v Chapter 6: Integrity and Security 究性与安全性) Domain Constraints(域约束) Referential Integrity(参照完整性) Assertions(断言) Triggers(触发器) Security(安全性) Authorization(授权) Authorization in SQL(SQL中的授权) 标 Database System Concepts 6.1 @Silberschatz, Korth and Sudarshan
Database System Concepts 6.1 ©Silberschatz, Korth and Sudarshan Chapter 6: Integrity and Security (完整性与安全性) Domain Constraints(域约束) Referential Integrity(参照完整性) Assertions(断言) Triggers(触发器) Security(安全性) Authorization (授权) Authorization in SQL(SQL中的授权)
Domain constraints Integrity constraints guard against accidental damage to the database, by ensuring that authorized changes to the database do not result in a loss of data consistency Domain constraints are the most elementary form of integrity constraint They test values inserted in the database, and test queries to ensure that the comparisons make sense New domains can be created from existing data types E.g. create domain Dollars numeric(12, 2) create domain Pounds numeric (12, 2) We cannot assign or compare a value of type dollars to a value of type Pounds However, we can convert type as below (cast rA as Pounds) Database System Concepts 6.2 OSilberschatz. Korth and Sudarshan
Database System Concepts 6.2 ©Silberschatz, Korth and Sudarshan Domain Constraints Integrity constraints guard against accidental damage to the database, by ensuring that authorized changes to the database do not result in a loss of data consistency. Domain constraints are the most elementary form of integrity constraint. They test values inserted in the database, and test queries to ensure that the comparisons make sense. New domains can be created from existing data types E.g. create domain Dollars numeric(12, 2) create domain Pounds numeric(12,2) We cannot assign or compare a value of type Dollars to a value of type Pounds. However, we can convert type as below (cast r.A as Pounds)
Domain Constraints(Cont The check clause in SQl permits domains to be restricted Use check clause to ensure that an hourly-wage domain allows only values greater than a specified value create domain hourly-wage numeric(5, 2) constraint value-test check(value>=4.00) The domain has a constraint that ensures that the hourly-wage is greater than 4.00 The clause constraint value-test is optional; useful to indicate which constraint an update violated Can have complex conditions in domain check create domain Account Type char (10) constraint account-type-test check(value in( Checking,, Saving)) check(branch-name in(select branch-name from branch) Database System Concepts 6.3 @Silberschatz, Korth and Sudarshan
Database System Concepts 6.3 ©Silberschatz, Korth and Sudarshan Domain Constraints (Cont.) The check clause in SQL permits domains to be restricted: Use check clause to ensure that an hourly-wage domain allows only values greater than a specified value. create domain hourly-wage numeric(5,2) constraint value-test check(value > = 4.00) The domain has a constraint that ensures that the hourly-wage is greater than 4.00 The clause constraint value-test is optional; useful to indicate which constraint an update violated. Can have complex conditions in domain check create domain AccountType char(10) constraint account-type-test check (value in (‘Checking’, ‘Saving’)) check (branch-name in (select branch-name from branch))
Referential Integrity Ensures that a value that appears in one relation for a given set of attributes also appears for a certain set of attributes in another relation Example: If Perryridge" is a branch name appearing in one of the tuples in the account relation, then there exists a tuple in the branch relation for branch Perryridge Formal Definition Let M,(R) and r2(R2) be relations with primary keys K, and K2 respectively The subset a of R2 is a foreign key referencing K, in relation r,, if for every t2 in r2 there must be a tuple ty, in such that t,]=t2[a] Referential integrity constraint also called subset dependency since its can be written as hsa(2)∈Ikr(r 6. OSilberschatz. Korth and Sudarshan
Database System Concepts 6.4 ©Silberschatz, Korth and Sudarshan Referential Integrity Ensures that a value that appears in one relation for a given set of attributes also appears for a certain set of attributes in another relation. Example: If “Perryridge” is a branch name appearing in one of the tuples in the account relation, then there exists a tuple in the branch relation for branch “Perryridge”. Formal Definition Let r1 (R1 ) and r2 (R2 ) be relations with primary keys K1 and K2 respectively. The subset of R2 is a foreign key referencing K1 in relation r1 , if for every t2 in r2 there must be a tuple t1 in r1 such that t1 [K1 ] = t2 []. Referential integrity constraint also called subset dependency since its can be written as (r2 ) K1 (r1 )
Referential Integrity in the E-R Model Consider relationship set R between entity sets E, and E2. The relational schema for R includes the primary keys K, of E1 and K2 of e2 Then K, and K2 form foreign keys on the relational schemas for E, and E2 respectively E1 R E2 Weak entity sets are also a source of referential ntegrity constraints For the relation schema for a weak entity set must include the primary key attributes of the entity set on which it depends Database System Concepts 6.5 @Silberschatz, Korth and Sudarshan
Database System Concepts 6.5 ©Silberschatz, Korth and Sudarshan Referential Integrity in the E-R Model Consider relationship set R between entity sets E1 and E2 . The relational schema for R includes the primary keys K1 of E1 and K2 of E2 . Then K1 and K2 form foreign keys on the relational schemas for E1 and E2 respectively. Weak entity sets are also a source of referential integrity constraints. For the relation schema for a weak entity set must include the primary key attributes of the entity set on which it depends E1 R E2
