Bài giảng Kiến trúc cài đặt cơ sở dữ liệu - Chương 11: Bảo mật mức hàng trong SQL Server. Chương này tiến hành hướng dẫn việc xây dựng bảng, hàm, thủ tục và trigger cho mục đích bảo mật mức hàng. Mời các bạn tham khảo để biết thêm nội dung chi tiết.
B GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ng SQL Server GV Phi Loan - Khoa CNTT – UIH N i dung • Case study –X ̀ ̀ GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ng Đ ̀ ̀ • SQL Server ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ level security) •V ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ng (roẁ ̀ ̀ ̀ ̀ ̀ ̀ ̀ p ̀ ̀ ̀ ̀ ̀ ̀ View CREATE VIEW [ < database_name >.] [ < owner > ] view_name [ ( column [ , n ] ) ] AS select_statement [ WITH CHECK OPTION ] GV Phi Loan - Khoa CNTT – UIH L nh View • [ WITH CHECK OPTION ]: b t bu c t t c l nh ch nh s a d li ̀ ̀ ̀ n view u ph ̀ ̀ ̀ u ki n l c m nh select – Khi hàng b s ̀ i thông qua view, WITH CHECK OPTION b ̀ m d li u v n cịn nhìn th ̀ c thơng qua view –B ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ i view s b lo i tr hi n th thông báo l i GV Phi Loan - Khoa CNTT – UIH Ví d CREATE VIEW CAonly AS SELECT au_lname, au_fname, city, state FROM authors WHERE state = 'CA' WITH CHECK OPTION UPDATE CAOnly ̀ ̀ ̀ ̀ K̀ ̀WHE‘È ̀ Ć ̀ L nh update có th c hi khơng? GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ́ c Case study •C ̀ ̀ ̀ ̀OBXK ̀ ̀ ̀ ̀ ̀ ̀ ̀ ng •M ̀ ̀ ̀ ̀ ̀ ̀ C ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ nh GV Phi Loan - Khoa CNTT – UIH ̀ Business-security rules • T ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ • D ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ n xem GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ Business-security rules • H ̀ ̀ ̀ ̀ ̀ • M ̀ ̀ ̀ ̀ ̀ GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ 10 B ng security • B ̀ ̀ ̀ ̀ ̀ deletes • B ̀ ̀ ̀ –H ̀ (0 3) –‘ ̀ ̀ GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀cascading ̀ c (constraint): ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ t security codes ̀ ̀ ̀ ̀ ̀ ̀security ̀ 13 T ̀B ng security USE OBXKites; CREATE TABLE dbo.Security ( SecurityID int identity NOT NULL PRIMARY KEY NONCLUSTERED, ContactID UniqueIdentifier NOT NULL REFERENCES dbo.Contact(ContactID) ON DELETE CASCADE, LocationID UniqueIdentifier NOT NULL REFERENCES dbo.Location(LocationID) ON DELETE CASCADE, SecurityLevel INT NOT NULL DEFAULT ); GV Phi Loan - Khoa CNTT – UIH 14 H ̀ ̀ ̀ ̀ ng security ALTER TABLE dbo.Security ADD CONSTRAINT ValidSecurityCode CHECK (SecurityLevel IN (0,1,2,3)); ALTER TABLE dbo.Security ADD CONSTRAINT ContactLocation UNIQUE (ContactID, LocationID); GV Phi Loan - Khoa CNTT – UIH 15 T ̀ ̀ m CREATE TRIGGER ContactID_RI ON dbo.Security AFTER INSERT, UPDATE AS SET NOCOUNT ON; IF EXISTS(SELECT * FROM Inserted INNER JOIN dbo.Contact ON Inserted.ContactID = Contact.ContactID WHERE Contact.ContactID IS NULL OR IsEmployee = CAST(0 AS bit)) BEGIN ‘́ISE‘‘O‘̀ F ̀K ̀C ROLLBACK TRANSACTION; RETURN; END; GV Phi Loan - Khoa CNTT – UIH ̀S C M ̀ ID ̀16, 1); ̀ a Trigger?? 16 Admin procedures •T ̀ ̀ ̀ ̀ ̀ ̀ i user •T ̀ ̀ ̀ ̀ ̀ i nhân viên •T ̀ ̀ ̀ ̀ ̀ ̀ ̀ a nhân viên •H ̀ ̀ ̀ ̀ t GV Phi Loan - Khoa CNTT – UIH 17 T ̀ ̀ ̀ ̀ ̀ a user CREATE PROCEDURE pSecurity_Fetch @LocationCode VARCHAR(15) = NULL, @ContactCode VARCHAR(15) = NULL AS SET NOCOUNT ON; SELECT c.ContactCode, l.LocationCode, s.SecurityLevel FROM dbo.Security AS s INNER JOIN dbo.Contact AS c ON s.ContactID = c.ContactID INNER JOIN dbo.Location AS l ON s.LocationID = l.LocationID WHERE (l.LocationCode = @LocationCode OR @LocationCode IS NULL) AND (c.ContactCode = @ContactCode OR @ContactCode