Documente Academic
Documente Profesional
Documente Cultură
Faculty of Engineering
Biomedical & Systems Engineering Dept.
1.1 Introduction:
The Database Management Systems (DBMS) use a lot of security rules for the
database management or for the users of the database, and these systems differ from
the database system to the other one and we here will describe the most used and
famous database systems such as (Oracle – MySQL – MS-SQL Server 2000 – SyBase
…….etc) to obtain the main uses for the securing systems and tools in the various
DBMS's.
The interesting with DBMS managing permits the improvement and rapid
operations in execution of the transactions and further units of work. To assure and
guarantee that, it should be there is a central authority for managing database system
which processes the users those who handle and deal with the database this is called
DBA or database administrator. The database administrator has all the permission for
adding, deleting or changing the users of the database. That is for more securing for
the database system. The user account of the DBA is called the super account or
system account, which provides powerful capabilities that are not made of available to
regular database accounts and users.
You may need to have a database system to use it for you personal computer,
or your company and specifying the number of the licenses you need to multiple
factors and which you prefer or your choice and the tools of the system and the
amount of your data and your prediction of how the system can handle them and
secure.
So we will have a small overview on various DBMS's which is famous and used
mostly nowadays:
• Microsoft FoxPro
It's considered as a powerful database with a unique user mainly, and uses with
limited methods some of SQL properties and a use a file has an extension of
XBase and every table is saved in a unique file.
• Microsoft Access
It's used commonly in the personal computers which use the windows operating
systems; it uses the SQL properties more than FoxPro and the database and their
appendices stored in one file
• Oracle
It's the most powerful DBMS because it has almost SQL standard properties
beside that there are other properties called PL/SQL. This DBMS involves all
security properties and tools (full security) and the ability of adding securing rules
and specify the accessing level for all system components.
• SyBase Or Transact-SQL
Microsoft and SyBase use SQL Server Database system so the common shared
language between them is Transact-SQL. Beside that the SyBase DBMS has the
same power, characteristics and tools of securing system of Oracle DBMS.
• MySQL Server
MySQL supported with a lot of properties, tools, securing systems and
qualification measurement system, which make it a strong competitor for the other
systems. Especially it's upgraded and developed rapidly and its most versions
work with open source freeware which make it has no comparison in its cost with
other DBMS's. The security properties of MySQL differ from the properties of the
other DBMS's because it handled by some automatic tools.
Whenever a person or group of persons or users needs to access the database system,
they should have
The USER is an account name permits the access to the DBMS of Oracle, and this is
the main used form of oracle syntax for creating users:
CREATE USER clause: Specify the name of the user to be created. This
name can contain only characters from your database character set.
IDENTIFIED clause: lets you indicate how Oracle Database authenticates the
user.
• BY password: The BY password clause lets you creates a local user and
indicates that the user must specify password to log on to the database.
Passwords can contain only single-byte characters from your database
character set regardless of whether the character set also contains multi-
byte characters.
• Globally clause: The GLOBALLY clause lets you create a global user. Such
a user must be authorized by the enterprise directory service (Oracle
Internet Directory).
The directory_DN string can take one of two forms:
A null string (' ') indicating that the enterprise directory service will
map authenticated global users to this database schema with the
appropriate roles. This form is the same as specifying the
GLOBALLY keyword alone and creates a shared global schema.
QUOTA clause: Use the QUOTA clause to specify the maximum amount of
space the user can allocate in the tablespace.
PROFILE clause: Specify the profile you want to assign to the user. The
profile limits the amount of database resources the user can use. If you omit
this clause, then Oracle Database assigns the DEFAULT profile to the user.
PASSWORD EXPIRE clause: Specify PASSWORD EXPIRE if you want
the user's password to expire. This setting forces the user or the DBA to
change the password before the user can log in to the database.
ACCOUNT clause: Specify ACCOUNT LOCK to lock the user's account and
disable access. Specify ACCOUNT UNLOCK to unlock the user's account and
enable access to the account.
