Transcript Advanced SQL

IT 244
Database Management System
Lecture 11
More SQL
Constraints &Triggers, SQL Authorization
,Transactions
Foreign Keys, Local and Global Constraints,
Privileges, Grant and Revoke, Grant Diagrams
Triggers, Serializability, Isolation Levels, Atomicity
Ref : A First Course in Database System
(Jeffrey D Ullman, Jennifer Widom) + online.
1
Constraints and Triggers
• A constraint is a relationship among data
elements that the DBMS is required to
enforce.
– Example: key constraints.
• Triggers are only executed when a
specified condition occurs, e.g., insertion of
a tuple.
– Easier to implement than many constraints.
2
Kinds of Constraints
• Keys.
• Foreign-key, or referential-integrity.
• Value-based constraints.
– Constrain values of a particular attribute.
• Tuple-based constraints.
– Relationship among components.
• Assertions: any SQL boolean expression.
3
Foreign Keys
• Consider Relation Sells(bar, beer, price).
• We might expect that a beer value is a real
beer --- something appearing in Beers.name
.
• A constraint that requires a beer in Sells to
be a beer in Beers is called a foreign -key
constraint.
4
Expressing Foreign Keys
•
Use the keyword REFERENCES, either:
1. Within the declaration of an attribute, when
only one attribute is involved.
2. As an element of the schema, as:
•
FOREIGN KEY ( <list of attributes> )
REFERENCES <relation> ( <attributes> )
Referenced attributes must be declared
PRIMARY KEY or UNIQUE.
5
Example: With Attribute
CREATE TABLE Beers (
name
CHAR(20) PRIMARY KEY,
manf
CHAR(20) );
CREATE TABLE Sells (
bar
CHAR(20),
beer
CHAR(20) REFERENCES Beers(name),
price REAL );
6
Example: As Element
CREATE TABLE Beers (
name
CHAR(20) PRIMARY KEY,
manf
CHAR(20) );
CREATE TABLE Sells (
bar
CHAR(20),
beer
CHAR(20),
price REAL,
FOREIGN KEY(beer) REFERENCES
Beers(name));
7
Enforcing Foreign-Key Constraints
•
If there is a foreign-key constraint from
attributes of relation R to the primary key
of relation S, two violations are possible:
1. An insert or update to R introduces values
not found in S.
2. A deletion or update to S causes some
tuples of R to “dangle.”
8
Actions Taken -- 1
• Suppose R = Sells, S = Beers.
• An insert or update to Sells that
introduces a nonexistent beer must be
rejected.
• A deletion or update to Beers that
removes a beer value found in some
tuples of Sells can be handled in three
ways.
9
Actions Taken -- 2
•
The three possible ways to handle
beers that suddenly cease to exist are:
1. Default : Reject the modification.
2. Cascade : Make the same changes in
Sells.
 Deleted beer: delete Sells tuple.
 Updated beer: change value in Sells.
3. Set NULL : Change the beer to NULL.
10
Example: Cascade
• Suppose we delete the Royal tuple from
Beers.
– Then delete all tuples from Sells that have
beer = ’Royal’.
• Suppose we update the Royal tuple by
changing ’Royal’ to ’Budweiser’.
– Then change all Sells tuples with beer =
’Royal’ so that beer = ’Budweiser’.
11
Example: Set NULL
• Suppose we delete the Royal tuple from
Beers.
– Change all tuples of Sells that have beer =
’Royal’ to have beer = NULL.
• Suppose we update the Royal tuple by
changing ’Royal’ to ’Budweiser’.
– Same change.
12
Choosing a Policy
• When we declare a foreign key, we may
choose policies SET NULL or CASCADE
independently for deletions and updates.
• Follow the foreign-key declaration by:
ON [UPDATE, DELETE][SET NULL
CASCADE]
• Two such clauses may be used.
• Otherwise, the default (reject) is used.
