Database System Concepts - GitHub Pages · Cascading Actions in Referential Integrity • When a...

Database System Concepts

Chapter 4: Intermediate SQL 9/29/2020

Chapter 4: Intermediate SQL

• Join Expressions

• Views

• Transactions

• Integrity Constraints

• SQL Data Types and Schemas

• Authorization

Views

• In some cases, it is not desirable for all users to see theentire logical model (that is, all the actual relations storedin the database.)

• Consider a person who needs to know an instructorsname and department, but not the salary. This personshould see a relation described, in SQL, by

select ID, name, dept_namefrom instructor

• A view provides a mechanism to hide certain data fromthe view of certain users.

• Any relation that is not part of the logical model but ismade visible to a user as a “virtual relation”(虚关系) iscalled a view.

View Definition

• A view is defined using the create view statement which has theform

create view v as < query expression >

where <query expression> is any legal SQL expression. The viewname is represented by v.

• Once a view is defined, the view name can be used to refer tothe virtual relation that the view generates.

• View definition is not the same as creating a new relation byevaluating the query expression

– Rather, a view definition causes the saving of an expression;the expression is substituted into queries using the view.

Example Views• A view of instructors without their salary

create view faculty asselect ID, name, dept_namefrom instructor

• Find all instructors in the Biology departmentselect namefrom facultywhere dept_name = ‘Biology’

• Create a view of department salary totalscreate view departments_total_salary(dept_name, total_salary) as

select dept_name, sum (salary)from instructorgroup by dept_name;

Views Defined Using Other Views

• Expand use of a view in a query/another view

create view physics_fall_2009 asselect course.course_id, sec_id, building, room_numberfrom course, sectionwhere course.course_id = section.course_id

and course.dept_name = ’Physics’and section.semester = ’Fall’and section.year = ’2009’;

create view physics_fall_2009_watson asselect course_id, room_numberfrom physics_fall_2009where building= ’Watson’;

View Expansion

• Expand use of a view in a query/another viewcreate view physics_fall_2009_watson as

(select course_id, room_number

from (select course.course_id, building, room_number

from course, section

where course.course_id = section.course_id

and course.dept_name = ’Physics’

and section.semester = ’Fall’

and section.year = ’2009’)

where building= ’Watson’;

Views Defined Using Other Views• One view may be used in the expression defining

another view

• A view relation v1 is said to depend directly on a viewrelation v2 if v2 is used in the expression defining v1

• A view relation v1 is said to depend on view relationv2 if either v1 depends directly to v2 or there is a pathof dependencies from v1 to v2

• A view relation v is said to be recursive if it dependson itself.

View Expansion• A way to define the meaning of views defined in terms of

other views.

• Let view v1 be defined by an expression e1 that may itselfcontain uses of view relations.

• View expansion of an expression repeats the followingreplacement step:

repeatFind any view relation vi in e1

Replace the view relation vi by the expression defining vi

until no more view relations are present in e1

• As long as the view definitions are not recursive, this loop willterminate

Update of a View• Add a new tuple to faculty view which we defined earlier

insert into faculty values (’30765’, ’Green’, ’Music’);

This insertion must be represented by the insertion of the tuple

(’30765’, ’Green’, ’Music’, null)

into the instructor relation

Some Updates cannot be Translated Uniquely

• create view instructor_info asselect ID, name, buildingfrom instructor, departmentwhere instructor.dept_name= department.dept_name;

• insert into instructor_info values (‘69987’, ‘White’, ‘Taylor’);

• which department, if multiple departments in Taylor?

• what if no department is in Taylor?

Some Updates cannot be Translated Uniquely

• Most SQL implementations allow updates only on simple views

– The from clause has only one database relation.

– The select clause contains only attribute names of the relation, and does not have any expressions, aggregates, or distinct specification.

– Any attribute not listed in the select clause can be set to null

– The query does not have a group by or having clause.

And Some Not at All

• create view history_instructors asselect *from instructorwhere dept_name= ’History’;

• What happens if we insert (’25566’, ’Brown’, ’Biology’, 100000) into history_instructors?

• This tuple can be inserted into the instructor relation, but itwould not appear in the history_instructor view.

• By default, SQL would allow the above update to proceed.However, views can be defined with a with_check_optionclause at the end of the view definition; then, if a tupleinserted into the view does not satisfy the view’s whereclause condition, the insertion is rejected.

