Privilege and Roles in DBMS

Confidentiality, integrity, and availability are the stamps of database security. Authorization is the
allowance to the user or process to access the set of objects. The type of access granted can be any like,
read-only, read, and write. Privilege means different Data Manipulation Language (DML) operations
which can be performed by the user on data like INSERT, UPDATE, SELECT and DELETE, etc.

There are two methods by which access control is performed is done by using the following.

Privileges

Roles

Privileges:

The authority or permission to access a named object as advised manner, for example, permission to
access a table. Privileges can allow permitting a particular user to connect to the database. In, other words
privileges are the allowance to the database by the database object.

Database privileges — A privilege is permission to execute one particular type of SQL statement or
access a second persons' object. Database privilege controls the use of computing resources. Database
privilege does not apply to the Database administrator of the database.

A privilege is a right to execute a particular type of SQL statement or to access another user's object.
Some examples of privileges include:

• The right to connect to the database (create a session)

• The right. to create a table • The right to select rows from another user's table

• The right to execute another user's stored procedure Privileges are granted to users so that these can
accomplish tasks required for their job. You should grant a privilege only to user who absolutely requires
the privilege to accomplish necessary work. Excessive granting of unnecessary privileges can lead to
compromised security

System privileges — A system privilege is the right to perform an activity on a specific type of object.
for example, the privilege to delete rows of any table in a database is system privilege. There are a total of
60 different system privileges. System privileges allow users to CREATE, ALTER, or DROP the
database objects
Object privilege — An object privilege is a privilege to perform a specific action on a particular table,
function, or package. For example, the right to delete rows from a table is an object privilege. For
example, let us consider a row of table GEEKSFORGEEKS that contains the name of the employee who
is no longer a part of the organization, then deleting that row is considered as an object privilege. Object
privilege allows the user to INSERT, DELETE, UPDATE, or SELECT the data in the database object

Following are the differences between system privileges and object privileges.

Sr. No System privileges Object privileges

This privileges is normally

This privileges are granted
granted by a Database
by the owner of the object.
1. Administrative to users.

This privileges are used to

This privileges are used to
prevent or permit DML
prevent or permit DDL
statements such as Select,
statements such as create
Insert, Update and Delete
View, Table, session etc.
2. etc.

This privileges allow the This privileges allows users

users to manage database and to perform certain action
3. servers. upon database objects.

Syntax: Syntax:
Grant privileges to Grant privileges ON object
4. Username; TO username;
Roles
A role is a mechanism that can be used to provide authorization. A single person or a group of people
can be granted a role or a group of roles. One role can be granted in turn to other roles. By defining
different types of roles, administrators can manage access privileges much more easily.
Database management systems provide for easy and controlled privilege management through roles.
Roles are named groups of related privileges that you grant to users or other roles. Roles are designed
to ease the administration of end-user system and object privileges

A role is a mechanism that can be used to allow authorization. A person or a group of people can be
allowed a role or group of roles. By many roles, the head can manage access privileges very easily. The
roles are provided by the database management system for easy and managed or controlled privilege
management.

The following properties of roles allow for easier privilege management vvithin a database:
• Reduced privilege administration - Rather them explicitly granting the same set of privileges to
several uses, you can grant the privileges for a group of related users to a role. Then, only the role
needs to be granted to each member of the group.
• Dynamic privilege management - If the privileges of a group must change, only the privileges of
the role need to be modified.
• Selective availability of privileges - You can selectively enable or disable the roles granted to a
user. This allows specific control of a user's privileges in any given situation.
• Application-specific security - you can protect role use with a password. Applications can be created
specifically to enable a role when supplied the correct password. Users cannot enable the role if they do
not know the password.

Granting and Revoking Privileges and Roles

You grant or revoke privileges and roles from users or other roles using the SQL commands GRANT and
REVOKE. Who can grant and revoke the privileges and roles? The answer is "it depends on the DBMS".
For example, in Oracle, a..'1yus.cr with the GRANT ANY ROLE system privilege can grant or revoke
any role to or from other users or roles of the database. IJ:1 most database management systems, the
Database Administrators (DBAs) and Security Officers will have the necessary powers to grant and
revoke the privileges and roles to the users
GRANT Command

The GRANT command gives users privileges to base tables and views. The syntax of this command is as
follows:

GRANT privileges ON object to users [with GRANT Option]

Here, object is either a base table or a view. If 'with GRANT Option' is specified, it means that the
recipient has authority to grant the privileges that were granted to him to another user.

