SECD2523 DATABASE

SQL 5b | TCL

www.utm.my
 LECTURE LEARNING OUTCOME
By the end of this lecture, students should be able to:

Construct SQL statements for Discretionary Access Control:

01 Granting Privileges to Other Users (GRANT)

02 Revoking Privileges from Users (REVOKE)

www.utm.my
2
01 Granting Privileges to Other Users (GRANT)

02 Revoking Privileges from Users (REVOKE)

www.utm.my
3
Before we continue this TCL,

we reuse the same database same tables created in DML3

mysql: use db_dml3_dept_emp_loc;

If failed to find the database and tables you created previously,
refer here to get our SQL statements to prepare all tables and sample data…
https://docs.google.com/document/d/1jC5daHE4WhP7N9U6ZxqRzBJcJAzqJxf1/
edit?usp=sharing&ouid=112935562328060013817&rtpof=true&sd=true

www.utm.my
4
Here, our tables with records
select * from locations;

www.utm.my
5
Here, our tables with records
select * from departments;

www.utm.my
6
Here,
our tables with records
select * from employees;

www.utm.my
7
Let’s start…

www.utm.my
8
but, create the users first for manager, personnel,
and director, use the following mysql query first:
CREATE USER 'manager' IDENTIFIED BY 'password';

CREATE USER 'personnel' IDENTIFIED BY 'password';

CREATE USER 'director' IDENTIFIED BY 'password';

display the user list:

www.utm.my
SELECT user, host FROM mysql.user;
9
Discretionary Access Control

www.utm.my
10
 Discretionary Access Control
• Each user is assigned specific permissions (called privileges) to access or use certain parts
of a database.
Privileges defined by the ISO standard are:
• SELECT—the privilege to retrieve data from a table;
• INSERT [(columnName)]—the privilege to insert new rows into a table;
• UPDATE [(columnName)]—the privilege to modify rows of data in a table;
• DELETE—the privilege to delete rows of data from a table;
• REFERENCES [(columnName)]—the privilege to reference columns of a named table in
integrity constraints (related to foreign keys);
• USAGE—the privilege to use domains, collations, character sets, and translations.

www.utm.my
Reference: https://dev.mysql.com/doc/refman/8.0/en/privileges-provided.html
11
 Discretionary Access Control
• When a user creates something in the database, like a table, they automatically get
permissions for it and can share it with others.
Example:
• When User A creates a table, they automatically have full permission to manage and
use it.
• Since User A created the table, they automatically receive permissions like SELECT,
INSERT, UPDATE, DELETE, and more.
• User A can share these permissions with User B by granting them specific access rights.
• This gives User B permission to view the data in the table but not to modify it.
• Now, User B can run queries to access the data.

www.utm.my
12
 Discretionary Access Control
• The system lets users share permissions, but this flexibility can be exploited by someone who
tricks a user into sharing confidential information.
Example:
• Sensitive data exists in the table, like private salary details.
• An unauthorized User C (someone who isn’t supposed to access certain
data) asks an authorized User B (someone with legitimate access) for "help" with a
database task.
• User C says, "Can you run this query and share the results with me? I can’t access the
data myself."
• User B, trusting User C, runs the query and then shares the output, unknowingly
revealing sensitive salary data to User C.

www.utm.my
• SQL supports only discretionary access control through the GRANT and REVOKE statements.
• The mechanism is based on the concepts of authorization identifiers, ownership, and
privileges 13
Granting Privileges to Other Users (GRANT)

www.utm.my
14
 Granting Privileges to Other Users (GRANT)
GRANT [PrivilegeList | ALL PRIVILEGES]
ON ObjectName
TO [AuthorizationIdList | PUBLIC]
[WITH GRANT OPTION];
• Grant All: Use ALL PRIVILEGES to give a user all permissions without listing them
individually.
• Access for All: Use PUBLIC to allow everyone, now and in the future, to access an object.
• Object Types: Permissions can be given for tables, views, or other database objects.
• Sharing Privileges: WITH GRANT OPTION lets users pass their permissions to others.
• Restrict Sharing: Without WITH GRANT OPTION, users can’t share their permissions.

www.utm.my
Note: MySQL doesn’t support PUBLIC.
But can still grant privileges to specific users (using % for any host).
15
 GRANT all privileges
• Example 1:
• Give the user with authorization identifier manager all privileges on employees table.

GRANT ALL PRIVILEGES The user manager can now:

ON employees • view, insert, update, and delete data in
TO manager
WITH GRANT OPTION;
employees table.
• use employees table and all employees columns
in any table that he or she creates.
• because WITH GRANT OPTION, manager can
share these privileges with other users.

www.utm.my
16
 GRANT specific privileges
• Example 2:
• Give users personnel and director the privileges SELECT and UPDATE on column salary of
the employees table.

GRANT SELECT, UPDATE (salary) • The keyword omitted WITH GRANT

ON employees OPTION, so that users personnel and
TO personnel, director;
director cannot share these privileges
with other users.

www.utm.my
17
 GRANT specific privileges to PUBLIC
• Example 3:
• Give all users the privilege SELECT on departments table.

GRANT SELECT • Using the keyword PUBLIC means that all users
ON departments (now and in the future) can view all the data in
TO PUBLIC; departments table.
• There is no need to use WITH GRANT OPTION
Note: because every user has access to the table.
MySQL doesn’t support PUBLIC.
But can still grant privileges to specific users (using % for any host).
GRANT SELECT

www.utm.my
ON departments
TO 'root'@'localhost';

18
Revoking Privileges from Users (REVOKE)

www.utm.my
19
 Revoking Privileges from Users (REVOKE)
REVOKE [GRANT OPTION FOR] {PrivilegeList | ALL PRIVILEGES}
ON ObjectName
FROM [AuthorizationIdList | PUBLIC]
[RESTRICT | CASCADE];

• ALL PRIVILEGES refers to all the permissions (like SELECT, INSERT, DELETE, etc.) a user
has been given.
• The optional GRANT OPTION FOR clause lets you revoke the privileges sharing (given
through WITH GRANT OPTION), without affecting the user's access to the table.
• If REVOKE a privilege and it causes an object (like a view) to no longer be needed, the
command will fail unless you use the CASCADE keyword. If CASCADE is used, MySQL will

www.utm.my
automatically delete any unnecessary objects, like views or constraints, that are left
behind after revoking the privilege.
20
Effects of REVOKE
• User A grants User B INSERT
privilege on the Staff table WITH
GRANT OPTION (step 1).

• User B passes this privilege on to User

C (step 2).

• User C gets the same privilege from

User E (step 3).

• User C then passes the privilege on to

User D (step 4).

• When User A removes the INSERT

privilege from User B (step 5), it
doesn’t affect User C because User C
got the privilege from User E.

www.utm.my
If User E hadn’t given User C the
privilege, the removal would have also
applied to User C and User D.

21
 REVOKE specific privileges from PUBLIC
• Example 4:
• Revoke the privilege SELECT on departments table from all users.

REVOKE SELECT
ON departments
FROM PUBLIC;

Note:
MySQL doesn’t support PUBLIC.
But can still grant privileges to specific users (using % for any host).
REVOKE SELECT

www.utm.my
ON departments
FROM 'root'@'localhost';

22
 REVOKE specific privileges from named user
• Example 5:
• Revoke all privileges you have given to director on the employees table.

REVOKE ALL PRIVILEGES

ON employees
FROM director;

www.utm.my
23
Checking privileges:

SHOW GRANTS FOR manager;

SHOW GRANTS FOR director;

SHOW GRANTS FOR personnel;

www.utm.my
24
25