SlideShare a Scribd company logo

UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf

K
KavitaShinde26

This document provides an overview of database integrity and security concepts. It discusses domain constraints and referential integrity, which enforce data validity. It then covers database security topics like authentication, access control using methods like discretionary access control and mandatory access control. Role-based access control is described for assigning user permissions. The use of views for security enforcement and an overview of encryption techniques like symmetric and public key encryption are also summarized. The document is presented as part of a course on database concepts by an assistant professor.

Technology
Related topics:
Access Control Overview
1 of 23
1
2
3
4
5
6
7
8
Most read
9
Most read
10
11
12
13
14
15
Most read
16
17
18
19
20
21
22
23
Unit 3 Database Integrity and Security Concepts By Kavita Shinde Asst. Professor Computer Science MITACSC, Alandi Pune.
Content: 3.1 Domain constraints 3.2 Referential Integrity 3.3 Introduction to database security concepts 3.4 Methods for database security 3.4.1Discretionary access control method 3.4.2Mandatory access control 3.4.3. Role base access control for multilevel security. 3.5 Use of views in security enforcement. 3.6 Overview of encryption technique for security. 3.7 Statistical database security.
3.1 Domain constraints -Are most elementary form of integrity constraint. -Every domain must contain atomic values. -It makes sure that the data value entered for that particular column matches with the data type defined for that column.
3.2 Referential Integrity: -Also known as foreign key constraint. -A foreign key is a key whose values are derived from the Primary key of another table. -The table containing the foreign key is called the child table. -The table containing the Primary key/candidate key is called the referenced or parent table. -Rules : -A record cannot be deleted from a primary table if matching records exist in a related table. -A primary key value cannot be changed in the primary table if that record has related records. -A value cannot be entered in the foreign key field of the related table that doesn't exist in the primary key of the primary table. -A Null value can be entered in the foreign key, specifying that the records are unrelated. Insert Constraint: Value cannot be inserted in CHILD Table if the value is not lying in MASTER Table Delete Constraint: Value cannot be deleted from MASTER Table if the value is lying in CHILD Table
Ex:
3.3 Introduction to database security concepts: Threats to Databases: Threats to databases can result in the loss or degradation of some or all of the following commonly accepted security goals: integrity, availability, and confidentiality. (1)Loss of integrity: -Database integrity refers to the requirement that information be protected from improper modification. -Integrity is lost if unauthorized changes are made to the data by either intentional or accidental acts. (2)Loss of availability: Refers to making objects available to a human user or a program to which they have a legitimate right. (3)Loss of confidentiality: Refers to the protection of data from unauthorized disclosure.
3.3 Introduction to database security concepts: -Database Security: -Keep sensitive information safe and prevent the loss of data. -Security of data base is controlled by Database Administrator (DBA). -The following are the main control measures are used to provide security of data in databases: 1. Authentication 2. Access control 3. Inference control 4. Flow control 5. Database Security applying Statistical Method 6. Encryption
1.Authentication : [Login Process] -Used to protect database against unauthorized access. -A user can gain access to the database after clearing the login process through only valid user accounts. -Each user account is password protected. 2.Access control : [User Accounts] -The security mechanism of DBMS must include some provisions for restricting access to the data base by unauthorized users. -Access control is done by creating user accounts and to control login process by the DBMS. -Database access of sensitive data is possible only to those people (database users) who are allowed to access such data and to restrict access to unauthorized persons. 3.Inference control : -This method protect the sensitive information from indirect disclosure.
4.Flow control : -Distributed systems encompass a lot of data flow from one site to another and also within a site. -Flow control prevents data from being transferred in such a way that it can be accessed by unauthorized agents. 5.Database Security applying Statistical Method : -Statistical database security focuses on the protection of confidential individual values stored in and used for statistical purposes and used to retrieve the summaries of values based on categories. -They do not permit to retrieve the individual information. 6.Encryption: -Data encryption refers to coding data when sensitive data is to be communicated over public channels. -Even if an unauthorized agent gains access of the data, he cannot understand it since it is in an incomprehensible format.
3.3 Introduction to database security concepts: Database Security and the DBA -The DBA is responsible for the overall security of the database system. -The DBA’s responsibilities include granting and revoking privileges to users. Account creation: This action creates a new account and password for a user or a group of users to enable access to the DBMS. Privilege granting: This action permits the DBA to grant certain privileges to certain accounts. Privilege revocation: This action permits the DBA to revoke (cancel) certain privileges that were previously given to certain accounts. Security level assignment: This action consists of assigning user accounts to the appropriate security clearance level.