Materialized Views

• Materializing a view: create a physical table containing all thetuples in the result of the query defining the view

• If relations used in the query are updated, the materializedview result becomes out of date

– Need to maintain the view, by updating the viewwhenever the underlying relations are updated.



• Views

• Transactions



• Authorization

Transactions• Unit of work

• Atomic transaction– either fully executed or rolled back as if it never

occurred

• Isolation from concurrent transactions

• Transactions begin implicitly– Ended by commit work （提交）or rollback work （回滚）

• But default on most databases: each SQL statementcommits automatically– Can turn off auto commit for a session (e.g. using API)

– In SQL:1999, can use: begin atomic …. end• Not supported on most databases



• Views

• Transactions



• Authorization

Integrity Constraints• Integrity constraints （完整性约束） guard

against accidental damage to the database, byensuring that authorized changes to the databasedo not result in a loss of data consistency.

– A checking account must have a balance greater than$10,000.00

– A salary of a bank employee must be at least $4.00 anhour

– A customer must have a (non-null) phone number

• not null

• primary key

• unique

• check (P), where P is a predicate

Integrity Constraints on a Single Relation

Not Null and Unique Constraints

• not null

– Declare name and budget to be not null

name varchar(20) not nullbudget numeric(12,2) not null

• unique ( A1, A2, …, Am)

– The unique specification states that the attributes A1, A2, … Am form a candidate key.

– Candidate keys are permitted to be null (in contrast to primary keys).

The check clause

• check (P)

where P is a predicate

Example: ensure that semester is one of fall, winter, spring or summer:

create table section (course_id varchar (8),sec_id varchar (8),semester varchar (6),year numeric (4,0),building varchar (15),room_number varchar (7),time slot id varchar (4), primary key (course_id, sec_id, semester, year),check (semester in (’Fall’, ’Winter’, ’Spring’, ’Summer’))

);

Referential Integrity

• Ensures that a value that appears in one relation for a givenset of attributes also appears for a certain set of attributes inanother relation.

– Example: If “Biology” is a department name appearing inone of the tuples in the instructor relation, then thereexists a tuple in the department relation for “Biology”.

• Let A be a set of attributes. Let R and S be two relations thatcontain attributes A and where A is the primary key of S.

• A is said to be a foreign key of R if for any values of Aappearing in R these values also appear in S.

Referential Integrity• 参照完整性约束定义：

– 令关系𝑟1和𝑟2的属性集分别为𝑅1和𝑅2，主码分别为𝐾1和𝐾2– 如果要求对𝑟2中任意元组𝑡2，均存在𝑟1中元组𝑡1使得𝑡1 𝐾1 = 𝑡2 𝛼 ，

我们称𝑅2的子集𝛼为参照关系𝑟1中𝐾1的外码 (foreign key)

– 参照完整性约束也称为子集依赖，可写作：Π𝛼 𝑟2 ⊆ Π𝐾1 𝑟1

• 假设存在关系𝑟和𝑠：𝑟(𝐴, 𝐵, 𝐶),𝑠(𝐵, 𝐷)，则在关系𝑟上的属性𝐵称作参照𝑠的外码，𝑟也称为外码依赖的参照关系，𝑠叫做外码被参照关系

学生(学号,姓名,性别,专业号,年龄) - 参照关系

专业(专业号,专业名称) - 被参照关系 (目标关系)

