SQL Bible [Electronic resources] نسخه متنی

اینجــــا یک کتابخانه دیجیتالی است

با بیش از 100000 منبع الکترونیکی رایگان به زبان فارسی ، عربی و انگلیسی

SQL Bible [Electronic resources] - نسخه متنی

Alex Kriegel

| نمايش فراداده ، افزودن یک نقد و بررسی
افزودن به کتابخانه شخصی
ارسال به دوستان
جستجو در متن کتاب
بیشتر
تنظیمات قلم

فونت

اندازه قلم

+ - پیش فرض

حالت نمایش

روز نیمروز شب
جستجو در لغت نامه
بیشتر
لیست موضوعات
توضیحات
افزودن یادداشت جدید






Defining a Database User


The concept of the
USER, while being plain and simple in an
intuitive layman way, is one of the most confusing across the RDBMS
implementations. SQL99 does not specify any special syntax (or even a way) to
create a user in the database. Left to their own devices, the database vendors
have managed to create some ingenious solutions. For example, Oracle
9i makes little distinction between a user and the
database schema, IDB DB2 UDB only uses operating system-defined users (or those
defined by some external framework), and the Microsoft SQL Server combines both
approaches, using Windows accounts and special system procedures for adding
users to a database.

By definition, a database user is someone
who makes use of the services provided by the RDBMS server. It could be an
application, a database administrator, or just anyone who happens to access the
database at any given moment. User authentication, as we've mentioned before,
is the first line of defense when it comes to security issues.

In Oracle
9
i, the syntax for creating a user is as follows:

CREATE USER <user_name>
IDENTIFIED BY [<password> | EXTERNALLY] [DEFAULT TABLESPACE
<def_tablespace_name>] [TEMPORARY TABLESPACE <tmp_tablespace_name>]
[QUOTA (<integer> (K | M) ON <tablespace_name>],... [PROFILE
<profile_name>] [PASSWORD EXPIRE] [ACCOUNT [LOCK |
UNLOCK]];

In addition to the
CREATE
USER privilege (explained later in the
chapter), to create a user, you need, at the very least, to specify user name
and password, since most of the clauses in the statement are optional. To
create a user identified by the operating system (OS), use the keyword
EXTERNALLY. For more information on OS
integration, see the sidebar "OS Security Integration" later in the
chapter.

The other options are Oracle-specific, and
not found in other RDBMS implementations. For example, by specifying the
PASSWORD
EXPIRE clause, you are essentially telling
Oracle that the password for this user expires immediately, forcing the user to
select a different password on the next connection to the database.
ACCOUNT
LOCK allows you to specify, for example,
that access is to be blocked after so many unsuccessful attempts (precluding
password guessing), or disable user's account when, say, employee leaves the
company. This is a security measure that prevents all "inactive" users from
logging onto the database. A detailed discussion of all the Oracle-specific
options is well beyond the scope of this book.

Here is a very simple version of the
CREATE
USER statement:

CREATE USER new_user IDENTIFIED
BY it_is_me; User created.

By omitting all the optional clauses, this
statement creates a user that has all the system defaults assigned: it uses
system tablespace, his/her password never expires, and so on. Needless to say,
this practice has no place in a real, live production environment. In addition
to being less secure, it is also very inefficient.








Oracle 9i User
PROFILE

The
PROFILE clause assigns an environmental
user profile that governs the user's resource access by setting limits the user
cannot exceed. If no profile is specified, then a default profile is used. To
create a profile, you must assign the
CREATE
PROFILE privilege — either directly or
through a role (explained later in the chapter).

A profile is created with the
CREATE
PROFILE statement. The syntax is
relatively simple:

CREATE PROFILE <profile
name> LIMIT [RESOURCE PARAMETERS | PASSWORD PARAMETERS ];

Resource parameters could be set to
integer
UNLIMITED, or
DEFAULT. The first explicitly specifies
number of days, retries, and so on; the second removes the limit; and
DEFAULT tells Oracle to use its default
value, which is set in the system as part of the default profile (assigned to
any user for whom no explicit profile was specified).

There are a number of parameters used
here, most of which require some Oracle knowledge. Many of these are directly
related to security. For example, the resource parameter
SESSIONS_PER_USER limits the number of
concurrent sessions allowed for this user ID; when the number is exceeded, the
logon is denied. Another resource parameter —
CONNECT_TIME — sets a limit for the
connection time; yet another,
IDLE_TIME, tells Oracle exactly how long
a particular connection is allowed to remain idle, terminating the connection
once the limit is reached. Of course, there are more resource parameters used
for allocating system resources to a user, which you will find in the Oracle
documentation.

Among password parameters, virtually
every one falls into the security domain. Parameters like
FAILED_LOGIN_ATTEMPTS,
PASSWORD_LIFE_TIME,
PASSWORD_REUSE_TIME,
PASSWORD_REUSE_MAX,
PASSWORD_LOCK_TIME, and
PASSWORD_GRACE_TIME all define how
passwords are created, used, and expired. The names of the parameters describe
their functions. The first,
FAILED_LOGIN_ATTEMPTS, guards against
guessing the password and locks an account once the allowed number is reached.
The
PASSWORD_REUSE_MAX parameter specifies
number of password changes before the current password is reused, and so on.
One of the parameters (PASSWORD_VERIFY_FUNCTION)
allows for using custom logic, usually implemented as PL/SQL script, for
additional password verification, logging, and so on.











When a user is created, a schema
corresponding to that user is also created. The newly created user has no
rights or privileges within RDBMS, but must at least be granted the
CONNECT privilege to be able to connect to
the Oracle database and the set of privileges assigned on "as needed" basis
(privileges and the
GRANT statement syntax are discussed later
in this chapter). After these privileges have been granted, the user
ACME might access database
ACME using password
ACME, and perform actions based on the
privileges granted.