Ex: (1)GRANT Command: GRANT privilege [, ...] ON object [, ...] TO { PUBLIC | GROUP group | username } privilege : values could be: SELECT, INSERT, UPDATE, DELETE, ALL,etc. object : The name of an object to which to grant access (table, view, sequence) PUBLIC: To all users. GROUP group : A group to whom to grant privileges. Username: The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.
Ex: (1)Revoke Command: REVOKE privilege [, ...] ON object [, ...] FROM { PUBLIC | GROUP groupname | username } privilege : values could be: SELECT, INSERT, UPDATE, DELETE, RULE, ALL. object : The name of an object to which to grant access. The possible objects are: table, view, sequence PUBLIC: A short form representing all users. GROUP group : A group to whom to grant privileges. Username: The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.
Ex: (1)testdb=# CREATE USER manisha WITH PASSWORD 'password'; CREATE ROLE (2)testdb=# GRANT ALL ON COMPANY TO manisha; GRANT (3)testdb=# REVOKE ALL ON COMPANY FROM manisha; REVOKE (4)testdb=# DROP USER manisha; DROP ROLE
3.4 Methods for database security: -Regulates which users, applications, and devices can view, edit, add, and delete resources in an organization’s environment. -Controlling access is one of the key practices to protect sensitive data from theft, misuse, abuse, and any other threats.
3.4.1 Discretionary access control : (identity-based access control model ) -Provides users a certain amount of control over their data. -Data owners (or any users authorized to control data) can define access permissions for specific users or groups of users. -DAC is quite a popular model because it allows a lot of freedom for users and doesn’t cause administrative overhead. -User 1 can’t grant access rights that exceed their own. For example, if user 1 can only read a document, they can’t allow user 2 to edit it.
3.4.2 Mandatory access control: -MAC is considered the most secure of all access control models. -Access rules are manually defined by system administrators and strictly enforced by the operating system or security kernel. -Regular users can’t alter security attributes even for data they’ve created.
3.4.3 Role-based access control: -Also known as Non discretionary Access Control, takes more of a real world approach to structuring access control. -Access under RBAC is based on a user's job function within the organization to which the computer system belongs. -Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role. -For example, an accountant in a company will be assigned to the Accountant role, gaining access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be assigned to the developer role. Roles differ from groups in that while users may belong to multiple groups, a user under RBAC may only be assigned a single role in an organization. Additionally, there is no way to provide individual users additional permissions over and above those available for their role. The accountant described above gets the same permissions as all other accountants, nothing more and nothing less.
3.5 Use of views in security enforcement: Rather than granting users privileges on a particular table, you can give them access to a view of the table. Views add two more levels of security: -A view can limit access to only selected columns of the base table. -A view can provide value-based security for the information in a table. Thus a WHERE clause in the definition of a view can display only selected rows of a base table. -Types of views : Read-only View : Allows only SELECT operations. Updateable View : Allows SELECT as well as INSERT , UPDATE and DELETE operations.
-Syn: (1) Read Only View: CREATE <OR REPLACE> VIEW <ViewName> AS SELECT <ColumnName1 >, <ColumnName2> FROM <TableName> WHERE <ColumnName> = < Expression List> <WITH READ ONLY> ; -Ex: create view stu as select enroll,name from student; (2) Updateable View: update stu set name='xyz' where enroll=4866; drop view stu; -Dropping View: drop view stu;
3.6 Overview of encryption technique for security: -Encryption is a security method in which information is encoded in such a way that only authorized user can read it. -It uses encryption algorithm to generate cipher text that can only be read if decrypted. Types of Encryption There are two types of encryptions schemes as listed below: Symmetric Key encryption Public Key encryption
(1)Symmetric Key encryption: Symmetric key encryption algorithmuses same cryptographic keys for both encryption and decryption of cipher text. Ex: DES(Data Encryption Standard) (2)Public Key encryption: Public key encryption algorithm uses pair of keys, one of which is a secret key and one of which is public. These two keys are mathematically linked with each other. Ex: RSA (Rivest, Shamir, and Adheman) algorithm and Diffie– Hellman algorithm.
3.7 Statistical database security: -A statistical database (SDB) is one that provides data of a statistical nature, such as counts and averages. -The term statistical database is used in two contexts: Pure statistical database: -This type of database only stores statistical data. -An example is a census database. -Access control for a pure SDB is straightforward. -Certain users are authorized to access the entire database. Ordinary database with statistical access: -This type of database contains individual entries. -The database supports a population of nonstatistical users who are allowed access to selected portions of the database using DAC, RBAC, or MAC. -In addition, the database supports a set of statistical users who are only permitted statistical queries.
3.6 Overview of encryption technique for security:

More Related Content

PDF
UNIT 2- TRANSACTION CONCEPTS AND CONCURRENCY CONCEPTS (1).pdf
KavitaShinde26
 
PDF
UNIT 1- RELATIONAL DATABASE DESIGN USING PLSQL.pdf
KavitaShinde26
 
PDF
UNIT 4- CRASH AND RECOVERY.pdf
KavitaShinde26
 
PPTX
Protection and security
mbadhi
 
PPTX
Naming Entities and Locating Mobile Entities
Rajat Kumar
 
PPTX
455845434-Chapter-2-Cyber-Security-pptx.pptx
DrVPadmavathiAssocia
 
PPTX
Bayesian Belief Network and its Applications.pptx
SamyakJain710491
 
DOC
Naming in Distributed System
MNM Jain Engineering College
 
UNIT 2- TRANSACTION CONCEPTS AND CONCURRENCY CONCEPTS (1).pdf
KavitaShinde26
 
UNIT 1- RELATIONAL DATABASE DESIGN USING PLSQL.pdf
KavitaShinde26
 
UNIT 4- CRASH AND RECOVERY.pdf
KavitaShinde26
 
Protection and security
mbadhi
 
Naming Entities and Locating Mobile Entities
Rajat Kumar
 
455845434-Chapter-2-Cyber-Security-pptx.pptx
DrVPadmavathiAssocia
 
Bayesian Belief Network and its Applications.pptx
SamyakJain710491
 
Naming in Distributed System
MNM Jain Engineering College
 

What's hot (20)

