Database Security and

Authorization

Kuribachew Gizaw(PhD)
Dec2023
Types of Database Security
Database security is a broad area that addresses many issues, including the following:
 Various legal and ethical issues regarding the right to access certain information—
for example, some information may be deemed to be private and cannot be accessed
legally by unauthorized organizations or persons
 Policy issues at the governmental, institutional, or corporate level as to what
kinds of information should not be made publicly available—for example, credit ratings
and personal medical records.
 System-related issues such as the system levels at which various security functions
should be enforced—for example, whether a security function should be handled at
the physical hardware level, the operating system level, or the DBMS level.
 The need in some organizations to identify multiple security levels and to
categorize the data and users based on these classifications—for example, top
secret, secret, confidential, and unclassified. The security policy of the organization
with respect to permitting access to various classifications of data must be enforced.
Threats to Databases.
Threats to databases can result in the loss or degradation of some or all of the
following commonly accepted CIA traids: integrity, availability, and confidentiality.
 Loss of integrity: Database integrity refers to the requirement that
information be protected from improper modification. Modification of data
includes creation, insertion, updating, changing the status of data, and
deletion.
 Loss of availability: Database availability refers to making objects available
to a human user or a program to which they have a legitimate right.
 Loss of confidentiality: Database confidentiality refers to the protection of
data from unauthorized disclosure. Unauthorized, unanticipated, or
unintentional disclosure could result in loss of public confidence,
embarrassment, or legal action against the organization.
Control Measures
 Four main control measures are used to provide security of data in
databases:
■ Access control
■ Inference control
■ Flow control
■ Data encryption
 Database Security and the DBA: The DBA is with the superuser
account, which provides powerful capabilities that are not made available
to regular database accounts and users. DBA-privileged commands include
commands for granting and revoking other privileges
DBA Activities
1. Account creation: This action creates a new account and password for a
user or a group of users to enable access to the DBMS.
2.Privilege granting: This action permits the DBA to grant certain
privileges to certain accounts.
3. Privilege revocation: This action permits the DBA to revoke (cancel)
certain privileges that were previously given to certain accounts.
4. Security level assignment This action consists of assigning user
accounts to the appropriate security clearance level.
How to create account access
privilege and revoke in SQL
Creating a user account
CREATE USER User_Name
IDENTIFIED BY Pass_Word

Granting a privilege
SELECT(retrieval or read) privilege on R. Gives the
account retrieval privilege.
InSQL this gives the account the privilege to use
theSELECT statement to retrieve tuples from R.
GRANT SELECT ON Table_Name TO User_Name
How to create account access
privilege and revoke in SQL ….
 Modification privileges on R. This gives the account the capability to
modify the tuples of R.
 In SQL this includes three privileges: UPDATE, DELETE, and INSERT.
These correspond to the three SQL commands.
 GRANT INSERT ON Table_Name TO User_Name
 GRANT UPDATE ON Table_Name TO User_Name
 GRANT DELETE ON Table_Name TO User_Name
 References privilege on R. This gives the account the capability to
reference (or refer to) a relation R when specifying integrity
constraints. This privilege can also be restricted to specific attributes
of R.
How to create account access
privilege and revoke in SQL ….
Revoking of Privileges
 REVOKESELECT ON Table_Name From
User_Name
 REVOKEINSERT ON Table_Name From
User_Name
 REVOKEUPDATE ON Table_Name From
User_Name
 REVOKEDELETE ON Table_Name From
User_Name
Object-oriented
Database
Reading Assignment
 Answer the following questions through reading your text from page 353-
413
 Discuss some of the features of OODB/OOPL like:-
 Object
 Class
 Encapsulation
 Inheritance
 Polymorphism
 Discuss the Similarity and difference of the Primary-key of RDBMs and OID
of OODB
 Use the Create type command to create the same Employee table which
you have created in RDBMS
 CREATE TYPE TYPE_NAME AS (<component declarations>);
Distributed
Database
Introduction