其中属性专业号称为关系学生的外码

Instructor (ID, name, dept_name, salary) - 参照关系

Department (dept_name, building, budget) - 被参照关系

参照关系中外码的值，必须在被参照关系中实际存在或为null。FOREIGN KEY约束的主要目的是控制可以存储在外键表中的数据

Referential Integrity• 数据库的修改会导致参照完整性的破坏。以下列举各类数

据库修改应做的测试，以保持如下的参照完整性约束：Π𝛼 𝑟2 ⊆ Π𝐾1 𝑟1

• insert– 如果向𝑟2中插入元组 𝑡2，则系统必须保证𝑟1中存在元组 𝑡1使得

𝑡1[𝐾] = 𝑡2[𝛼]。即𝑡2 𝛼 ∈ Π𝐾 𝑟1

• delete– 如果从𝑟1中删除元组𝑡1，则系统必须计算𝑟2中参照𝑡1的元组集合。即

𝜎𝛼=𝑡1 𝐾 𝑟2

– 如果集合非空，要么删除命令报错并撤销，要么参照𝑡1的元组本身必须被删除（可能导致级联删除）

Referential Integrity• 数据库的修改会导致参照完整性的破坏。以下列举各类数

据库修改应做的测试，以保持如下的参照完整性约束：Π𝛼 𝑟2 ⊆ Π𝐾1 𝑟1

• update

– 对参照关系𝑟2更新，以及对被参照关系𝑟1更新

– 如果关系𝑟2中元组𝑡2被更新，并且更新修改外码𝛼上的值，则进行类似插入情况的测试。令𝑡2’表示元组𝑡2的新值，则系统必须保证

𝑡2′ 𝛼 ∈ Π𝐾 𝑟1

– 如果关系𝑟1中元组𝑡1被更新，并且该更新修改主码𝐾上的值，则进行类似删除情况的测试。系统必须用旧的𝑡1值（更新前的值）计算

𝜎𝛼=𝑡1 𝐾 𝑟2

• 如果该集合非空，则更新失败，或者以类似删除的方式做级联更新

Referential Integrity

• By default, in SQL a foreign key references theprimary-key attributes of the reference table

• SQL also supports a version of the referencesclause where a list of attributes of thereferenced relation can be specified explicitly.

– The list of attributes must be declared as a candidatekey (with a primary key constraint, or a uniqueconstraint)

foreign key (dept_name) references department (dept_name)

Cascading Actions in Referential Integrity

• When a referential-integrity constraint is violated, the normalprocedure is to reject the action that caused the violation

• However, a foreign key clause can specify that if a delete orupdate action on the referenced relation violates theconstraint, then, the system must take steps to change thetuple in the referencing relation to restore the constrain.

Cascading Actions in Referential Integrity

• create table course (…dept_name varchar(20),foreign key (dept_name) references department

on delete cascadeon update cascade,

…)

• If a delete of a tuple in department results in this referential-integrity constraint being violated

– on delete cascade

– on update cascade

• Alternative actions to cascade: set null, set default

Integrity Constraint Violation During Transactions

create table person (ID char(10),name char(40),mother char(10),father char(10),primary key ID,foreign key father references person,foreign key mother references person)

• How to insert a tuple without causing constraint violation ?– insert father and mother of a person before inserting person

– or, set father and mother to null initially, update afterinserting all persons (not possible if father and motherattributes declared to be not null)

– or defer constraint checking

Complex Check Clauses

• check(P) specifies a predicate P that must be satisfied byevery tuple in a relation.

• check (time_slot_id in (select time_slot_id from time_slot))

– why not use a foreign key here?

• Every section has at least one instructor teaching the section.

– how to write this?

• Unfortunately: subquery in check clause not supported bypretty much any database

– Alternative: triggers (later)

Complex Check Clauses• An assertion is a predicate expressing a condition that we

wish the database always to satisfy.

• Domain constraints and referential-integrity constraintsare special forms of assertions.– there are many constraints that we cannot express by using only

these special forms

– e.g. For each tuple in the student relation, the value of theattribute tot cred must equal the sum of credits of courses thatthe student has completed successfully

• create assertion <assertion-name> check <predicate>;

– Also not supported by anyone

Complex Check Clauses• E.g. For each tuple in the student relation, the value of

the attribute tot cred must equal the sum of credits ofcourses that the student has completed successfully

• Since SQL does not provide a “for all X, P(X)” construct (where P is a predicate), we are forced to implement the constraint by an equivalent construct, “not exists X such that not P(X)”, that can be expressed in SQL.

Complex Check Clauses• An instructor cannot teach in two different classrooms in

a semester in the same time slot



• Views

• Transactions



• Authorization

Built-in Data Types in SQL

• date: Dates, containing a (4 digit) year, month and date

– Example: date ‘2005-7-27’

• time: Time of day, in hours, minutes and seconds.