PPT
Protection and Security in Operating Systems
vampugani
 
PPT
Directory and discovery services
RamchandraRegmi
 
PPTX
IP Security
Keshab Nath
 
PPTX
View of data DBMS
Rahul Narang
 
PPT
DB security
ERSHUBHAM TIWARI
 
PPTX
File sharing
janani thirupathi
 
PPTX
Security Mechanisms
priya_trehan
 
PDF
Distributed Operating System_1
Dr Sandeep Kumar Poonia
 
PDF
8. mutual exclusion in Distributed Operating Systems
Dr Sandeep Kumar Poonia
 
PPTX
Kernel I/O subsystem
AtiKa Bhatti
 
PPTX
Secure Hash Algorithm
Vishakha Agarwal
 
PPT
Sql Server Security
Vinod Kumar
 
PPTX
Threads (operating System)
Prakhar Maurya
 
PPT
Java Servlets
BG Java EE Course
 
PPTX
Database System Architectures
Information Technology
 
PDF
Transport layer services
Melvin Cabatuan
 
PPTX
Substitution techniques
vinitha96
 
PPTX
Direct linking loaders
Satyamevjayte Haxor
 
PPTX
Distributed Operating Systems
Ummiya Mohammedi
 
PPTX
Data base security & integrity
Pooja Dixit
 
Protection and Security in Operating Systems
vampugani
 
Directory and discovery services
RamchandraRegmi
 
IP Security
Keshab Nath
 
View of data DBMS
Rahul Narang
 
DB security
ERSHUBHAM TIWARI
 
File sharing
janani thirupathi
 
Security Mechanisms
priya_trehan
 
Distributed Operating System_1
Dr Sandeep Kumar Poonia
 
8. mutual exclusion in Distributed Operating Systems
Dr Sandeep Kumar Poonia
 
Kernel I/O subsystem
AtiKa Bhatti
 
Secure Hash Algorithm
Vishakha Agarwal
 
Sql Server Security
Vinod Kumar
 
Threads (operating System)
Prakhar Maurya
 
Java Servlets
BG Java EE Course
 
Database System Architectures
Information Technology
 
Transport layer services
Melvin Cabatuan
 
Substitution techniques
vinitha96
 
Direct linking loaders
Satyamevjayte Haxor
 
Distributed Operating Systems
Ummiya Mohammedi
 
Data base security & integrity
Pooja Dixit
 
Ad

Similar to UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf (20)

PPTX
Database security and privacy
Md. Ahasan Hasib
 
PPTX
Database Security Methods, DAC, MAC,View
Dr-Dipali Meher
 
PPTX
security and privacy in dbms and in sql database
gourav kottawar
 
PDF
Chapter 6 Database Security and Authorization (4).pdf
abrehamcheru14
 
PPTX
Database concepts
shanthishyam
 
PPTX
Database security and security in networks
Prachi Gulihar
 
PPT
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
AnuradhaGupta789099
 
PPTX
Database security
Software Engineering
 
PPTX
Comparative Analysis of Windows and Linux System.pptx
Green University of Bangladesh
 
PPT
UNIT-1-Security.ppt
DharaDarji5
 
PPTX
Importance of DBMS.pptx
Green University of Bangladesh
 
PDF
Data security and Integrity
Zaid Shabbir
 
PPTX
Security of the database
Pratik Tamgadge
 
PDF
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
Dr Amit Phadikar
 
PPTX
Database security
MaryamAsghar9
 
PPT
8034.ppt
ssuser77162c
 
PDF
Data base Access Control a look at Fine grain Access method
International Journal of Engineering Inventions www.ijeijournal.com
 
PDF
uu (2).pdf
uzairAsif268
 
PDF
Database security presentation in easy way
ArsalanMaqsood1
 
PPT
Security and Authorization introductory notes.ppt
SubburamSivakumar1
 
Database security and privacy
Md. Ahasan Hasib
 
Database Security Methods, DAC, MAC,View
Dr-Dipali Meher
 
security and privacy in dbms and in sql database
gourav kottawar
 
Chapter 6 Database Security and Authorization (4).pdf
abrehamcheru14
 
Database concepts
shanthishyam
 
Database security and security in networks
Prachi Gulihar
 
UNIT 1 DBMS Security made by me it hrlps you to makr your future bright.ppt
AnuradhaGupta789099
 
Database security
Software Engineering
 
Comparative Analysis of Windows and Linux System.pptx
Green University of Bangladesh
 
UNIT-1-Security.ppt
DharaDarji5
 
Importance of DBMS.pptx
Green University of Bangladesh
 
Data security and Integrity
Zaid Shabbir
 
Security of the database
Pratik Tamgadge
 
database-security-access-control-models-a-brief-overview-IJERTV2IS50406.pdf
Dr Amit Phadikar
 
Database security
MaryamAsghar9
 
8034.ppt
ssuser77162c
 
Data base Access Control a look at Fine grain Access method
International Journal of Engineering Inventions www.ijeijournal.com
 
uu (2).pdf
uzairAsif268
 
Database security presentation in easy way
ArsalanMaqsood1
 
Security and Authorization introductory notes.ppt
SubburamSivakumar1
 
Ad

Recently uploaded (20)