Examples • Grant the SELECT authority on the EMP table to all users.

GRANT SELECT ON EMP TO PUBLIC;

• Grant the SELECT, DELETE and UPDATE authority on DEPT table to user 'AJAY'.

GRANT SELECT, DELETE, UPDATE ON DEPT TO AJAY;

• Grant the SELECT.' DELETE and UPDATE authority with the capability to grant those privileges to
others users on DEPT table to user 'AJAY'.

GRANT SELECT, UPDATE ON DEPT TO AJAY WITH GRANT OPTION; • Grant ALL privileges on
EMP table to user 'DEEP'. GRANT ALL ON EMP TO DEEP;

• Give the system privileges for creating tables and views to 'AJAY'.

GRANT CREATE TABLE, CREATE VIEW TO AJAY

• Grant the UPDATE authority on the SAL column of the EMP to user 'AJAY'.

GRANT UPDATE (SAL) ON EMP TO AJAY;

REVOKE Command

REVOKE is a complementary command to GRANT that allows the withdrawal of privileges. The syntax
of the REVOKE command is as follows:

REVOKE [GRANT OPTION FOR] privileges ON object FROM users {Restrict I Cascade}

The command can be used to REVOKE either a privilege or just the GRANT option on a privilege (by
using the optional GRANT OPTION FOR Clause). When a user executes a REVOKE command with the
CASCADE keyword, the effect is to withdraw the named privileges or GRANT option from all users who
currently hold these privileges solely through a GRANT command that was previously executed by the
same user who is now executive the REVOKE command. If these users received the privileges with the
GRANT option and passed it along, those recipients will also lose their privileges as a consequence of the
REVOKE command unless they also received these privileges independently. RESTRICT keyword is a
complementary to CASCADE keyword.

Examples • Revoke the system privileges for creating table from 'AJAY'. REVOKE CREATE TABLE
FROM AJAY;

Revoke the SELECT privileges on EMP table from ‘AJAY’. REVOKE SELECT ON EMP FROM
AJAY;

• Revoke the UPDATE privileges on EMP table from all users. REVOKE UPDATE ON EMP FROM
PUBLIC;

DBA

Standards and procedures defined by the DBA are used by all end users who want to benefit from the
database. Standards and procedures must complement each other and must constitute an extension of data
administration policies. Procedures must facilitate the work of end users and the DBA. The DBA must
define, communicate, and enforce procedures that cover areas such as:

1. End-user database requirements gathering. What documentation is required? What forms

must be used?
2. Database design and modeling. What database design methodology is to be used (normalization
or object-oriented methodology)? What tools are to be used (CASE tools, data dictionaries, UML
or ER diagrams)?
3. Documentation and naming conventions. What documentation must be used in the definition of
all data elements, sets, and programs that access the database?
4. Design, coding, and testing of database application programs. The DBA must define the
standards for application program coding, documentation, and testing. The DBA standards and
procedures are given to the application programmers, and the DBA must enforce those standards.
5. Database software selection. The selection of the DBMS package and any other software related
to the database must be properly managed. For example, the DBA might require that software be
properly interfaced with existing software, that it have the features needed by the organization,
and that it provide a positive return on investment. In today’s Internet environment, the DBA
 must also work with Web administrators to implement efficient and secure Web-to-database
connectivity.
6. Database security and integrity. The DBA must define the policies governing security and
integrity. Database security is especially crucial. Security standards must be clearly defined and
strictly enforced. Security procedures must be designed to handle a multitude of security
scenarios to ensure that security problems are minimized. Although no system can ever be
completely secure, security procedures must be designed to meet critical standards. The growing
use of Internet interfaces to databases opens the door to new security threats that are far more
complex and difficult to manage than those encountered with more traditional internally
generated and controlled interfaces. Therefore, the DBA must work closely with Internet security
specialists to ensure that the databases are properly protected from attacks launched inadvertently
or deliberately.
7. Database backup and recovery. Database backup and recovery procedures must include the
information necessary to guarantee proper execution and management of the backups.
8. Database maintenance and operation. The DBMS’s daily operations must be clearly
documented. Operators must keep job logs, and they must write operator instructions and notes.
Such notes are helpful in pinpointing the causes and solutions of problems. Operational
procedures must also include precise information concerning backup and recovery procedures.
9. End-user training. A full-featured training program must be established within the organization,
and procedures governing the training must be clearly specified. The objective is to indicate
clearly who does what, when, and how. Each end user must be aware of the type and extent of the
available training methodology

