Transcript DBA

Database Administration
1
Objectives
 Understand, create, and drop views
 Grant and revoke users’ privileges
 Understand and obtain information from the system
catalog
2
Views
 Base tables

Existing, permanent tables in a relational database
 View



A derived table where data is derived from a base table
User interacts with the view
View provides security
3
View Benefits
 Views provide data independence
 Different users can view the same data in different
ways because each user has their own view
 It can contain only those columns required by a
given user


Greatly simplifies user perception of database
Furnishes a measure of security since user as access to
data contained only in their view
4
Views
 A view is defined by creating a defining query (SQL
command that indicates the rows and columns that will
appear in the view)
 The formulation of the view definition is:

CREATE <view name> AS <query>
 The defining query can be any valid SQL query
 Define a view named HOUSEWARES that consists of the
part number, part description, units on hand, and unit price
of all parts in item class HW
5
Joins
 In general, views that involve joins of base tables
can cause problems at update
 If two base tables have the same primary key and
the primary key is used as the join column,
updating the database is not a problem
6
DROP View Command
 Deletes a view definition only
 Table and data on which view is based still exists
7
Security
 Security is the prevention of unauthorized access to
the database
 Two security mechanisms


Views
GRANT command
8
GRANT and REVOKE Commands
 Grant different privileges to users and revoke them
later, if necessary:



Ability to select rows from a table
Insert new rows
Update existing rows
 GRANT <privilege> TO <user>
 REVOKE <privilege> FROM <user>
9
Privileges
 Privileges that can be granted are





SELECT
UPDATE
DELETE
INSERT
INDEX
 For a user to pass the privilege on to others the database
administrator must use GRANT statement and include
WITH GRANT OPTION
10
GRANT Command
 User Jones must be able to retrieve data from the
SALES_REP table

GRANT SELECT ON SALES_REP TO JONES;
 Users Smith and Brown must be able to add new
parts to the PART table.

GRANT INSERT ON PART TO SMITH, BROWN;
11
GRANT Command
 User Thomas must be able to change the structure
of the CUSTOMER table

GRANT ALTER ON CUSTOMER TO THOMAS;
 User Wilson must have all privileges for the
SALES_REP, CUSTOMER, and ORDERS tables

GRANT ALL ON SALES_REP, CUSTOMER,
ORDERS TO WILSON;
12
REVOKE Command
 User Jones is no longer allowed to retrieve data
from the SALES_REP table

REVOKE SELECT ON SALES_REP FROM JONES;
13
Comprehensive Example
 Allow sales rep number 03 (Mary Jones) to access
any data concerning the customers she represents,
but do not permit her to access data concerning
any other customer
CREATE VIEW SLSR3CST AS
SELECT *
FROM CUSTOMER
WHERE SLSREP_NUMBER = ’03’
GRANT SELECT ON SLSR3CST TO MARY JONES;
14
The System Catalog
 Information concerning tables known to the DBMS is
kept in the system catalog, or the data dictionary
 System catalog contains tables



USER_TABLES (DBA_TABLES)
USER_TAB_COLUMNS (DBA_TAB_COLUMNS)
USER_VIEWS (DBA_VIEWS)
 System catalog is a relational database
 Users need special privileges to view the data in the
system catalog
15
System Catalog Example
 List the name of every table for which the owner (creator of
the table) is PRATT
SELECT TABLE_NAME
FROM DBA_TABLES
WHERE OWNER = ‘PRATT’;
 List the name of every view whose owner is PRATT
SELECT VIEW_NAME
FROM DBA_VIEWS
WHERE OWNER = ‘PRATT’;
16
Summary
 A view is a pseudotable whose contents are derived
form data in existing base tables whenever users
attempt to access the view
 To define a view, use the CREATE VIEW
statement


This statement includes a defining query that describes
the portion of the database included in the view
When a user retrieves data from the view, the query
entered by the user is merged with the defining query,
producing the query that SQL actually executes
17
Summary
 Views provide data independence, allow database access
control, and simplify the database structure for users
 You cannot update views that involve statistics and views
with joins of non-primary key columns
 In this case you must make all updates to the base table
 Use the DROP VIEW command to delete a view
 Use the GRANT command to give users access privileges
to various portions of the database
 Use the REVOKE command to terminate previously
granted privileges
18
Summary
 The DBMS maintains information about the tables, columns,
indexes, and other system elements in the system catalog


Information about tables is kept in the SYSTABLES table, information
about columns is kept in the SYSCOLUMNS table, and information
about views is kept in the SYSVIEWS table
In Oracle these same tables are named DBA_TABLES,
DBA_TAB_COLUMNS, and DBA_VIEWS
 Use the SELECT command to obtain information from the system
catalog
 The DBMS updates the system catalog continuously; users do not
update the catalog directly
19