13
Example
CREATE TABLE Sells (
bar
CHAR(20),
beer CHAR(20),
price REAL,
FOREIGN KEY(beer)
REFERENCES Beers(name)
ON DELETE SET NULL
ON UPDATE CASCADE );
14
Attribute-Based Checks
• Put a constraint on the value of a
particular attribute.
• CHECK( <condition> ) must be added to
the declaration for the attribute.
• The condition may use the name of the
attribute, but any other relation or attribute
name must be in a subquery.
15
Example
CREATE TABLE Sells (
bar
CHAR(20),
beer CHAR(20)
CHECK ( beer IN
(SELECT name FROM Beers)),
price REAL CHECK ( price <= 5.00 )
);
16
Timing of Checks
• An attribute-based check is checked only
when a value for that attribute is inserted or
updated.
– Example: CHECK (price <= 5.00) checks
every new price and rejects it if it is more than
$5.
– Example: CHECK (beer IN (SELECT name
FROM Beers)) not checked if a beer is deleted
from Beers (unlike foreign-keys).
17
Tuple-Based Checks
• CHECK ( <condition> ) may be added as
another element of a schema definition.
• The condition may refer to any attribute of
the relation, but any other attributes or
relations require a subquery.
• Checked on insert or update only.
18
Example: Tuple-Based Check
• Only BF’s Bar can sell beer for more than $5:
CREATE TABLE Sells (
bar
CHAR(20),
beer
CHAR(20),
price
REAL,
CHECK (bar = ’BF’’s Bar’ OR
price <= 5.00)
);
19
Assertions
• These are database-schema elements,
like relations or views.
• Defined by:
CREATE ASSERTION <name>
CHECK ( <condition> );
• Condition may refer to any relation or
attribute in the database schema.
20
Example: Assertion
• In Sells(bar, beer, price), no bar may
charge an average of more than $5.
CREATE ASSERTION NoRipoffBars
CHECK (
NOT EXISTS (
Bars with an
average price
SELECT bar FROM Sells
above $5
GROUP BY bar
HAVING 5.00 < AVG(price)
21
));
Example: Assertion
• In Drinkers(name, addr, phone) and Bars(name,
addr, license), there cannot be more bars than
drinkers.
CREATE ASSERTION FewBar CHECK (
(SELECT COUNT(*) FROM Bars) <=
(SELECT COUNT(*) FROM Drinkers)
);
22
Timing of Assertion Checks
• In principle, we must check every
assertion after every modification to any
relation of the database.
• A clever system can observe that only
certain changes could cause a given
assertion to be violated.
– Example: No change to Beers can affect
FewBar. Neither can an insertion to Drinkers.
23
Triggers: Motivation
• Attribute- and tuple-based checks have
limited capabilities.
• Assertions are sufficiently general for most
constraint applications, but they are hard
to implement efficiently.
– The DBMS must have real intelligence to
avoid checking assertions that couldn’t
possibly have been violated.
24
Triggers: Solution
• A trigger allows the user to specify when
the check occurs.
• Like an assertion, a trigger has a generalpurpose condition and also can perform
any sequence of SQL database
modifications.
25
Event-Condition-Action Rules
• Another name for “trigger” is ECA rule,
or event-condition-action rule.
• Event : typically a type of database
modification, e.g., “insert on Sells.”
• Condition : Any SQL boolean-valued
expression.
• Action : Any SQL statements.
26
Example: A Trigger
• There are many details to learn about
triggers.
• Here is an example to set the stage.
• Instead of using a foreign-key constraint
and rejecting insertions into Sells(bar,
beer, price) with unknown beers, a
trigger can add that beer to Beers, with
a NULL manufacturer.
27
Example: Trigger Definition
The event
CREATE TRIGGER BeerTrig
AFTER INSERT ON Sells
REFERENCING NEW ROW AS NewTuple
FOR EACH ROW
The condition
WHEN (NewTuple.beer NOT IN
(SELECT name FROM Beers))
INSERT INTO Beers(name)
The action
VALUES(NewTuple.beer);
28
Options: CREATE TRIGGER
• CREATE TRIGGER <name>
• Option:
CREATE OR REPLACE TRIGGER <name>
– Useful if there is a trigger with that name and
you want to modify the trigger.