Data Security, Privacy, and Integrity

The security, privacy, and integrity of the data in the database are of great concern to DBAs who manage
current DBMS installations. Technology has pointed the way to greater productivity through information
management. Technology has also resulted in the distribution of data across multiple sites, thus making it
more difficult to maintain data control, security, and integrity. The multiple-site data configuration has
made it imperative that the DBA use the security and integrity mechanisms provided by the DBMS to
enforce the database administration policies defined in the previous section. In addition, DBAs must team
up with Internet security experts to build security mechanisms to safeguard data from possible attacks or
unauthorized access.

1. Data Backup and Recovery

When data are not readily available, companies face potentially ruinous losses. Therefore, data
backup and recovery procedures are critical in all database installations. The DBA also must ensure
that the data in the database can be fully recovered in case of physical data loss or loss of database
integrity. Data loss can be partial or total. A partial loss is caused by a physical loss of part of the
database or when part of the database has lost integrity. A total loss might mean that the database
continues to exist but its integrity is entirely lost or that the entire database is physically lost. In any
case, backup and recovery procedures are the cheapest database insurance you can buy. The
management of database security, integrity, backup, and recovery is so critical that many DBA
departments have created a position called the database security officer (DSO). The DSO’s sole job is
to ensure database security and integrity. In large organizations, the DSO’s activities are often
classified as disaster management.

2. Disaster management includes all of the DBA activities designed to secure data availability
following a physical disaster or a database integrity failure. Disaster management includes all
planning, organizing, and testing of database contingency plans and recovery procedures. The
backup and recovery measures must include at least:
 Periodic data and applications backups. Some DBMSs include tools to ensure backup and
recovery of the data in the database. The DBA should use those tools to render the backup and
recovery tasks automatic. Products such as IBM’s DB2 allow the creation of different backup
types: full, incremental, and concurrent. A full backup, also known as a database dump, produces
a complete copy of the entire database. An incremental backup produces a backup of all data
since the last backup date; a concurrent backup takes place while the user is working on the
database.
 Proper backup identification. Backups must be clearly identified through detailed descriptions
and date information, thus enabling the DBA to ensure that the correct backups are used to
recover the database. The most common backup medium is tape; the storage and labeling of tapes
must be done diligently by the computer operators, and the DBA must keep track of tape currency
and location. However, organizations that are large enough to hire a DBA do not typically use
CDs and DVDs for enterprise backup. Other emerging backup solutions include optical and disk-
based backup devices. Such backup solutions include online storage based on Network Attached
Storage (NAS) and Storage Area Networks (SAN). Enterprise backup solutions use a layered
backup approach in which the data are first backed up to fast disk media for intermediate storage
and fast restoration. Later, the data is transferred to tape for archival storage.
 Convenient and safe backup storage. There must be multiple backups of the same data, and
each backup copy must be stored in a different location. The storage locations must include sites
 inside and outside the organization. (Keeping different backups in the same place defeats the
purpose of having multiple backups in the first place.) The storage locations must be properly
prepared and may include fire-safe and quakeproof vaults, as well as humidity and temperature
controls. The DBA must establish a policy to respond to two questions: (1) Where are the
backups to be stored? (2) How long are backups to be stored?
 Physical protection of both hardware and software. Protection might include the use of closed
installations with restricted access, as well as preparation of the computer sites to provide air
conditioning, backup power, and fire protection. Physical protection also includes the provision
of a backup computer and DBMS to be used in case of emergency. For example, when Hurricane
Katrina hit the U.S. Gulf Coast in 2005, New Orleans suffered almost total destruction of its
communications infrastructure. Many organizations and educational institutions did not have
adequate disaster recovery plans for such an extreme level of service
 Personal access control to the software of a database installation. Multilevel passwords and
privileges and hardware and software challenge/response tokens can be used to properly identify
authorized users of resources.
 Insurance coverage for the data in the database. The DBA or security officer must secure an
insurance policy to provide financial protection in the event of a database failure. The insurance
might be expensive, but it is less expensive than the disaster created by massive data loss