PDF
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
PDF
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
PDF
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
PDF
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
PDF
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
PDF
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
PDF
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
PPTX
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
PDF
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
PPTX
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
PDF
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
PDF
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
PDF
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
PDF
Software Development Methodologies in 2025
KodekX
 
PDF
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
PDF
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
PDF
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
PDF
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
PPTX
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
PDF
Brief History of Internet - Early Days of Internet
sutharharshit158
 
The Future of Mobile Is Context-Aware—Are You Ready?
iProgrammer Solutions Private Limited
 
A Day in the Life of Location Data - Turning Where into How.pdf
Precisely
 
Oracle AI Vector Search- Getting Started and what's new in 2025- AIOUG Yatra ...
Sandesh Rao
 
NewMind AI Weekly Chronicles - July'25 - Week IV
NewMind AI
 
SparkLabs Primer on Artificial Intelligence 2025
SparkLabs Group
 
Data_Analytics_vs_Data_Science_vs_BI_by_CA_Suvidha_Chaplot.pdf
CA Suvidha Chaplot
 
Security features in Dell, HP, and Lenovo PC systems: A research-based compar...
Principled Technologies
 
AI in Daily Life: How Artificial Intelligence Helps Us Every Day
vanshrpatil7
 
MASTERDECK GRAPHSUMMIT SYDNEY (Public).pdf
Neo4j
 
Dev Dives: Automate, test, and deploy in one place—with Unified Developer Exp...
AndreeaTom
 
The Evolution of KM Roles (Presented at Knowledge Summit Dublin 2025)
Enterprise Knowledge
 
BLW VOCATIONAL TRAINING SUMMER INTERNSHIP REPORT
codernjn73
 
AI Unleashed - Shaping the Future -Starting Today - AIOUG Yatra 2025 - For Co...
Sandesh Rao
 
Software Development Methodologies in 2025
KodekX
 
How-Cloud-Computing-Impacts-Businesses-in-2025-and-Beyond.pdf
Artjoker Software Development Company
 
Structs to JSON: How Go Powers REST APIs
Emily Achieng
 
Unlocking the Future- AI Agents Meet Oracle Database 23ai - AIOUG Yatra 2025.pdf
Sandesh Rao
 