 A Distributed Database (DDB) is a collection of multiple logically

interrelated databases distributed over a computer network, and a
distributed database management system (DDBMS) as a software system
that manages a distributed database while making the distribution
transparent to the user.
 Distributed databases are different from Internet Web files. Web pages are
basically a very large collection of files stored on different nodes in a
network—the Internet—with interrelationships among the files
represented via hyperlinks.
 The common functions of database management, including uniform query
processing and transaction processing, do not apply to this scenario yet.
 The technology is, however, moving in a direction such that distributed
World Wide Web (WWW) databases will become a reality in the future.
Distributed Database minimum
criteria
 For a database to be called distributed, the following minimum
conditions should be satisfied:
■ Connection of database nodes over a computer network. There are
multiple computers, called sites or nodes. These sites must be connected by
an underlying communication network to transmit data and commands
among sites.
■ Logical interrelation of the connected databases. It is essential that
the information in the databases be logically related.
■ Absence of homogeneity constraint among connected nodes. It is
not necessary that all nodes be identical in terms of data, hardware, and
software.
Additional Functions of Distributed
Databases
■ Keeping track of data distribution. The ability to keep track of the data distribution,
fragmentation, and replication by expanding the DDBMS catalog.
■ Distributed query processing. The ability to access remote sites and transmit queries and
data among the various sites via a communication network.
■ Distributed transaction management. The ability to devise execution strategies for
queries and transactions that access data from more than one site and to synchronize the
access to distributed data and maintain the integrity of the overall database.
■ Replicated data management. The ability to decide which copy of a replicated data item
to access and to maintain the consistency of copies of a replicated data item.
■ Distributed database recovery. The ability to recover from individual site crashes and
from new types of failures, such as the failure of communication links.
■ Security. Distributed transactions must be executed with the proper management of the
security of the data and the authorization/access privileges of users.
■ Distributed directory (catalog) management. A directory contains information
(metadata) about data in the database. The directory may be global for the entire DDB, or local
for each site. The placement and distribution of the directory are design and policy issues.
Types of Distributed Databases
 Homogenous Distributed Database System In a homogeneous
distributed database system, all sites have identical database management
system software ,are aware of one another, and agree to cooperate in
processing users’ requests.
 Heterogeneous distributed database System, different sites
may use different schemas, and different database-
management system software. The sites may not be
aware of one another, and they may provide only limited
facilities for cooperation in transaction processing.
 The differences in schemas are often a major problem
for query processing, while the divergence in software
becomes a hindrance for processing transactions that
access multiple sites.
Distributed Data Storage
Consider a relation R that is to be stored in the database. There are two
approaches to storing this relation in the distributed database:
 Replication. The system maintains several identical replicas (copies) of the
relation, and stores each replica at a different site. The alternative to
replication is to store only one copy of relation R.
 Fragmentation. The system partitions the relation into several fragments,
and stores each fragment at a different site.
Data Transparency
 The user of a distributed database system should not be required to know
where the data are physically located nor how the data can be accessed at
the specific local site. This characteristic, called data transparency, can take
several forms:
 Fragmentation transparency. Users are not required to know how a
relation has been fragmented.
 Replication transparency. Users view each data object as logically unique.
The distributed system may replicate an object to increase either system
performance or data availability. Users do not have to be concerned with what
data objects have been replicated, or where replicas have been placed.
 Location transparency. Users are not required to know the physical
location of the data. The distributed database system should be able to find
any data as long as the data identifier is supplied by the user transaction.
Data Warehousing
and OLAP
Introduction
 Data warehouse is a subject-oriented, integrated, non-volatile, time-variant
collection of data in support of management’s decisions.
 Data warehouses provide access to data for complex analysis, knowledge
discovery, and decision making.
 They support high-performance demands on an organization’s data and
information. Several types of applications—OLAP, DSS, and data mining
applications—are supported.
 OLAP (online analytical processing)is a term used to describe the analysis of
complex data from the data warehouse. In the hands of skilled knowledge
workers, OLAP tools use distributed computing capabilities for analyses that
require more storage and processing power than can be economically and
efficiently located on an individual desktop.
Characteristics of Data Warehouse
 Data warehouses have the following distinctive characteristics:
■ Multidimensional conceptual view
■ Generic dimensionality
■ Unlimited dimensions and aggregation levels
■ Unrestricted cross-dimensional operations
■ Dynamic sparse matrix handling
■ Client-server architecture
■ Multiuser support
■ Accessibility
■ Transparency
■ Intuitive data manipulation
■ Consistent reporting performance
■ Flexible reporting
Functionality of a data warehouse
■ Roll-up. Data is summarized with increasing generalization (for example,
weekly to quarterly to annually).
■ Drill-down. Increasing levels of detail are revealed (the complement of rollup).
■ Pivot. Cross tabulation (also referred to as rotation) is performed.
■ Slice and dice. Projection operations are performed on the dimensions.
■ Sorting. Data is sorted by ordinal value