Checking Referential Integrity on Database modification The following tests must be made in order to preserve the following referential integrity constraint ∏(r2)≤Ik(r1) Insert. If a tuple t, is inserted into r, the system must ensure that there is a tuple t, in G, such that t,K= t2[a]. That is t2[cx]∈k(r1) Delete. If a tuple, t, is deleted from r1, the system must compute the set of tuples in r2 that reference t, t1] If this set is not empty either the delete command is rejected as an error, or the tuples that reference t, must themselves be deleted (cascading deletions are possible Database System Concepts 6.6 @Silberschatz, Korth and Sudarshan
Database System Concepts 6.6 ©Silberschatz, Korth and Sudarshan Checking Referential Integrity on Database Modification The following tests must be made in order to preserve the following referential integrity constraint: (r2 ) K (r1 ) Insert. If a tuple t2 is inserted into r2 , the system must ensure that there is a tuple t1 in r1 such that t1 [K] = t2 []. That is t2 [] K (r1 ) Delete. If a tuple, t1 is deleted from r1 , the system must compute the set of tuples in r2 that reference t1 : = t1[K] (r2 ) If this set is not empty either the delete command is rejected as an error, or the tuples that reference t1 must themselves be deleted (cascading deletions are possible)
Database Modification(Cont) Update. There are two cases If a tuple t2 is updated in relation r2 and the update modifies values for foreign key a, then a test similar to the insert case is made Let t2 denote the new value of tuple t2. The system must ensure that t2]∈Ik(r1 If a tuple t, is updated in r1, and the update modifies values for the primary key(K), then a test similar to the delete case is made 1. The system must compute a=tiKI (2) using the old value of t,(the value before the update is applied) 2. If this set is not empty the update may be rejected as an error, or the tuples in the set may be deleted Database System Concepts OSilberschatz. Korth and Sudarshan
Database System Concepts 6.7 ©Silberschatz, Korth and Sudarshan Database Modification (Cont.) Update. There are two cases: If a tuple t2 is updated in relation r2 and the update modifies values for foreign key , then a test similar to the insert case is made: Let t2 ’ denote the new value of tuple t2 . The system must ensure that t2 ’[] K(r1 ) If a tuple t1 is updated in r1 , and the update modifies values for the primary key (K), then a test similar to the delete case is made: 1. The system must compute = t1[K] (r2 ) using the old value of t1 (the value before the update is applied). 2. If this set is not empty 1. the update may be rejected as an error, or 2. the tuples in the set may be deleted
Referential Integrity in SQL Primary and candidate keys and foreign keys can be specified as part of the sQL create table statement: The primary key clause lists attributes that comprise the primary key The unique key clause lists attributes that comprise a candidate key The foreign key clause lists the attributes that comprise the foreign key and the name of the relation referenced by the foreign key By default, a foreign key references the primary key attributes of the referenced table foreign key(account-number references account Short form for specifying a single column as foreign key account-number char(10) references account Reference columns in the referenced table can be explicitly specified but must be declared as primary/candidate keys foreign key(account-number references account(account-number Database System Concepts 6.8 OSilberschatz. Korth and Sudarshan
Database System Concepts 6.8 ©Silberschatz, Korth and Sudarshan Referential Integrity in SQL Primary and candidate keys and foreign keys can be specified as part of the SQL create table statement: The primary key clause lists attributes that comprise the primary key. The unique key clause lists attributes that comprise a candidate key. The foreign key clause lists the attributes that comprise the foreign key and the name of the relation referenced by the foreign key. By default, a foreign key references the primary key attributes of the referenced table foreign key (account-number) references account Short form for specifying a single column as foreign key account-number char (10) references account Reference columns in the referenced table can be explicitly specified but must be declared as primary/candidate keys foreign key (account-number) references account(account-number)
Referential Integrity in SQL-Example create table account (account-number char (10) branch-namechar (15) balance Integer primary key(account-number) foreign key(branch-name) references branch create table depositor (customer-name char(20) account-number char(10) primary key(customer-name, account-number foreign key(account-number) references account, foreign key (customer-name)references customer Database System Concepts 6.9 OSilberschatz. Korth and Sudarshan
Database System Concepts 6.9 ©Silberschatz, Korth and Sudarshan Referential Integrity in SQL – Example create table account (account-number char(10), branch-namechar(15), balance integer, primary key (account-number), foreign key (branch-name) references branch) create table depositor (customer-name char(20), account-number char(10), primary key (customer-name, account-number), foreign key (account-number) references account, foreign key (customer-name) references customer)
Cascading Actions in SQL create table account foreign key(branch-name) references branch on delete cascade on update cascade Due to the on delete cascade clauses if a delete of a tuple in branch results in referential-integrity constraint violation. the delete" cascades" to the account relation, deleting the tuple that refers to the branch that was deleted Cascading updates are similar 标 Database System Concepts 6.10 @Silberschatz, Korth and Sudarshan
Database System Concepts 6.10 ©Silberschatz, Korth and Sudarshan Cascading Actions in SQL create table account . . . foreign key(branch-name) references branch on delete cascade on update cascade . . . ) Due to the on delete cascade clauses, if a delete of a tuple in branch results in referential-integrity constraint violation, the delete “cascades” to the account relation, deleting the tuple that refers to the branch that was deleted. Cascading updates are similar