Database Reference
In-Depth Information
DBMS
Access
permitted
Access
denied
Valerie
Customer
CustomerNum
CustomerName
...
Balance
CreditLimit
RepNum
148
Al's Appliance
...
$6,550.00
$7,500.00
20
and Sport
282
Brookings Direct
...
$431.50
$10,000.00
35
356
Ferguson's
...
$5,785.00
$7,500.00
65
260
408
The Everything
...
$5,285.25
$5,000.00
35
Shop
462
Bargains Galore
...
$3,412.00
$10,000.00
65
524
Kline's
...
$12,762.00
$15,000.00
20
608
Johnson's
...
$2,106.00
$10,000.00
65
Department
Store
687
Lee's Sport and
...
$2,851.00
$5,000.00
35
Appliance
725
Deerield's Four
...
$248.00
$7,500.00
35
Seasons
842
All Season
...
$8,221.00
$7,500.00
20
FIGURE 8-4
Permitted and denied access privileges for Valerie
The DBA determines the access privileges for all users and enters the appropriate authorization rules in
the DBMS catalog to ensure that users access the database only in ways to which they are entitled. For exam-
ple, the DBA uses the SQL GRANT statement to define the access privileges users have to the data in the
database. The DBA also documents the access privilege policy; top-level management approves the policy, and
the DBA communicates the policy to management and to all users.
Security
As discussed in previous chapters, security is the prevention of unauthorized access, either intentional or
accidental, to a database, and the DBA uses views and the SQL GRANT statement as two security mechan-
isms. Unauthorized access includes access by someone who has no right to access the database at all. For
example, as shown in Figure 8-5, the DBMS prevents Brady, who is a programmer at Premiere Products, from
accessing the database because the DBA has not authorized Brady as a user.
DBMS
Premiere
Products
database
Brady
DBMS prevents the
attempted security
violation
Unauthorized
user
FIGURE 8-5
Attempted security violation by Brady, who's not an authorized user
