Scribd
Upload
4 views

Post-class Assignment Security and Access Control

Uploaded by

A Crazy Chipmunk
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
4 views

Post-class Assignment Security and Access Control

Uploaded by

A Crazy Chipmunk
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Post-class assignment

(Security and access control)

You will need to submit this assignment through Gradescope. The assignment will be
autograded, and you can submit as many times as you wish before the deadline. The last
submission is the one that will count, so make sure it contains all your responses.

1. Q1: Your database contains a role called doctor. You need to create two users who
have that role.
Submit your statements in file Q1.sql.

2. Q2: Your database contains a role called nurse and many users who have that role.
One of the users in the system is jackie. You need to write statements to implement
the following privileges: All nurses should have read access to the shifts table; Jackie
happens to be a nurse, but also has administrative duties and should be able to update,
insert, and delete from the shifts table.
Submit all needed statements in file Q2.sql.

1
CMPSCI 345 Pre-class assignment Security and access control

3. Q3: You created a guest user in Postgres with the command CREATE USER guest. In-
dicate whether the following statement is true or false: By default, the user guest will
have access to all the tables in the database, until you restrict access with appropriate
GRANT statements.
Format your answer in a query as follows:

SELECT answer

where answer is true or false, e.g., SELECT true. Submit your answer as a query in
file Q3.sql.

4. Q4: You successfully executed the following commands in your Postgres database:

CREATE USER researcher1 IN ROLE researcher;


GRANT SELECT ON DiseaseResearch TO researcher;
GRANT SELECT ON Voter TO PUBLIC;

Indicate whether the following statement is true or false: The user researcher1 can join
tables DiseaseResearch and Voter.
Format your answer in a query as follows:

SELECT answer

where answer is true or false, e.g., SELECT true. Submit your answer as a query in
file Q4.sql.

5. Q5: The users table, which is part of the backend database accessed in our SQL injection
tutorial (see this week’s activity sheet), contains a user whose username starts with ‘r’.
Use the tutorial’s online interface to “hack” the database and retrieve the full user name.
Format your answer in a query as follows:

SELECT ‘answer’

where answer is the username, e.g., SELECT ‘ruby’. Submit your answer as a query in
file Q5.sql.

Page 2

You might also like