Database security refers to the use of the DBMS features and other related measures to comply with the
security requirements of the organization. From the DBA’s point of view, security measures should be
implemented to protect the DBMS against service degradation and the database against loss, ,or
mishandling. In short, the DBA should secure the DBMS from the point of installation through operation
and maintenance.

To protect the DBMS against service degradation there are certain minimum recommended security
safeguards. For example: change default system passwords, change default installation paths, apply the
latest patches, secure installation folders with proper access rights, make sure only required services are
running, setup auditing logs, setup session logging, and require session encryption. Furthermore, the DBA
should work closely with the network administrator to implement network security to protect the DBMS
and all services running on the network. In current organizations, one of the most critical components in
the information architecture is the network.
Protecting the data in the database is a function of authorization management. Authorization management
defines procedures to protect and guarantee database security and integrity. Those procedures include, but
are not limited to, user access management, view definition, DBMS access control, and DBMS usage
monitoring.

1. User access management. This function is designed to limit access to the database and likely
includes at least the following procedures:
 Define each user to the database. This is achieved at the operating system level and at the DBMS
level. At the operating system level, the DBA can request the creation of a logon user ID that
allows the end user to log on to the computer system. At the DBMS level, the DBA can either
create a different user ID or employ the same user ID to authorize the end user to access the
DBMS.-
 Assign passwords to each user. This, too, can be done at both operating system and DBMS levels.
The database passwords can be assigned with predetermined expiration dates. The use of
expiration dates enables the DBA to screen end users periodically and to remind users to change
their passwords periodically, thus making unauthorized access less probable.
 Define user groups. Classifying users into user groups according to common access needs
facilitates the DBA’s job of controlling and managing the access privileges of individual users.
Also, the DBA can use database roles and resource limits to minimize the impact of rogue users
in the system (see Section 15.9.6 for more information about these topics).
 Assign access privileges. The DBA assigns access privileges or access rights to specific users to
access specified databases. An access privilege describes the type of authorized access. For
example, access rights may be limited to read-only, or the authorized access might include
READ, WRITE, and DELETE privileges. Access privileges in relational databases are assigned
through SQL GRANT and REVOKE commands.
 Control physical access. Physical security can prevent unauthorized users from directly accessing
the DBMS installation and facilities. Some common physical security practices found in large
database installations include secured entrances, password-protected workstations, electronic
personnel badges, closed-circuit video, voice recognition, and biometric technology.

2. View definition. The DBA must define data views to protect and control the scope of the data
that are accessible to an authorized user. The DBMS must provide the tools that allow the
definition of views that are composed of one or more tables and the assignment of access rights to
a user or a group of users. The SQL command CREATE VIEW is used in relational databases to
define views. Oracle DBMS offers Virtual Private Database (VPD), which allows the DBA to
 create customized views of the data for multiple different users. With this feature, the DBA could
restrict a regular user querying a payroll database to see only the rows and columns necessary,
while the department manager would see only the rows and columns pertinent to that department.
3. DBMS access control. Database access can be controlled by placing limits on the use of DBMS
query and reporting tools. The DBA must make sure that those tools are used properly and only
by authorized personnel.
4. DBMS usage monitoring. The DBA must also audit the use of the data in the database. Several
DBMS packages contain features that allow the creation of an audit log, which automatically
records a brief description of the database operations performed by all users. Such audit trails
enable the DBA to pinpoint access violations. The audit trails can be tailored to record all
database accesses or just failed database accesses.

The integrity of a database could be lost because of external factors beyond the DBA’s control.
For example, the database might be damaged or destroyed by an explosion, a fire, or an
earthquake. Whatever the reason, the specter of database corruption or destruction makes backup
and recovery procedures crucial to any DBA. 62