Users and Data Security






Users and Data Security

Data in a database should be protected against incorrect use and misuse. In other words, not everyone should have access to all the data in the database. As already shown in the beginning of this chapter, SQL recognizes the concept of SQL user and privilege. A user has to make himself known by logging on.

That same section also contains an example of granting privileges to users. Here, you can find more examples of the GRANT statement, and we assume that all the SQL users mentioned exist.

15. Imagine that the two SQL users DIANE and PAUL have been created. SQL will reject most of their SQL statements as long as they have not been granted privileges. The following three statements give them the required privileges. We assume that a third SQL user (for example, BOOKSQL) grants these privileges.

GRANT   SELECT
ON      PLAYERS
TO      DIANE

GRANT   SELECT, UPDATE
ON      PLAYERS
TO      PAUL

GRANT   SELECT, UPDATE
ON      TEAMS
TO      PAUL

When PAUL has logged on, he can query the TEAMS table, for example:

SELECT  *
FROM    TEAMS

SQL gives an error message if DIANE enters the same SELECT statement because she has authority to query the PLAYERS table but not the TEAMS table.



 Python   SQL   Java   php   Perl 
 game development   web development   internet   *nix   graphics   hardware 
 telecommunications   C++ 
 Flash   Active Directory   Windows