Example:
Employee(ssn, name, department, project, salary)Consider a person who needs to know the name and project of employees in the 'Development' department, but not the salary. This person should see a relation described, in SQL, by
SELECT name, project FROM Employee WHERE department = 'Development'
Provide a mechanism to hide certain data from the view of certain users.
Any relation that is not part of the conceptual model but is visible to a user as a “virtual relation” is called a view.
Not physically stored.
Application programs are protected
from changes in the conceptual and
physical schemas.
A view is defined using the create view statement which has the form
CREATE VIEW view_name AS
< QUERY >
[WITH CHECK OPTION]
where < query > is any legal SQL expression.
Once a view is defined, the view name can be used to refer to the virtual relation that the view generates.
DROP VIEW <view_name>
Example:
Student(studID, name, address, major, gpa)
- This is a view of the Student table without the gpa field.
CREATE VIEW SecStudent AS SELECT studID, name, address, major FROM student
Example:
- A company's database includes a relation:
Part (PartID, weight,...)- Weight is stored in pounds
- The Company is purchased by a firm that uses metric weights
- Databases must be integrated and use Kg.
- But old applications use pounds.
- Solution:
- Base table with kilograms becomes MetricPart for the integrated company
CREATE VIEW MetricPart AS SELECT PartID, 2.2046*weight, -- no other changes FROM Part- Old programs still call the table Part
- Consider the following relations
Person(name, city) Purchase(buyer, seller, product, store) Product(name, maker, category)CREATE VIEW SeattleView AS SELECT buyer, seller, product, store FROM Person, Purchase WHERE Person.city = 'Seattle' AND Person.name = Purchase.buyer- We have a new 'virtual table':
SeattleView(buyer, seller, product, store)
Query using SeatleView
SeattleView(buyer, seller, product, store) Product(name, maker, category)SELECT name, store FROM SeattleView, Product WHERE SeattleView.product = Product.name AND Product.category = 'shoes'
Query using a view
SELECT name, SeattleView.store
FROM SeattleView, Product
WHERE SeattleView.product = Product.name
AND Product.category = 'shoes'
Expanded query
SELECT name, Purchase.store
FROM Person, Purchase, Product
WHERE Person.city = 'Seattle'
AND Person.name = Purchase.buyer
AND Purchase.product = Product.name
AND Product.category = 'shoes'
Query using a view
SELECT buyer, seller
FROM SeattleView
WHERE product= 'gizmo'
Expanded query
SELECT buyer, seller
FROM Person, Purchase
WHERE Person.city = 'Seattle'
AND Person.name = Purchase.buyer
AND Purchase.product= 'gizmo'
Employee(ssn, name, department, project, salary)CREATE VIEW Developers AS SELECT name, project FROM Employee WHERE department = 'Development'
Example:
Employee(ssn, name, department, project, salary) Developers(name, project)The following insertion:
INSERT INTO Developers VALUES('Joe', 'Optimizer')becomes:
INSERT INTO Employee VALUES(NULL, 'Joe', NULL, 'Optimizer', NULL)
- Consider the relations
and the viewPerson(name, city) Purchase(buyer, seller, product, store)CREATE VIEW SeattleView AS SELECT seller, product, store FROM Person, Purchase WHERE Person.city = 'Seattle' AND Person.name = Purchase.buyer- How can we add the following tuple to the view?
('Joe', 'Shoe Model 12345', 'Nine West')
FROM
clause has only one database relation.SELECT
clause contains only attribute names of the relation.SELECT
clause can be set to NULL
.GROUP BY
or HAVING
clause.ADVANTAGES | DISADVANTAGES |
---|---|
Data independence | Update restriction |
Currency | Structure restriction |
Improved security | Performance |
Reduced complexity | |
Convenience | |
Customization | |
Data integrity |
e.g., A student can't see other students' grades.
e.g., Delete or change data without being authorized
e.g., Only instructors can assign grades.
e.g. The DB should always be operational
CREATE ROLE sales_people;
-- grant some privileges to sales_people
-- grant sales_people role to users
Syntax
GRANT <privileges> ON <object>
TO [<users>|<role>]
[WITH GRANT OPTION]
GRANT OPTION: Right to pass privilege on to other users
Example: Privilege to INSERT particular columns in a table
GRANT INSERT ON <tablename(<attributenames>)> TO <users> [WITH GRANT OPTION]
GRANT INSERT, SELECT ON Movie TO Klaus
- Klaus can query 'Movie' or insert tuples into it.
GRANT DELETE ON Movie TO shop_owner WITH GRANT OPTION
- Anna can delete 'Movie' tuples, and also authorize others to do so
GRANT UPDATE (price_Day) ON Movie TO movie_staff
- Staff can update (only) the price field of 'Movie' tuples
GRANT SELECT ON MovieView TO Customers
- This does NOT allow the customers to query 'Movie' directly!
REVOKE <privileges>
ON <object>
FROM <users>
[RESTRICT | CASCADE]
https://www.xkcd.com/327/