Access Control & Views

Reading: C&B, Chap 7

Dept of Computing Science, University of Aberdeen 2

In this lecture you will learn

• the principles of object ownership & privileges

• how virtual tables (views) are defined

• how views can be implemented• how views & privileges may be

combined to provide access control

Dept of Computing Science, University of Aberdeen 3

The Importance of Views & Privileges

• In large organisations, DBMSs are used by a range of staff:– directors, managers, analysts, engineers,

personnel, secretarial, etc.

• Consequently, access to data in different tables may need to be controlled to:– provide access to authorised users– restrict access to unauthorised users– enforce business rules or government

regulations

• Views & privileges can help implement access control ...

Dept of Computing Science, University of Aberdeen 4

SQL's Access Control Model

• Access Control in SQL is similar to multi-user operating systems (e.g. Unix, Windows, ...)

• A user supplies an Authorisation Id and password to the DBMS

• The DBMS opens a session for the user• The DBMS runs SQL statements on behalf of the

user• The user becomes the owner of any objects he

creates• By default, only the owner may access his objects• The owner may grant and revoke access

privileges to other users

Dept of Computing Science, University of Aberdeen 5

Granting Privileges

GRANT { PrivilegeList | ALL PRIVILEGES } ON ObjectNameTO { AuthIdList | PUBLIC } [ WITH GRANT OPTION

]

• where (typically):– ObjectName is a table– PrivilegeList may be a combination of:

• SELECT, INSERT, UPDATE, DELETE (can specify column names)

• REFERENCES (column names referenced by integrity constraints)

• USAGE (use of domain definitions)

Dept of Computing Science, University of Aberdeen 6

Examples of UsingSQL Access Control

• Allow any member of staff (with an Auth ID) to access the Client table:

GRANT ALL PRIVILEGES ON Client TO PUBLIC

• Allow only personnel staff to hire staff or to change their salaries:

GRANT SELECT, INSERT, UPDATE (Salary) ON Staff TO personnel

• Privileges are revoked in a similar manner:

REVOKE { PrivilegeList | ALL PRIVILEGES }ON ObjectNameFROM { AuthIdList | PUBLIC } [ RESTRICT | CASCADE ]

Dept of Computing Science, University of Aberdeen 7

What are Views?

• A view is a virtual table, constructed from base tables

• Only the definition of a view is stored permanently

• A view is realised dynamically when it is first referenced

• Views are manipulated like other DBMS objects: CREATE VIEW ViewName ... (next slide) DROP VIEW ViewName GRANT ALL PRIVILEGES ON ViewName TO PUBLIC REVOKE ALL PRIVILEGES ON ViewName FROM PUBLIC

Dept of Computing Science, University of Aberdeen 8

Creating Views - Horizontal Views

• A horizontal view restricts the rows that may be seen:

CREATE VIEW Manager3Staff ASSELECT * FROM Staff WHERE BranchNo = 'B003';

• Then...SELECT * FROM Manager3Staff;

Manager3Staff

StaffNo Fname Lname Position Sex Salary BranchNo

SG37 Ann Beech Assistant F 12000 B003

SG5 Susan Brand Manager F 24000 B003

Dept of Computing Science, University of Aberdeen 9

Creating Views - Vertical Views

• A vertical view restricts the columns that may be seen:CREATE VIEW Staff3 ASSELECT StaffNo, Fname, Lname, Position FROMManager3Staff;

• Then...SELECT * FROM Staff3;

Staff3

StaffNo Fname Lname PositionSG37 Ann Beech Assistant

SG5 Susan Brand Manager

Dept of Computing Science, University of Aberdeen 10

General Syntax for Creating Views

• General syntax:CREATE VIEW ViewName [ (NewColNames) ] ASSubSelect;

• The SubSelect clause is called the defining query

• To create a view, a user must have SELECT privilege on the base tables

• Once created, views often behave like ordinary base tables ...

• Views can be used in SELECT or JOIN clauses• Views can be updated (with some

restrictions)

Dept of Computing Science, University of Aberdeen 11

Final ExampleGrouped & Joined Views

• Views can be used to help simplify complex queries

• Example: create a view showing the number of properties managed by each member of staff and the branches they work at:

CREATE VIEW StaffProperties (StaffNo, BranchNo,Properties) ASSELECT s.StaffNo, s.BranchNo, COUNT (*)FROM Staff s, PropertyForRent pWHERE s.StaffNo = p.StaffNoGROUP BY s.BranchNo, s.StaffNo;

• Can now query StaffProperties as if its a base tableSELECT * FROM StaffProperties;

Dept of Computing Science, University of Aberdeen 12

How Are Views Implemented?

• Most DBMSs implement views using view resolution:

• SQL re-writes the view references back to the underlying base tables (the algorithm is given in C&B Ch.6 p 180)

• The alternative is view materialisation:• SQL populates a temporary table when the view

is first referenced• However, keeping the temporary table up-to-date

can be difficult...• View materialisation is an active area of DB

research

Dept of Computing Science, University of Aberdeen 13

How to Access Other Users' Objects

• In SQL, the full name of a table has the form:server.schema.owner.table

• If the System Administrator (user 'sa') owns all of the DreamHome tables, and user 'sbrand' manages Branch 3,

• The sa might enter:USE Dreamhome;GRANT SELECT ON Manager3Staff TO sbrand;

• Then, user sbrand could reference the view as:SELECT * FROM Dreamhome.sa.Manager3Staff;

• Or equally:SELECT * FROM Dreamhome.Manager3Staff;

Dept of Computing Science, University of Aberdeen 14

Restrictions on Views

• With views, some queries are not permitted:– Queries that resolve to nested aggregates– Queries that give aggregates in a WHERE clause

• Views can be updated provided:– There are no aggregates in the columns to be

updated– There are no GROUP BY or HAVING clauses– The view contains only one source table with no

nested SELECTs

Dept of Computing Science, University of Aberdeen 15

Updating ViewsAn Important Subtlety

• SQL allows a view to be updated provided the changed rows in the base tables still satisfy all of the conditions of the defining query's WHERE clause.

• For example:UPDATE Manager3Staff SET BranchNo = 'B005'WHERE StaffNo = 'SG37';

• This would fail because the modified row (BranchNo = 'B005') would no longer be selected by the view definition (WHERE BranchNo = 'B003').– View updates may not allow rows to migrate into or out of

the view – Can exploit this behaviour to help enforce DB integrity– Put domain/business constraints into the view definition &

only update views

Dept of Computing Science, University of Aberdeen 16

Summary of Views

• Advantages:– Views help provide granularity of access

control– Views can help reduce complexity and improve

access control– Views can help maintain DB integrity (e.g. by

doing updates via views)• Disadvantages:

– There are some restrictions on their use– Resolution method can cause a performance

penalty– Materialisation method can cause consistency

problems

Dept of Computing Science, University of Aberdeen 17

SQL - Overall Summary

• SQL is a powerful relational DB query language

• SQL is declarative, not procedural (e.g. no variables)

• SQL is showing its age ... (e.g. quirky syntax, bolted-on features)

• ANSI SQL resolves some inconsistencies between DBMS vendors

• But despite being over 25 years old...• SQL remains THE ‘world-standard’ for

DBMSs