29
Options: The Condition
• AFTER can be BEFORE.
– Also, INSTEAD OF, if the relation is a view.
• A great way to execute view modifications: have
triggers translate them to appropriate modifications
on the base tables.
• INSERT can be DELETE or UPDATE.
– And UPDATE can be UPDATE . . . ON a
particular attribute.
30
Options: FOR EACH ROW
• Triggers are either row-level or statementlevel.
• FOR EACH ROW indicates row-level; its
absence indicates statement-level.
• Row level triggers are executed once for
each modified tuple.
• Statement-level triggers execute once for
an SQL statement, regardless of how
many tuples are modified.
31
Options: REFERENCING
• INSERT statements imply a new tuple (for
row-level) or new set of tuples (for
statement-level).
• DELETE implies an old tuple or table.
• UPDATE implies both.
• Refer to these by
[NEW OLD][TUPLE TABLE] AS <name>
32
Options: The Condition
• Any boolean-valued condition is
appropriate.
• It is evaluated before or after the triggering
event, depending on whether BEFORE or
AFTER is used in the event.
• Access the new/old tuple or set of tuples
through the names declared in the
REFERENCING clause.
33
Options: The Action
• There can be more than one SQL
statement in the action.
– Surround by BEGIN . . . END if there is more
than one.
• But queries make no sense in an action,
so we are really limited to modifications.
34
Another Example
• Using Sells(bar, beer, price) and a unary
relation RipoffBars(bar) created for the
purpose, maintain a list of bars that raise
the price of any beer by more than $1.
35
The Trigger
The event –
only changes
to prices
CREATE TRIGGER PriceTrig
AFTER UPDATE OF price ON Sells
REFERENCING
Updates let us
talk about old
Condition:
OLD ROW as old
and new tuples a raise in
NEW ROW as new We need to consider price > $1
each price change
FOR EACH ROW
WHEN(new.price > old.price + 1.00)
INSERT INTO RipoffBars
When the price change
is great enough, add
VALUES(new.bar);
the bar to RipoffBars
36
Triggers on Views
• Generally, it is impossible to modify a view,
because it doesn’t exist.
• But an INSTEAD OF trigger lets us
interpret view modifications in a way that
makes sense.
• Example: We’ll design a view Heilala that
has (drinker, beer, bar) triples such that the
bar serves the beer, the drinker frequents
the bar and likes the beer.
37
Example: The View
Pick one copy of
each attribute
CREATE VIEW Heilala AS
SELECT Likes.drinker, Likes.beer, Sells.bar
FROM Likes, Sells, Frequents
WHERE Likes.drinker = Frequents.drinker
AND Likes.beer = Sells.beer
AND Sells.bar = Frequents.bar;
Natural join of Likes,
Sells, and Frequents
38
Interpreting a View Insertion
• We cannot insert into Heilala --- it is a
view.
• But we can use an INSTEAD OF trigger to
turn a (drinker, beer, bar) triple into three
insertions of projected pairs, one for each
of Likes, Sells, and Frequents.
– The Sells.price will have to be NULL.
39
The Trigger
CREATE TRIGGER ViewTrig
INSTEAD OF INSERT ON Heilala
REFERENCING NEW ROW AS n
FOR EACH ROW
BEGIN
INSERT INTO LIKES VALUES(n.drinker, n.beer);
INSERT INTO SELLS(bar, beer) VALUES(n.bar, n.beer);
INSERT INTO FREQUENTS VALUES(n.drinker, n.bar);
END;
40
Summary
•
•
•
•
•
•
•
Constraints and Triggers
Kinds of Constraints (Foreign Keys)
Attribute-Based Checks
Assertions
Event-Condition-Action Rules
Triggers
Triggers on Views
41
SQL Authorization
Privileges, Grant and Revoke
Grant Diagrams
42
Authorization
• A file system identifies certain privileges
on the objects (files) it manages.
