Академический Документы
Профессиональный Документы
Культура Документы
It is easier to protect than Intentional data loss concurrency control protocol, recovery system works
to avoid this type of data loss.
Authentication:
It is the process which provides the access over the secured database to the authorized
users only.
Authentication is used to verifying the identity of a person of software connecting to database.
e.g.: Student authenticates them by showing id-card.
Before making any request to the system the user has to identify himself to the system and
authenticate his identification.
Simplest and most common scheme used password system.
Password authentication: -
User enters name and no. and authenticates himself by password.
It is very simple to implement but having some drawbacks i.e. passwords are not secured. The
solution to this drawback is store password in an encrypted form.
Digital signature is used to authenticate the user’s data process is same as physical signature
on documents.
Authentication can be categorized in 3 ways.
1. By knowing any key or string (password).
2. By knowing anything (card, Smart card).
3. By knowing Biological characteristics of user (finger prints, iris recognization, and voice
recognization).
Authorization :
Set of rules that can be used to determine which user has what type of access to which portion of
database.
It is maintained in the form of table called access matrix.
Rows in matrix called as subject and column in matrix called as object.
Objects: An object in access matrix needs protection against an unauthorized user.(e.g. .file ,folder,
printer etc)
In database system object is a unit of data item that need to be protected (data item granularity is
different depending or requirement)
Student Branch
Student READ READ
Staff WRITE WRITE
HOD WRITE
3) Access type: User will get the access to database for data manipulation and control operation
performed on database such as add, drop, and alter.
o Types of Authorization :
Read authorization: Allows reading, but not modification of data.
Insert authorization: Allows insertion of new data but not modification of existing data.
Update authorization: Allows modification, but not deletion data.
Deletion authorization: Allows deletion of data user may be assigned all, none or a
combination of this type of authorization related to data. A user may be granted access to modify
the database scheme.
1) Index Authorization: It allows creation and deletion of indices.
2) Resource Authorization: Allows creation of new relation.
3) Alteration Authorization: Allow addition or deletion of attribute in a relation.
4) Drop Authorization: Allow deletion of relation .It is different from Delete. In this if relation
dropped data &relation no longer exists, but in delete, tuples only deleted.
Granting of privileges :
A user who has granted some form of authorization may be allowed to pass on this authorization
to other user.
Authorization can be revoked or cancelled
E.g. passing of authorization form one user to another can be represented by authorization graph.
Nodes of this graph are users and edges Ui-Uj indicates, user Ui grants the update authorization on to
Uj .The root of the graph is DBA following fig. shows authorization graph.
U1 U4
DBA U2 U5
U3
A user has an authorization if and only if there is path from the root of authorization graph down
to the node representing user.
If authorization of Ui has revoked then Un authorization should be revoked because Un has
been granted by Ui.
Views:
It is logically represents subset of data from one or more table’s .A view contain no data of its own,
but is like a window through which data from table can be viewed or changed.
The tables on which views are based are called ‘Base Table’.
View is stored as select statement in data dictionary.’
Advantages:
1) Restrict access of data.
2) Views can be used to make simple queries to retrieve result of complicated queries.
3) To provide data independence.
4) To provide different views of same data.
Types of views
1. simple view
2. Complex view.
Creating a view :
CREATE VIEW empview1
Embed a sub query within as