Scribd
Upload
64 views10 pages

Data Control Language: - Objectives

This document discusses data control language (DCL) and security mechanisms in relational database management systems (RDBMS). It covers identifying users, privileges that can be granted, and the GRANT and REVOKE statements used to manage privileges. Privileges include permissions for SQL statements like SELECT, INSERT, and DELETE, as well as permissions to create database objects. Privileges can be granted directly on tables or indirectly through other database objects. All privilege information is stored in the system catalogue.

Uploaded by

MAHESH BHANDARI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
64 views10 pages

Data Control Language: - Objectives

This document discusses data control language (DCL) and security mechanisms in relational database management systems (RDBMS). It covers identifying users, privileges that can be granted, and the GRANT and REVOKE statements used to manage privileges. Privileges include permissions for SQL statements like SELECT, INSERT, and DELETE, as well as permissions to create database objects. Privileges can be granted directly on tables or indirectly through other database objects. All privilege information is stored in the system catalogue.

Uploaded by

MAHESH BHANDARI
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 10

Data Control Language

• Objectives
– To learn about the security mechanisms implemented in an RDBMS
and how to use them
• Contents
– Identifying Users
– Privileges
– The GRANT Statement
– The REVOKE Statement
– The System Catalogue

DCL/1
Using Bulk Insert Statement
insert into
`shippers`(`ShipperID`,`CompanyName`,`Phone`) values
(1,'Speedy Express','(503) 555-9831'),
(2,'United Package','(503) 555-3199'),
(3,'Federal Shipping','(503) 555-9931');

DCL/2
Identifying Users

Sales
Admin

FRED
DCL/3
Privileges
• Allowable Privileges
– SELECT, INSERT, UPDATE, DELETE
– CREATE Table, View, Procedure, Trigger, Rule, Default
• The owner/creator of a table automatically has all the
privileges

DCL/4
Direct Privileges

Customers Orders Products Staff

DCL/5
Indirect Privileges

User

Program

Administrator

Customers Orders Products Staff

DCL/6
Privileges
CREATE USER 'jeffrey'@'localhost' IDENTIFIED BY
'password';
GRANT ALL ON db1.* TO 'jeffrey'@'localhost';
GRANT SELECT ON db2.invoice TO 'jeffrey'@'localhost';
ALTER USER 'jeffrey'@'localhost' WITH
MAX_QUERIES_PER_HOUR 90;
DROP USER ''@'localhost';

DCL/7
GRANT/ REVOKE
• GRANT privilege ON tablename TO list
[ WITH GRANT OPTION]

• For example
GRANT ALL ON dept TO John
GRANT SELECT ON dept TO sally WITH GRANT OPTION
GRANT SELECT, UPDATE, INSERT ON dept TO Jim, Mike, Howard

REVOKE privilege ON tablename FROM list [CASCADE]


e.g REVOKE SELECT ON dept FROM Sally CASCADE

• However largely done these days via checkboxes in grids in


GUI admin tools

DCL/8
Non-ANSI Privileges
• Sample Non ANSI Table Privileges
GRANT ALTER ON dept TO Sally
GRANT INDEX ON dept TO John

• Sample Non ANSI Database Privileges


GRANT CONNECT ON database TO John, Ann
GRANT RESOURCE TO Alex
GRANT DBA TO Simon

DCL/9
Summary
• Identifying Users
– Users in the system can be grouped together to make security handling
easier
• Privileges
– Permissions can be granted at several levels and can be granted
directly or indirectly using views and stored procedures
• The GRANT Statement
– Is used to give people permissions on database objects
• The REVOKE Statement
– Is used to take permissions away
• The System Catalogue
– All information about permissions is stored within the catalogue

DCL/10

You might also like