The MySQL differs in user creation, where the user accounts stored in a table called
USER and the password and privileges stored in it for every user. There are two
databases involved in MySQL system as parts of it, one called mysql and the other
called test, when you access from MySQL system and want to switch to mysql
database to view its tables you will have the following result:
These tables in the above form is just the names of the tables which MySQL uses for
storing system information and when you want to use or handle them, that related for
your privileges.
From the above we find that MySQL uses tables to store the data of security and the
system of the DBMS MySQL.
mysql>desc user;
desc user (31 Records)
Field Type Null Key Default Extra
Host varchar(60) PRI
User varchar(16) PRI
Password varchar(41) N
Select_priv enum('N','Y') N
Insert_priv enum('N','Y') N
Update_priv enum('N','Y') N
Delete_priv enum('N','Y') N
Create_priv enum('N','Y') N
Drop_priv enum('N','Y') N
Reload_priv enum('N','Y') N
Shutdown_priv enum('N','Y') N
Prcess_priv enum('N','Y') N
File_priv enum('N','Y') N
Grant_priv enum('N','Y') N
References_priv enum('N','Y') N
Index_priv enum('N','Y') N
Alter_priv enum('N','Y') N
Show_db_priv enum('N','Y') N
Super_priv enum('N','Y') N
Create_tmp_table_priv enum('N','Y') N
Lock_tables_priv enum('N','Y') N
Execute_priv enum('N','Y') N
Repl_Slave_priv enum('N','Y') N
Repl_client_priv enum('N','Y') N
ssl_type enum(",'ANY','X509','SPECIFIED')
ssl_chiper blob
x509_issuer Blob
x509_subject Blob
max_questions Int(11) unsigned 0
max_updates Int(11) unsigned 0
max_connections Int(11) unsigned 0
we inserted anew user has the following values: name: muhammad and the
password: hammad and we select here the privileges (Select – Insert) .i.e. he can
only use the statements of selection and insertion for the data tables.
And we can change the values for any user by using the command ALTER and it has
the form:
The ROLE considered as one of privileges or the privileges which given to the user,
to guarantee using of some of options in databases. To create a role for the user we
use the following form:
GRANT role TO user [WITH ADMIN OPTION];
If we use the option WITH ADMIN OPTION the user has all privileges to give privileges
to other users. In the following lines we will describe all the roles and how to use
these statements for remove ROLE you can use REVOKE statement as shown:
ORACLE system gives you the permission in registration in one of these roles:
• Connect
• Resources
• DBA
Connect role
This role considered as the least privileges role and it is given to the users who have a
limited privilege. It gives the permissions for using SELECT, INSERT, UPDATE,
DELETE , CREATE TABLES, VIEWS AND CLUSTERS commands and they
are privileges without permissions
____________________________________
Resource Role
Beside the previous privileges there are other privileges which permits the creation of
procedures, triggers c indexes
GRANT RESOURCE TO muhammad;
Grant succeeded
____________________________________
DBA Role
This role has all privileges, and the users of this role have all previous privileges and
others. After choosing this role you can delete the other roles (Connect, Resource)
because they are useless for who have the DBA role:
User Privileges
After you choose the role for every user for you database you have to choose the
permissions for every user. ORACLE system gives to types of permissions or
privileges:
• System privileges
• Object privileges
The first class applied for all of the system and it has the general form:
i.e it can be given for specific user, role or published for all users.
Chapter 2
Database Security
By:
Hossam Nabil, Mamdoh Talat, Abdelmaksoud Dahi, Sherif Mansour, Ahamd Khairy
Vertical propagation
It is more complicated; it limits the depth of granting of privileges. Granting a
privilege with a vertical propagation of zero is equivalent to granting the privilege
with no GRANT option. If account A grants a privilege to account B with the vertical
propagation set to an integer number j > 0, this means that the account B has the
GRANT option on that privilege, but B can grant the privilege to other accounts only
with vertical propagation less than j. In effect, vertical propagation limits the sequence
of GRANT option that can be given from one account to the next based on a single
original grant of the privilege.