How Open Source Changed My Career by abdelrahman ismail
a0m0rajab1
 
OA presentation.pptx OA presentation.pptx
pateldhruv002338
 
Brief History of Internet - Early Days of Internet
sutharharshit158
 

UNIT 3- DATABASE INTEGRITY AND SECURITY CONCEPTS (1).pdf

  • 1. Unit 3 Database Integrity and Security Concepts By Kavita Shinde Asst. Professor Computer Science MITACSC, Alandi Pune.
  • 2. Content: 3.1 Domain constraints 3.2 Referential Integrity 3.3 Introduction to database security concepts 3.4 Methods for database security 3.4.1Discretionary access control method 3.4.2Mandatory access control 3.4.3. Role base access control for multilevel security. 3.5 Use of views in security enforcement. 3.6 Overview of encryption technique for security. 3.7 Statistical database security.
  • 3. 3.1 Domain constraints -Are most elementary form of integrity constraint. -Every domain must contain atomic values. -It makes sure that the data value entered for that particular column matches with the data type defined for that column.
  • 4. 3.2 Referential Integrity: -Also known as foreign key constraint. -A foreign key is a key whose values are derived from the Primary key of another table. -The table containing the foreign key is called the child table. -The table containing the Primary key/candidate key is called the referenced or parent table. -Rules : -A record cannot be deleted from a primary table if matching records exist in a related table. -A primary key value cannot be changed in the primary table if that record has related records. -A value cannot be entered in the foreign key field of the related table that doesn't exist in the primary key of the primary table. -A Null value can be entered in the foreign key, specifying that the records are unrelated. Insert Constraint: Value cannot be inserted in CHILD Table if the value is not lying in MASTER Table Delete Constraint: Value cannot be deleted from MASTER Table if the value is lying in CHILD Table
  • 5. Ex:
  • 6. 3.3 Introduction to database security concepts: Threats to Databases: Threats to databases can result in the loss or degradation of some or all of the following commonly accepted security goals: integrity, availability, and confidentiality. (1)Loss of integrity: -Database integrity refers to the requirement that information be protected from improper modification. -Integrity is lost if unauthorized changes are made to the data by either intentional or accidental acts. (2)Loss of availability: Refers to making objects available to a human user or a program to which they have a legitimate right. (3)Loss of confidentiality: Refers to the protection of data from unauthorized disclosure.
  • 7. 3.3 Introduction to database security concepts: -Database Security: -Keep sensitive information safe and prevent the loss of data. -Security of data base is controlled by Database Administrator (DBA). -The following are the main control measures are used to provide security of data in databases: 1. Authentication 2. Access control 3. Inference control 4. Flow control 5. Database Security applying Statistical Method 6. Encryption
  • 8. 1.Authentication : [Login Process] -Used to protect database against unauthorized access. -A user can gain access to the database after clearing the login process through only valid user accounts. -Each user account is password protected. 2.Access control : [User Accounts] -The security mechanism of DBMS must include some provisions for restricting access to the data base by unauthorized users. -Access control is done by creating user accounts and to control login process by the DBMS. -Database access of sensitive data is possible only to those people (database users) who are allowed to access such data and to restrict access to unauthorized persons. 3.Inference control : -This method protect the sensitive information from indirect disclosure.
  • 9. 4.Flow control : -Distributed systems encompass a lot of data flow from one site to another and also within a site. -Flow control prevents data from being transferred in such a way that it can be accessed by unauthorized agents. 5.Database Security applying Statistical Method : -Statistical database security focuses on the protection of confidential individual values stored in and used for statistical purposes and used to retrieve the summaries of values based on categories. -They do not permit to retrieve the individual information. 6.Encryption: -Data encryption refers to coding data when sensitive data is to be communicated over public channels. -Even if an unauthorized agent gains access of the data, he cannot understand it since it is in an incomprehensible format.
  • 10. 3.3 Introduction to database security concepts: Database Security and the DBA -The DBA is responsible for the overall security of the database system. -The DBA’s responsibilities include granting and revoking privileges to users. Account creation: This action creates a new account and password for a user or a group of users to enable access to the DBMS. Privilege granting: This action permits the DBA to grant certain privileges to certain accounts. Privilege revocation: This action permits the DBA to revoke (cancel) certain privileges that were previously given to certain accounts. Security level assignment: This action consists of assigning user accounts to the appropriate security clearance level.
  • 11. Ex: (1)GRANT Command: GRANT privilege [, ...] ON object [, ...] TO { PUBLIC | GROUP group | username } privilege : values could be: SELECT, INSERT, UPDATE, DELETE, ALL,etc. object : The name of an object to which to grant access (table, view, sequence) PUBLIC: To all users. GROUP group : A group to whom to grant privileges. Username: The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.
