Security in SQL: GRANT & REVOKE PostgreSQL privileges allow us to configure the access to the database for different uses: each user can have specific privileges to specific relations . The important commands: – Grant: adding privileges. – Revoke: remove privileges Adding/removing privileges to: – user – group – public \h GRANT or \h REVOKE 1 What can we do? dropdb pruebas createdb pruebas ----------CREATE TABLE test (nombre char (30), direccion char(30)); \dp test -- \dp check permisions ------------pruebas=> \dp test create user otroyo; psql) ------------- (desde dentro de Access privileges for database “pruebas" Schema | Table | Access privileges --------+-------+------------------public | test | {=,ruth=arwdRxt} (1 row) psql -U otroyo pruebas INSERT INTO test VALUES ('cualquiercosa','Mayor'); -- 2 1 What can we do? pruebas=> \dp test Access privileges for database “pruebas" Schema | Table | Access privileges --------+-------+---------------------------public | test | {=,ruth=arwdRxt,otroyo=aw} (1 row) GRANT INSERT ON test TO otroyo; psql -U otroyo pruebas --otroyo INSERT INTO test VALUES (‘cualquiercosa’,'Mayor'); -- UPDATE test set direccion='qwerty'; DELETE FROM test;-- 3 Adding privileges GRANT use: grant <privilege/s> on <relation/view> to <users> <users> : – An specific user – public, someone – (role, groups, it is not implemented in PostgreSQL) When we are adding privileges to a view, we are not adding privileges to their referenced relations 4 2 The privileges select: it is allowed to realise queries using the mentioned relation or view – Example: to allow to U1, U2, and U3 users to use select in relation account: grant select on account to U1, U2, U3 insert update delete references usage: it allow to create domains all privileges 5 Removing privileges revoke use: revoke<privilege/s> on <relation/view> from <users> [restrict|cascade] Example: revoke select on account from U1, U2, U3 cascade Deleting privileges to a user can force that other users loose the privileges, too: revoke/restrict. When a privilege is assigned twice (by two users), they have to be remove twice, too. REVOKE INSERT ON test FROM otroyo; REVOKE UPDATE ON test FROM otroyo; 6 3 Limitation SQL cannot give privileges to tuples. Mostly the security is managed by a program: – OK: it is possible to have privileges to tuples – Attention: the security depends on the code quality 7 4