– Example: time ‘09:00:30’ time ‘09:00:30.75’

• timestamp: date plus time of day

– Example: timestamp ‘2005-7-27 09:00:30.75’

• interval: period of time

– Example: interval ‘1’ day

– Subtracting a date/time/timestamp value from another gives an interval value

– Interval values can be added to date/time/timestamp values

• Related Functions: current_date, current_time, localtime,

current_timestamp, localtimestamp

Default Values

• create table student(ID varchar (5),name varchar (20) not null,dept_name varchar (20),tot_cred numeric (3,0) default 0,primary key (ID))

• insert into student(ID, name, dept_name)

values (‘12789’, ‘Newman’, ‘Comp. Sci.’)

Index Creation• create table student

(ID varchar (5),name varchar (20) not null,dept_name varchar (20),tot_cred numeric (3,0) default 0,primary key (ID))

• create index studentID_index on student(ID)

• Indices are data structures used to speed up access to records with specified values for index attributes

– e.g. select * from studentwhere ID = ‘12345’

– can be executed by using the index to find the required record, without looking at all records of student

More on indices in Chapter 10

User-Defined Types• create type construct in SQL creates user-

defined type

create type Dollars as numeric (12,2) final

– create table department(dept_name varchar (20),building varchar (15),budget Dollars);

• Cast

• drop type, alter type

Domains• create domain construct in SQL-92 creates user-

defined domain types

create domain person_name char(20) not null

• Types and domains are similar. Domains can have constraints, such as not null, specified on them.

– create domain degree_level varchar(10)constraint degree_level_testcheck (value in (’Bachelors’, ’Masters’, ’Doctorate’));

• Domains are not strongly typed.



• Views

• Transactions



• Authorization

Security

• Security - protection from malicious attempts tosteal or modify data.– Database system level

• Authentication 认证 and authorization 授权 mechanisms toallow specific users access only to required data

• We concentrate on authorization in the rest of this chapter

– Operating system level• Operating system super-users can do anything they want to

the database! Good operating system level security isrequired.

– Network level: must use encryption to prevent• Eavesdropping (unauthorized reading of messages)• Masquerading (pretending to be an authorized user or

sending messages supposedly from authorized users)

Security (Cont.)

• Security - protection from malicious attempts tosteal or modify data.

– Physical level

• Physical access to computers allows destruction of data byintruders; traditional lock-and-key security is needed

• Computers must also be protected from floods, fire, etc.

– Human level

• Users must be screened to ensure that an authorized usersdo not give access to intruders

• Users should be trained on password selection and secrecy

AuthorizationForms of authorization on parts of the database:

– Read authorization

• allows reading, but not modification of data.

– Insert authorization

• allows insertion of new data, but not modification of existing data.

– Update authorization

• allows modification, but not deletion of data.

– Delete authorization

• allows deletion of data

Forms of authorization to modify the database schema:

– Index authorization

• allows creation and deletion of indices.

– Resources authorization

• allows creation of new relations.

– Alteration authorization

• allows addition or deletion of attributes in a relation.

– Drop authorization

• allows deletion of relations.

Authorization (Cont.)

Authorization and Views• Users can be given authorization on views,

without being given any authorization on therelations used in the view definition

• Ability of views to hide data serves both tosimplify usage of the system and to enhancesecurity by allowing users access only to datathey need for their job

• A combination or relational-level security andview-level security can be used to limit a user’saccess to precisely the data that user needs.

View Example

• Suppose a bank clerk needs to know the names of thecustomers of each branch, but is not authorized to seespecific loan information.

– Approach: Deny direct access to the loan relation, butgrant access to the view cust-loan, which consists only ofthe names of customers and the branches at which theyhave a loan.

– The cust-loan view is defined in SQL as follows:

create view cust-loan asselect branchname, customer-namefrom borrower, loanwhere borrower.loan-number = loan.loan-

number

View Example (Cont.)

• The clerk is authorized to see the result of the query:

select *from cust-loan

• When the query processor translates the result into a queryon the actual relations in the database, we obtain a query onborrower and loan.

• Authorization must be checked on the clerk’s query beforequery processing replaces a view by the definition of the view.

Authorization on Views

• Creation of view does not require resourcesauthorization since no real relation is beingcreated

• The creator of a view gets only those privileges

that provide no additional authorization

beyond that he already had.

• E.g. if creator of view cust-loan had only read

authorization on borrower and loan, he gets

only read authorization on cust-loan

Granting of Privileges

• The passage of authorization from one user to another may be represented by an authorization graph.– The nodes of this graph are the users.– The root of the graph is the database administrator.

