12
insert takes place:
INSERT INTO John.Department
VALUES (‘999’, ‘Accounts Payable’, ‘Cleveland’);
Procedures enable the implementation of complicated security requirements that cannot be supported by the
basic security measures or views.
Synonyms
In the previous sections we showed that the objects used for implementing transparency – views and
procedures – can be effective security tools because through them, users can get access to specific portions of
data of the table without getting access to the whole table. Another transparency object – synonym – is not
used for implementing security because it is just an additional name for a database object and users can access
the synonym only if they have the corresponding access privileges on the object itself. For example, if John
creates a public synonym for his table Department, other users will need privileges on the table in order to
access the synonym. Below, Scott succeeds in accessing the synonym, while Adam who does not have access
privileges on the table, fails:
John> CREATE PUBLIC SYNONYM syn_Department FOR
Department;
John> GRANT SELECT ON Department TO Scott;
Because we used the option PUBLIC in the definition of the synonym, all users will be able to see and use it
without referring to the schema of Scott (most of the other objects do not have this option).
Scott> SELECT * FROM syn_Department; (succeeds)
Adam> SELECT * FROM syn_Department; (fails)
Synonyms cannot enhance security – synonyms of an object have the same security measures as the object.
Security and Transparency
Views and procedures – objects that are used for implementing security of the database – are also used for
the support of data transparency. Though technically transparency and security are different features of the
database, there is a logical connection between them. If users are not allowed to access a particular database
resource, this resource has to be transparent to them. By sustaining security we can achieve transparency, and
we can use transparency for implementing security. However, while transparency is a highly desirable feature
of the database, security is a required one.
Let us again discuss views and see how they can not only enforce security, but can also make security
measures less dependent on database changes. If we define security measures on views, and not on tables, we
enforce the transparency of the data for these security measures. For example, the table Department is in
John’s schema, and Scott is running an application that accesses this table. If for some reason the table is
moved to another schema or is renamed, then the application has to be changed, as well as the security
measures – see Figure 10a).
If there is a tier of views (see discussion of transparency in Chapter 2), and security measures are defined on
those views, then changes to the table will only cause a redefinition of the views and can be transparent to the