Note

In fact, that is the only way to create a "real schema"; the
CREATE
SCHEMA statement serves a somewhat
different purpose. See
Chapter
4
for more information on creating database objects.


Of course, as with almost any Oracle
database object, a
USER could be either dropped or altered
later on. Here is the
DROP syntax:

DROP USER <user name>
[CASCADE];

CASCADE
specifies that all objects in the user's schema should be dropped before
dropping the user; Oracle does not allow dropping a user whose schema contains
any objects, unless this clause is specified.

The
ALTER
USER statement specifies a number of
changes for a user. It assigns a different profile, changes the resources
limit, changes the default tablespace, and much more. It also provides a
convenient way to modify a user's properties without the need to drop the user
and then recreate it from scratch. For complete syntax of the
ALTER
USER statement, refer to Oracle
documentation.

Information about users in the Oracle
database is accessible through the system catalogs, discussed in detail in
Chapter
13
.

IBM DB2 UDB
uses a combination of external security services and internal access controls.
The first step in RDBMS security is authentication. IBM DB2 UDB does not
provide authentication services, relying instead on external services, which
could be implemented within the operating system, or as a third-party software
product (especially in the case where the database is installed as part of a
distributed environment).

This means that a user cannot be created
unless s/he also has an operating system account, be it Windows, Unix, or any
other OS. As such, all user authentication is managed outside of the DB2 UDB
database. For more information, refer to the OS Security Integration section
later in this chapter, or to IBM DB2 UDB documentation.

Microsoft SQL Server
2000
can be configured for user authentication either through the
Windows NT/2000 operating system, or through Mixed Mode authentication.

In the first case, the user must belong to
some predefined Windows account that allows logon to the SQL Server database
with his/her system login, which must be mapped to the internal SQL Server
account. Therefore, the OS login must be mapped to an SQL Server login in each
and every database within it that this login is allowed to access.

The second case — Mixed Mode — requires the
user to (1) have a valid Windows account to establish connection to the SQL
Server and (2) supply a user ID/password to be authenticated by the SQL
Server.

The Microsoft SQL Server does not have the
CREATE
USER statement. Instead it uses several
system-stored procedures, which are special precompiled
routines stored within the database server, usually written in Transact-SQL.
The stored procedures can be executed from ISQL/OSQL command-line utilities, or
from the visual interface of the Microsoft SQL Server Query Analyzer (see
Appendix
E
for more information on accessing RDBMS).

Table 12-1 lists stored procedures utilized by
user management within the SQL Server. The arguments needed to run these stored
procedures are by and large self-describing. If you are new to the MS SQL
Server, consult SQL Server Books Online (included with every installation of
the RDBMS), as there are some restrictions applicable to the use of these
procedures.






































Table 12-1: Selected Microsoft SQL Server 2000
User Management


System-Stored Procedures: Stored
Procedure


Description


sp_grantdbaccess <windows account name>,
[<name inside
database>]


Maps security account to one
inside SQL server database, adding a user to the users list of the current
database.

The Windows account must be a
valid account (<DOMAIN NAME>\<User Name>). When a second argument
is not supplied, the Windows account name is used. If called from within an
application, it returns 0 on success or 1 on failure.

Only members of the SQL Server
fixed role
SYSADMIN have permission to execute
this procedure.


sp_revokedbaccess <name inside
database>


Removes the account mapping from
the current database.


sp_adduser <windows account name>, [<name inside
database>].[<group
name>]

sp_grantdbaccess


Adds user (security account)
to the current database; Microsoft supplies this procedure for backward
compatibility only and recommends using instead

If called from within an
application, returns 0 on success or 1 on failure.


sp_dropuser
<name inside database>


Removes user (security account)
from the current database. Microsoft supplies this procedure for backward
compatibility only and recommend using
sp_revokedbaccess instead.


sp_addlogin
<login name>,[<password>],
[<default database>],
[<default language>],
[<security

identification number>],
[<encryption option>]


Creates a new SQL Server login
that allows a user to connect to the SQL Server using SQL Server
authentication. Normally used for users connecting to the SQL Server over the
network (i.e., they do not have a local account). All arguments, except the
login name are optional.

If called from within an
application, returns 0 on success or 1 on failure.


sp_grantlogin <windows account
name>


Grants SQL Windows account. If
called from within an application, returns 0 on success or 1 on failure.Server
access privileges to a valid


sp_revokelogin <windows account
name>


Removes access privileges for
a Windows account (either user or group). If called from within an application,
returns 0 on success or 1 on failure.

Note: This procedure revokes
individual privileges; if a user whose login privileges were revoked is a
member of a group that has these privileges, the user will still be able to
connect.


sp_denylogin <windows account
name>


Adds login to 'deny list';
the login for this user will be denied. If called from within an application,
returns 0 on success or 1 on failure.

Only members of
sysadmin and
securityadmin fixed SQL Server
roles can execute this procedure.


sp_droplogin <windows account
name>


Removes a login from the
current database. If a login is mapped to a user, the user must first be
removed using the
sp_dropuser stored procedure; other
restrictions also apply. If called from within an application, returns 0 on
success or 1 on failure.






Note

The main difference between system-stored procedures and
user-created procedures is their scope. The first are global, while the latter
are usually local to the database in which they are created. Virtually all
system-stored procedures are prefixed with
sp_, and they all are located in the
Master database.


To execute any of the above stored
procedures, either from ISQL/OSQL or the Query Analyzer, type in

EXEC <stored procedure
name> (arg1,arg2,...,argN)

The information about users in the
Microsoft SQL Server is accessible in the system catalogs (INFORMATION_SCHEMA), discussed in detail in
Chapter
13
, as well as in the system-stored procedures.

/ 207