• Consider graph for update authorization on loan.– An edge UiUj indicates that user Ui has granted update

authorization on loan to Uj.U1 U4

U2 U5

U3

DBA

Authorization Grant Graph

• Requirement: All edges in an authorization graph must be part of some path originating with the database administrator

• If DBA revokes grant from U1:– Grant must be revoked from U4 since U1 no longer has authorization

– Grant must not be revoked from U5 since U5 has another authorization path from DBA through U2

• Must prevent cycles of grants with no path from the root:– DBA grants authorization to U7

– U7 grants authorization to U8

– U8 grants authorization to U7

– DBA revokes authorization from U7

– Must revoke grant U7 to U8 and from U8 to U7 since there is no path from DBA to U7 or to U8 anymore.

Attempt to Defeat Authorization Revocation

Authorization Graph

Security Specification in SQL

• The grant statement is used to confer authorizationgrant <privilege list>on <relation name or view name> to <user list>

• <user list> is:– a user-id– public, which allows all valid users the privilege granted– A role (more on this later)

• Granting a privilege on a view does not imply granting any privileges on the underlying relations.

• The grantor of the privilege must already hold the privilege on the specified item (or be the database administrator).

Privileges in SQL• select: allows read access to relation,or the ability to query

using the view

– Example: grant users U1, U2, and U3 select authorization on the branch relation:

grant select on branch to U1, U2, U3

• insert: the ability to insert tuples

• update: the ability to update using the SQL update statement

• delete: the ability to delete tuples.

• references: ability to declare foreign keys when creating relations.

• usage: In SQL-92; authorizes a user to use a specified domain

• all privileges: used as a short form for all the allowable privileges

Privilege To Grant Privileges

• with grant option: allows a user who is granted a privilege to pass the privilege on to other users.

– Example:

grant select on branch to U1 with grant option

gives U1 the select privileges on branch and allows U1 to grant this privilege to others

Roles

• Roles permit common privileges for a class of users can be specified just once by creating a corresponding “role”

• Privileges can be granted to or revoked from roles, just like user

• Roles can be assigned to users, and even to other roles• SQL:1999 supports roles

create role tellercreate role manager

grant select on branch to tellergrant update (balance) on account to tellergrant all privileges on account to manager

grant teller to manager

grant teller to alice, bobgrant manager to avi

Revoking Authorization in SQL

• The revoke statement is used to revoke authorization.revoke<privilege list>on <relation name or view name> from <user list>

[restrict|cascade]

• Example:revoke select on branch from U1, U2, U3 cascade

• Revocation of a privilege from a user may cause other users also to lose that privilege; referred to as cascading of the revoke.

• We can prevent cascading by specifying restrict:revoke select on branch from U1, U2, U3 restrict

With restrict, the revoke command fails if cascading revokes are required.

Revoking Authorization in SQL (Cont.)

• <privilege-list> may be all to revoke all privileges the revokee may hold.

• If <revokee-list> includes public all users lose the privilege except those granted it explicitly.

• If the same privilege was granted twice to the same user by different grantees, the user may retain the privilege after the revocation.

• All privileges that depend on the privilege being revoked are also revoked.

Limitations of SQL Authorization• SQL does not support authorization at a tuple

level– E.g. we cannot restrict students to see only (the

tuples storing) their own grades

• With the growth in Web access to databases, database accesses come primarily from application servers.– End users don't have database user ids, they are all

mapped to the same database user id

• All end-users of an application (such as a web application) may be mapped to a single database user

Limitations of SQL Authorization• The task of authorization in above cases falls

on the application program, with no support from SQL– Benefit: fine grained authorizations, such as to

individual tuples, can be implemented by the application.

– Drawback: Authorization must be done in application code, and may be dispersed all over an application

– Checking for absence of authorization loopholes becomes very difficult since it requires reading large amounts of application code

Exercises• Practice Exercises:

– 4.1 4.2 4.7 4.10

• Exercises:

– 4.12 4.13 4.16 4.18

End of Chapter 4

Thank you!

Q&A

Database System Concepts - GitHub Pages · Cascading Actions in Referential Integrity • When a...

Documents

Transcript of Database System Concepts - GitHub Pages · Cascading Actions in Referential Integrity • When a...