.g., military) applications 7 UserUser AccessAccess Control:Control: PrivilegesPrivileges Privileges Right to perform SQL statement type on objects Assigned to roles (authorization IDs) Creator of object: all privileges DBMS: management of privileges and access rights Privilege types: SELECT on table or view INSERT on table or view DELETE on table or view FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz UPDATE on table or view REFERENCES: right to refer to relation in constraint USAGE: (SQL-92) right to use specified domain ALL PRIVILEGES: short form for all privileges 8 UserUser AccessAccess Control:Control: PrivilegesPrivileges Example INSERT INTO Format(name) SELECT format FROM Tape t WHERE t.format NOT IN (SELECT name FROM format); Privileges: SELECT on Tape SELECT on Format FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz INSERT on Format 9 UserUser AccessAccess Control:Control: PrivilegesPrivileges Grant privilege GRANT <privileges> ON <object> TO <users> [WITH GRANT OPTION] GRANT OPTION: Right to pass privilege on to other users Only owner can execute CREATE, ALTER, and DROP Privilege to SELECT particular columns in a table FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz GRANT <privileges> ON <tablename(<attributenames>)> TO <users> [WITH GRANT OPTION] 10 UserUser AccessAccess Control:Control: PrivilegesPrivileges Examples: GRANT INSERT, SELECT ON Movie TO Klaus Klaus can query Movie or insert tuples into it. GRANT DELETE ON Movie TO shop_owner WITH GRANT OPTION Anna can delete tuples, and also authorize others to do so GRANT UPDATE (pricePDay) ON Movie TO movie_staff Staff can update (only) the price field of Movie tuples FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz GRANT SELECT ON MovieView TO Customers This does NOT allow the customers to query Movie directly! 11 UserUser AccessAccess Control:Control: PrivilegesPrivileges onon viewsviews Creator has privilege on view if privilege on all underlying tables Creator loses SELECT privilege on underlying table ⇒ view is dropped Creator loses a privilege on underlying table ⇒ creator loses privilege on view FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Creator loses a privilege held with grant option on underlying table ⇒ users who were granted that privilege on the view lose privilege on view 12 UserUser AccessAccess Control:Control: PrivilegesPrivileges Core Revoke privilege SQL:1999 REVOKE <privileges> ON <object> FROM <users> RESTRICT RESTRICT: only revoke if non of the privileges have been granted by these users FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Privilege given from different users – must be revoked from all users to loose privilege 13 UserUser AccessAccess Control:Control: ExamplesExamples Owner: GRANT Update ON Movie TO Klaus; Owner: GRANT Update ON Movie TO Anna; owner Klaus Anna Movie Priv Priv Priv Owner: REVOKE Update ON Movie FROM Klaus RESTRICT; owner Klaus Anna FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Movie Priv Priv 14 UserUser AccessAccess Control:Control: ExamplesExamples Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION; Klaus: GRANT Update ON Movie TO Anna; owner Klaus Anna Movie Priv Priv Priv Grant Owner: REVOKE Update ON Movie FROM Klaus RESTRICT; owner Klaus Anna FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Movie Priv Priv Priv Grant Command fails ! 15 UserUser AccessAccess Control:Control: PrivilegesPrivileges enhanced Revoke privilege SQL:1999 REVOKE [GRANT OPTION FOR] <privileges> ON <object> FROM <users> {RESTRICT | CASCADE} CASCADE: revoke from all users that have been granted the privilege by these users RESTRICT: only revoke if non of the privileges have been FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz granted by this user 16 UserUser AccessAccess Control:Control: ExamplesExamples Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION; Klaus: GRANT Update ON Movie TO Anna; owner Klaus Anna Movie Priv Priv Priv Grant Owner: REVOKE Update ON Movie FROM Klaus CASCADE; owner Klaus Anna FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Movie Priv 17 UserUser AccessAccess Control:Control: ExamplesExamples Owner: GRANT Update ON Movie TO Klaus WITH GRANT OPTION; Klaus: GRANT Update ON Movie TO Anna; owner Klaus Anna Movie Priv Priv Priv Grant Owner: REVOKE GRANT OPTION FOR Update ON Movie FROM Klaus CASCADE; owner Klaus Anna FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Movie Priv Priv 18 UserUser AccessAccess Control:Control: ExamplesExamples Owner: GRANT Update ON Movie TO Klaus WITH GRAND OPTION; Owner: GRANT Update ON Movie TO Anna; Klaus: GRANT Update ON Movie TO Anna; owner Klaus Anna Movie Priv Priv Priv Owner: REVOKE GRANT OPTION FOR Update ON Movie FROM Klaus CASCADE; FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz owner Klaus Anna Movie Priv Priv 19 UserUser AccessAccess Control:Control: ObjectObject ownersowners Schema owner: Right for create, drop, alter (no privilege, not grantable) All privileges on schema objects Object creator/owner: Create statement: current authorizationID is owner Enhanced SQL:1999 : owner needn't be creator Current user privileges in Oracle: SQL> SELECT * FROM session_privs; FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz SQL> SELECT * FROM session_privs; PRIVILEGEPRIVILEGE -------------------------------------------------------------------------------- CREATECREATE SESSIONSESSION ALTERALTER SESSIONSESSION CREATECREATE TABLETABLE ........ 20 SQLSQL inin Programs:Programs: IntroductionIntroduction SQL Sub-language for data access Efficient database operations Host language: Control structures Complex computations User interface: output formatting, forms Transactions: DB interactions as unit of work FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz SQL and host language needed 21 SQLSQL inin Programs:Programs: ImpedanceImpedance MismatchMismatch Impedance Mismatch: differing data model of SQL and host language Problems: Set oriented operations vs manipulation of individuals Interconnection of program variables and SQL statements Compilation time of embedded SQL-statements FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz 22 SQLSQL inin Programs:Programs: Program/DBSProgram/DBS CommunicationCommunication 1. Fourth Generation Languages (4GL) Decreasing importance 2. Module Languages Standardized in SQL:1999 3. Call level interface Most important approach Standardized in SQL:1999 FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz 4. Component architectures Hiding the details of DB interaction Example: Enterprise Java Beans (EJB) 23 SQLSQL inin Programs:Programs: 1.1. 4GL4GL Underlying assumption: application programs algorithmically simple sophisticated output formatting needed difficult to switch between different DBS Technical concept: Client workstation (presentation, Database server requests, GUI) FU-Berlin, DBS IDBS 2006, Hinze/FU-Berlin, Scholz Proprietary protocol Decreasing importance