Beginning SQL
Beginning SQL Beginning SQL
Betsey also grants privileges to Jim on tblPersonnel using this statement: GRANT UPDATE, DELETE ON tblPersonnel TO usrJim The first thing to notice is that usrJim now has all privileges on tblPersonnel and can select, update, insert, or delete records in tblPersonnel. You subsequently revoke some of the privileges that you granted to Jim with the following statement: REVOKE UPDATE ON tblPersonnel FROM usrJim Notice that even though you revoked the UPDATE privilege that you gave Jim, he still has full privileges on tblPersonnel because Betsey also gave him UPDATE privileges. You subsequently revoke the rest of the privileges you gave Jim: REVOKE SELECT, INSERT ON tblPersonnel FROM usrJim Jim still has all the privileges that Betsey granted him and can still perform updates and deletes on tblPersonnel using those privileges. Another scenario, however, must be considered, which is how the GRANT chain is handled by the DBMS. Revoking GRANT Suppose that Jim issues a GRANT to Sue WITH GRANT OPTION: GRANT SELECT ON tblPersonnel TO usrSue WITH GRANT OPTION Sue now has the ability to grant the SELECT privileges to another user and does so, issuing a GRANT to Frank: GRANT SELECT ON tblPersonnel TO usrFrank Jim now revokes the GRANT from Sue: REVOKE SELECT ON tblPersonnel FROM usrSue SQL Security In this case, it can be clearly established that Frank received his privileges because Sue had GRANT OPTION privileges, and therefore when Sue loses her privileges on tblPersonnel, Frank also loses his privileges. 345
- Page 678: No updates, additions, or deletions
- Page 682: International Board Manufacturer ha
- Page 686: contention. You could wrap your new
- Page 690: Summary Transactions ensure that us
- Page 696: Chapter 12 328 SQL security is cent
- Page 700: Chapter 12 Creating User IDs Figure
- Page 704: Chapter 12 3. In the SQL window, ty
- Page 708: Chapter 12 ❑ You can assign a dif
- Page 712: Chapter 12 Privileges Privileges ar
- Page 716: Chapter 12 338 You could then give
- Page 720: Chapter 12 You might implement this
- Page 724: Chapter 12 Another shortcut, using
- Page 728: Chapter 12 As you can imagine, givi
- Page 734: The CASCADE option tells the DBMS t
- Page 738: 13 Database Tuning SQL is a languag
- Page 742: Perhaps this doesn’t sound remote
- Page 746: When an application asks for data f
- Page 750: The point of all the discussion of
- Page 754: How Do You Do It? And herein lies t
- Page 758: The slots are often implemented as
- Page 762: On the other hand, an index on a tr
- Page 766: Tuning Tips The following list cont
- Page 770: Database Tuning Exercises 1. Create
- Page 776: Appendix A Exercise 2 Solution 368
Betsey also grants privileges to Jim on tblPersonnel using this statement:<br />
GRANT UPDATE, DELETE<br />
ON tblPersonnel<br />
TO usrJim<br />
The first thing to notice is that usrJim now has all privileges on tblPersonnel and can select, update,<br />
insert, or delete records in tblPersonnel. You subsequently revoke some of the privileges that you<br />
granted to Jim with the following statement:<br />
REVOKE UPDATE<br />
ON tblPersonnel<br />
FROM usrJim<br />
Notice that even though you revoked the UPDATE privilege that you gave Jim, he still has full privileges<br />
on tblPersonnel because Betsey also gave him UPDATE privileges. You subsequently revoke the rest of<br />
the privileges you gave Jim:<br />
REVOKE SELECT, INSERT<br />
ON tblPersonnel<br />
FROM usrJim<br />
Jim still has all the privileges that Betsey granted him and can still perform updates and deletes on<br />
tblPersonnel using those privileges.<br />
Another scenario, however, must be considered, which is how the GRANT chain is handled by the DBMS.<br />
Revoking GRANT<br />
Suppose that Jim issues a GRANT to Sue WITH GRANT OPTION:<br />
GRANT SELECT<br />
ON tblPersonnel<br />
TO usrSue<br />
WITH GRANT OPTION<br />
Sue now has the ability to grant the SELECT privileges to another user and does so, issuing a GRANT to<br />
Frank:<br />
GRANT SELECT<br />
ON tblPersonnel<br />
TO usrFrank<br />
Jim now revokes the GRANT from Sue:<br />
REVOKE SELECT<br />
ON tblPersonnel<br />
FROM usrSue<br />
<strong>SQL</strong> Security<br />
In this case, it can be clearly established that Frank received his privileges because Sue had GRANT OPTION<br />
privileges, and therefore when Sue loses her privileges on tblPersonnel, Frank also loses his privileges.<br />
345