– Typically read, write, execute.
• A file system identifies certain participants
to whom privileges may be granted.
– Typically the owner, a group, all users.
43
Privileges --- 1
• SQL identifies a more detailed set of
privileges on objects (relations) than the
typical file system.
• Nine privileges in all, some of which can
be restricted to one column of one relation.
44
Privileges --- 2
•
Some important privileges on a relation:
1. SELECT = right to query the relation.
2. INSERT = right to insert tuples.
 May apply to only one attribute.
3. DELETE = right to delete tuples.
4. UPDATE = right to update tuples.
 May apply to only one attribute.
45
Example: Privileges
• For the statement below:
beers that do
not appear in
INSERT INTO Beers(name)
Beers. We add
them to Beers
SELECT beer FROM Sells
with a NULL
WHERE NOT EXISTS
manufacturer.
(SELECT * FROM Beers
WHERE name = beer);
• We require privileges SELECT on Sells and
Beers, and INSERT on Beers or Beers.name.
46
Authorization ID’s
• A user is referred to by authorization ID,
typically their name.
• There is an authorization ID PUBLIC.
– Granting a privilege to PUBLIC makes it
available to any authorization ID.
47
Granting Privileges
• You have all possible privileges on the
objects, such as relations, that you
create.
• You may grant privileges to other users
(authorization ID’s), including PUBLIC.
• You may also grant privileges WITH
GRANT OPTION, which lets the
grantee also grant this privilege.
48
The GRANT Statement
• To grant privileges, say:
GRANT <list of privileges>
ON <relation or other object>
TO <list of authorization ID’s>;
• If you want the recipient(s) to be able to
pass the privilege(s) to others add:
WITH GRANT OPTION
49
Example: GRANT
• Suppose you are the owner of Sells.
You may say:
GRANT SELECT, UPDATE(price)
ON Sells
TO sione;
• Now Sione has the right to issue any
query on Sells and can update the price
component only.
50
Example: Grant Option
• Suppose we also grant:
GRANT UPDATE ON Sells TO sione
WITH GRANT OPTION;
• Now, Sione can not only update any
attribute of Sells, but can grant to others
the privilege UPDATE ON Sells.
– Also, she can grant more specific
privileges like UPDATE(price) ON Sells.
51
Revoking Privileges
REVOKE <list of privileges>
ON <relation or other object>
FROM <list of authorization ID’s>;
• Your grant of these privileges can no longer
be used by these users to justify their use
of the privilege.
– But they may still have the privilege because
they obtained it independently from elsewhere.
52
REVOKE Options
•
We must append to the REVOKE
statement either:
1. CASCADE. Now, any grants made by a
revokee are also not in force, no matter how
far the privilege was passed.
2. RESTRICT. If the privilege has been
passed to others, the REVOKE fails as a
warning that something else must be done
to “chase the privilege down.”
53
Grant Diagrams
• Nodes = user/privilege/option/isOwner?
– UPDATE ON R, UPDATE(a) on R, and
UPDATE(b) ON R live in different nodes.
– SELECT ON R and SELECT ON R WITH
GRANT OPTION live in different nodes.
• Edge X ->Y means that node X was used
to grant Y.
54
Notation for Nodes
• Use AP for the node representing
authorization ID A having privilege P.
– P * represents privilege P with grant option.
– P ** represents the source of the privilege P.
That is, AP ** means A is the owner of the
object on which P is a privilege.
• Note ** implies grant option.
55
Manipulating Edges --- 1
• When A grants P to B, We draw an edge
from AP * or AP ** to BP.
– Or to BP * if the grant is with grant option.
• If A grants a subprivilege Q of P (say
UPDATE(a) on R when P is UPDATE ON
R) then the edge goes to BQ or BQ *,
instead.