  • 12. Ex: (1)Revoke Command: REVOKE privilege [, ...] ON object [, ...] FROM { PUBLIC | GROUP groupname | username } privilege : values could be: SELECT, INSERT, UPDATE, DELETE, RULE, ALL. object : The name of an object to which to grant access. The possible objects are: table, view, sequence PUBLIC: A short form representing all users. GROUP group : A group to whom to grant privileges. Username: The name of a user to whom to grant privileges. PUBLIC is a short form representing all users.
  • 13. Ex: (1)testdb=# CREATE USER manisha WITH PASSWORD 'password'; CREATE ROLE (2)testdb=# GRANT ALL ON COMPANY TO manisha; GRANT (3)testdb=# REVOKE ALL ON COMPANY FROM manisha; REVOKE (4)testdb=# DROP USER manisha; DROP ROLE
  • 14. 3.4 Methods for database security: -Regulates which users, applications, and devices can view, edit, add, and delete resources in an organization’s environment. -Controlling access is one of the key practices to protect sensitive data from theft, misuse, abuse, and any other threats.
  • 15. 3.4.1 Discretionary access control : (identity-based access control model ) -Provides users a certain amount of control over their data. -Data owners (or any users authorized to control data) can define access permissions for specific users or groups of users. -DAC is quite a popular model because it allows a lot of freedom for users and doesn’t cause administrative overhead. -User 1 can’t grant access rights that exceed their own. For example, if user 1 can only read a document, they can’t allow user 2 to edit it.
  • 16. 3.4.2 Mandatory access control: -MAC is considered the most secure of all access control models. -Access rules are manually defined by system administrators and strictly enforced by the operating system or security kernel. -Regular users can’t alter security attributes even for data they’ve created.
  • 17. 3.4.3 Role-based access control: -Also known as Non discretionary Access Control, takes more of a real world approach to structuring access control. -Access under RBAC is based on a user's job function within the organization to which the computer system belongs. -Essentially, RBAC assigns permissions to particular roles in an organization. Users are then assigned to that particular role. -For example, an accountant in a company will be assigned to the Accountant role, gaining access to all the resources permitted for all accountants on the system. Similarly, a software engineer might be assigned to the developer role. Roles differ from groups in that while users may belong to multiple groups, a user under RBAC may only be assigned a single role in an organization. Additionally, there is no way to provide individual users additional permissions over and above those available for their role. The accountant described above gets the same permissions as all other accountants, nothing more and nothing less.
  • 18. 3.5 Use of views in security enforcement: Rather than granting users privileges on a particular table, you can give them access to a view of the table. Views add two more levels of security: -A view can limit access to only selected columns of the base table. -A view can provide value-based security for the information in a table. Thus a WHERE clause in the definition of a view can display only selected rows of a base table. -Types of views : Read-only View : Allows only SELECT operations. Updateable View : Allows SELECT as well as INSERT , UPDATE and DELETE operations.
  • 19. -Syn: (1) Read Only View: CREATE <OR REPLACE> VIEW <ViewName> AS SELECT <ColumnName1 >, <ColumnName2> FROM <TableName> WHERE <ColumnName> = < Expression List> <WITH READ ONLY> ; -Ex: create view stu as select enroll,name from student; (2) Updateable View: update stu set name='xyz' where enroll=4866; drop view stu; -Dropping View: drop view stu;
  • 20. 3.6 Overview of encryption technique for security: -Encryption is a security method in which information is encoded in such a way that only authorized user can read it. -It uses encryption algorithm to generate cipher text that can only be read if decrypted. Types of Encryption There are two types of encryptions schemes as listed below: Symmetric Key encryption Public Key encryption
  • 21. (1)Symmetric Key encryption: Symmetric key encryption algorithmuses same cryptographic keys for both encryption and decryption of cipher text. Ex: DES(Data Encryption Standard) (2)Public Key encryption: Public key encryption algorithm uses pair of keys, one of which is a secret key and one of which is public. These two keys are mathematically linked with each other. Ex: RSA (Rivest, Shamir, and Adheman) algorithm and Diffie– Hellman algorithm.
  • 22. 3.7 Statistical database security: -A statistical database (SDB) is one that provides data of a statistical nature, such as counts and averages. -The term statistical database is used in two contexts: Pure statistical database: -This type of database only stores statistical data. -An example is a census database. -Access control for a pure SDB is straightforward. -Certain users are authorized to access the entire database. Ordinary database with statistical access: -This type of database contains individual entries. -The database supports a population of nonstatistical users who are allowed access to selected portions of the database using DAC, RBAC, or MAC. -In addition, the database supports a set of statistical users who are only permitted statistical queries.
  • 23. 3.6 Overview of encryption technique for security: