Scribd
Upload
51 views5 pages

11 Authorization

Uploaded by

Rubak Daniel W
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
51 views5 pages

11 Authorization

Uploaded by

Rubak Daniel W
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

Authorization

Forms of authorization on parts of the database:


• Read - allows reading, but not modification of data.
• Insert - allows insertion of new data, but not modification of
existing data.
• Update - allows modification, but not deletion of data.
• Delete - allows deletion of data.

Forms of authorization to modify the database schema :


• Index - allows creation and deletion of indices.
• Resources - allows creation of new relations.
• Alteration - allows addition or deletion of attributes in a relation.
• Drop - allows deletion of relations.
Authorization Specification in SQL
• The grant statement is used to confer authorization
grant <privilege list>
on <relation name or view name> to <user list>
• <user list> is:
– a user-id
– public, which allows all valid users the privilege granted
– A role
• Granting a privilege on a view does not imply granting
any privileges on the underlying relations.
• The grantor of the privilege must already hold the
privilege on the specified item (or be the database
administrator).
Privileges in SQL
• select: allows read access to relation,or the
ability to query using the view
– Example: grant users U1, U2, and U3 select
authorization on the branch relation:
grant select on branch to U1, U2, U3
• insert: the ability to insert tuples
• update: the ability to update using the SQL
update statement
• delete: the ability to delete tuples.
• all privileges: used as a short form for all the
allowable privileges
Revoking Authorization in SQL
• The revoke statement is used to revoke
authorization.
revoke <privilege list>
on <relation name or view name> from <user list>
• Example:
revoke select on branch from U1, U2, U3
• All privileges that depend on the privilege being
revoked are also revoked.
• <privilege-list> may be all to revoke all privileges
the revokee may hold.
• If the same privilege was granted twice to the
same user by different grantees, the user may
retain the privilege after the revocation.
Updates Through Cursors
● Can update tuples fetched by cursor by declaring that the cursor is for update
declare c cursor for
select *
from account
where branch_name = ‘Perryridge’
for update
● To update tuple at the current location of cursor c
update account
set balance = balance + 100
where current of c

You might also like