56
Manipulating Edges --- 2
• Fundamental rule: user C has privilege Q
as long as there is a path from XQ ** (the
origin of privilege Q ) to CQ, CQ *, or
CQ**.
– Remember that XQ** could be CQ**.
57
Manipulating Edges --- 3
• If A revokes P from B with the CASCADE
option, delete the edge from AP to BP.
• If A uses RESTRICT, and there is an
edge from BP to anywhere, then reject
the revocation and make no change to the
graph.
58
Manipulating Edges --- 4
• Having revised the edges, we must check
that each node has a path from some **
node, representing ownership.
• Any node with no such path represents a
revoked privilege and is deleted from the
diagram.
59
Example: Grant Diagram
AP**
A owns the
object on
which P is
a privilege
BP*
A: GRANT P
TO B WITH
GRANT OPTION
CP*
B: GRANT P
TO C WITH
GRANT OPTION
CP
A: GRANT P
TO C
60
Example: Grant Diagram
A executes
REVOKE P FROM B CASCADE;
AP**
BP*
Not only does B lose
P*, but C loses P*.
Delete BP* and CP*.
CP*
Even had
C passed P
to B, both
nodes are
still cut off.
CP
However, C still
has P without grant
option because of
the direct grant.
61
Summary
•
•
•
•
•
•
•
•
•
Authorization
Privileges
Authorization ID’s
Granting Privileges
The GRANT Statement and Grant Option
Revoking Privileges and REVOKE Options
Grant Diagrams
Notation for Nodes
Manipulating Edges
62
Transactions
Serializability, Isolation Levels
Atomicity
63
The Setting
• Database systems are normally being
accessed by many users or processes at
the same time.
– Both queries and modifications.
• Unlike Operating Systems, which support
interaction of processes, a DMBS needs to
keep processes from troublesome
interactions.
64
Example: Bad Interaction
• You and your spouse each take $100 from
different ATM’s at about the same time.
– The DBMS better make sure one account
deduction doesn’t get lost.
• Compare: An OS allows two people to edit
a document at the same time. If both
write, one’s changes get lost.
65
ACID Transactions
• A DBMS is expected to support “ACID
transactions,” which are:
– Atomic : Either the whole process is done or
none is.
– Consistent : Database constraints are
preserved.
– Isolated : It appears to the user as if only one
process executes at a time.
– Durable : Effects of a process do not get lost if
the system crashes.
66
Transactions in SQL
• SQL supports transactions, often behind
the scenes.
– Each statement issued at the generic query
interface is a transaction by itself.
– In programming interfaces like Embedded
SQL or PSM, a transaction begins the first
time an SQL statement is executed and ends
with the program or an explicit end.
67
COMMIT
• The SQL statement COMMIT causes a
transaction to complete.
– It’s database modifications are now
permanent in the database.
68
ROLLBACK
• The SQL statement ROLLBACK also
causes the transaction to end, but by
aborting.
– No effects on the database.
• Failures like division by 0 can also
cause rollback, even if the programmer
does not request it.
69
An Example: Interacting Processes
• Assume the usual Sells(bar,beer,price)
relation, and suppose that BF’s Bar sells
only Royal for $2.50 and VB for $3.00.
• Sione is querying Sells for the highest
and lowest price BF charges.
• BF decides to stop selling Royal and VB,
but to sell only Ikale at $3.50.
70
Sione’s Program
• Sione executes the following two SQL
statements, which we call (min) and (max),
to help remember what they do.
(max)
SELECT MAX(price) FROM Sells
WHERE bar = ‘BF’’s Bar’;
(min)
SELECT MIN(price) FROM Sells
WHERE bar = ‘BF’’s Bar’;
71
BF’s Program
• At about the same time, BF executes the
following steps, which have the mnemonic
names (del) and (ins).
(del)
DELETE FROM Sells
WHERE bar = ‘BF’’s Bar’;
(ins)
INSERT INTO Sells
VALUES(‘BF’’s Bar’, ‘Ikale’,
3.50);
72
Interleaving of Statements
• Although (max) must come before (min)
and (del) must come before (ins), there
are no other constraints on the order of
these statements, unless we group
Sione’s and/or BF’s statements into
transactions.
73
Example: Strange Interleaving
• Suppose the steps execute in the order
(max)(del)(ins)(min).
BF’s Prices:
2.50, 3.00 2.50, 3.00
3.50
Statement:
(max)
(del)
(ins)
(min)
Result:
3.00
3.50
• Sione sees MAX < MIN!
74
Fixing the Problem With
Transactions
• If we group Sione’s statements (max)(min)
into one transaction, then he cannot see
this inconsistency.
• He see’s BF’s prices at some fixed time.
– Either before or after he changes prices, or in
the middle, but the MAX and MIN are
computed from the same prices.
75
Another Problem: Rollback
• Suppose BF executes (del)(ins), but after
executing these statements, thinks better of
it and issues a ROLLBACK statement.
• If Sione executes his transaction after (ins)
but before the rollback, he sees a value,
3.50, that never existed in the database.
76
Solution
• If BF executes (del)(ins) as a transaction,
its effect cannot be seen by others until
the transaction executes COMMIT.
– If the transaction executes ROLLBACK
instead, then its effects can never be seen.
77
Isolation Levels
• SQL defines four isolation levels = choices
about what interactions are allowed by
transactions that execute at about the same
time.
• How a DBMS implements these isolation
levels is highly complex, and a typical
DBMS provides its own options.
78
Choosing the Isolation Level
• Within a transaction, we can say:
SET TRANSACTION ISOLATION LEVEL X
where X =
1.
2.
3.
4.
SERIALIZABLE
REPEATABLE READ
READ COMMITTED
READ UNCOMMITTED
79
Serializable Transactions
• If Sione = (max)(min) and BF = (del)(ins) are
each transactions, and Sione runs with
isolation level SERIALIZABLE, then he will
see the database either before or after BF
runs, but not in the middle.
• It’s up to the DBMS vendor to figure out how
to do that, e.g.:
– True isolation in time.
– Keep BF’s old prices around to answer Sione’s
queries.
80
Isolation Level Is Personal Choice
• Your choice, e.g., run serializable,
affects only how you see the database,
not how others see it.
• Example: If BF Runs serializable, but
Sione doesn’t, then Sione might see no
prices for BF’s Bar.
– i.e., it looks to Sione as if he ran in the
middle of BF’s transaction.
81
Read-Commited Transactions
• If Sione runs with isolation level READ
COMMITTED, then he can see only
committed data, but not necessarily the
same data each time.
• Example: Under READ COMMITTED, the
interleaving (max)(del)(ins)(min) is
allowed, as long as BF commits.
– Sione sees MAX < MIN.
82
Repeatable-Read Transactions
• Requirement is like read-committed, plus:
if data is read again, then everything seen
the first time will be seen the second time.
– But the second and subsequent reads may
see more tuples as well.
83
Example: Repeatable Read
• Suppose Sione runs under REPEATABLE
READ, and the order of execution is
(max)(del)(ins)(min).
– (max) sees prices 2.50 and 3.00.
– (min) can see 3.50, but must also see 2.50
and 3.00, because they were seen on the
earlier read by (max).
84
Read Uncommitted
• A transaction running under READ
UNCOMMITTED can see data in the
database, even if it was written by a
transaction that has not committed (and
may never).
• Example: If Sione runs under READ
UNCOMMITTED, she could see a price
3.50 even if BF later aborts.
85
Summary
•
•
•
•
•
•
•
•
•
The Setting
ACID Transactions
Transactions in SQL
COMMIT
ROLLBACK
Isolation Levels
Serializable Transactions
Read-Commited Transactions
Repeatable-Read Transactions
86