IS NULL); GV Phi Loan - Khoa CNTT – UIH 18 T ̀ ̀ ̀ n security cho user CREATE PROCEDURE pSecurity_Assign @ContactCode VARCHAR(15), @LocationCode VARCHAR(15), @SecurityLevel INT AS SET NOCOUNT ON; DECLARE @ContactID UNIQUEIDENTIFIER, @LocationID UNIQUEIDENTIFIER; Get ContactID SELECT @ContactID = ContactID FROM dbo.Contact WHERE ContactCode = @ContactCode; IF @@ERROR RETURN -100 IF @ContactID IS NULL BEGIN ‘́ISE‘‘O‘̀ C ̀ ̀ ̀ ̀ 15,1,@ContactCode); RETURN -100; END; GV Phi Loan - Khoa CNTT – UIH Get LocationID SELECT @LocationID = LocationID FROM dbo.Location WHERE LocationCode = @LocationCode; IF @@ERROR RETURN -100; IF @LocationID IS NULL BEGIN ‘́ISE‘‘O‘̀ L ̀ ̀ ̀ ̀ 15,1,@LocationCode); RETURN -100; END; Insert INSERT dbo.Security (ContactID,LocationID, SecurityLevel) VALUES (@ContactID, @LocationID, @SecurityLevel); IF @@ERROR RETURN -100; RETURN; 19 T •T ̀ ̀ ̀ ̀C ̀ C ̀ ̀ ̀ nh ̀ a nhân viên: SELECT ContactCode FROM dbo.Contact WHERE IsEmployee = CAST(1 AS bit); •T ̀ ̀ ̀ ̀ nh (LocationCode): SELECT LocationCode FROM dbo.Location; GV Phi Loan - Khoa CNTT – UIH 20 G ̀ • G ̀ ̀ ̀ ̀ ̀ ̀ c nhau: ̀ ̀ ̀ ̀ c nhân viên ̀ ̀ ̀ EXEC pSecurity_Assign C C ̀ ̀ 118 ̀ L @SecurityLevel = 3; C ̀ ̀ CH EXEC pSecurity_Assign C C ̀ ̀ 118 ̀ L @SecurityLevel = 2; C ̀ ̀C EXEC pSecurity_Assign C C ̀ ̀ 118 ̀ L @SecurityLevel = 1; C ̀ ̀E GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ 21 T ̀ ̀ ̀ ̀ ̀ t CREATE PROCEDURE p_SecurityCheck @ContactCode VARCHAR(15), @LocationCode VARCHAR(15), @SecurityLevel INT, @Approved BIT OUTPUT AS SET NOCOUNT ON; DECLARE @ActualLevel INT = 0; SELECT @ActualLevel = s.SecurityLevel FROM dbo.Security AS s INNER JOIN dbo.Contact AS c ON s.ContactID = c.ContactID INNER JOIN dbo.Location AS l ON s.LocationID = l.LocationID WHERE c.ContactCode = @ContactCode AND l.LocationCode = @LocationCode; GV Phi Loan - Khoa CNTT – UIH 22 T ̀ ̀ ̀ ̀ ̀ t (tt) IF @ActualLevel < @SecurityLevel SET @Approved = CAST(0 AS bit); ELSE SET @Approved = CAST(1 AS bit); RETURN 0; • C ̀ : DECLARE @OK BIT; EXEC̀ ̀ C ̀̀ C C ̀ ̀ 118 L C ̀ ̀C ̀ ̀ L ̀ ̀3, @Approved = @OK OUTPUT; SELECT @OK; GV Phi Loan - Khoa CNTT – UIH 23 H ̀ ̀ ̀ ̀ t •H ̀̀ C ̀ ̀ ̀ ̀ ̀ c pSecurity_Check •M ̀ ̀ ̀ ̀ ̀ m: –C ̀ ̀ ̀ ̀ GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀IF̀ ̀ ̀ ̀ ̀ ̀ c 24 H m fSecurityCheck CREATE FUNCTION dbo.fSecurityCheck ( @ContactCode VACHAR(15), @LocationCode VARCHAR(15), @SecurityLevel INT) RETURNS BIT AS BEGIN DECLARE @Approved BIT = CAST(0 AS bit); IF (SELECT s.SecurityLevel FROM dbo.Security AS s INNER JOIN dbo.Contact AS c ON s.ContactID = c.ContactID INNER JOIN dbo.Location AS l ON s.LocationID = l.LocationID WHERE c.ContactCode = @ContactCode AND l.LocationCode = @LocationCode) >= @SecurityLevel GV Phi Loan - Khoa CNTT – UIH 25 H m fSecurityCheck (tt) BEGIN SET @Approved = CAST(1 AS bit); END; RETURN @Approved; END; GV Phi Loan - Khoa CNTT – UIH 26 K ̀ IF ̀ BEGIN ̀ m fSecurityCheck (tt) C ̀ 118 ̀ C ̀3) = CAST(0 AS bit) ‘́ÌE‘‘O‘ ̀ ̀V ROLLBACK TRANSACTION; RETURN -100; ̀16,1); END; GV Phi Loan - Khoa CNTT – UIH 27 ...GV Phi Loan - Khoa CNTT – UIH N i dung • Case study –X ̀ ̀ GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ng Đ ̀ ̀ • SQL Server ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ level security)... Loan - Khoa CNTT – UIH ̀ ̀ ̀ ́ c Case study •C ̀ ̀ ̀ ̀OBXK ̀ ̀ ̀ ̀ ̀ ̀ ̀ ng •M ̀ ̀ ̀ ̀ ̀ ̀ C ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ nh GV Phi Loan - Khoa CNTT – UIH ̀ Business-security... ̀ ̀ • D ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ n xem GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ Business-security rules • H ̀ ̀ ̀ ̀ ̀ • M ̀ ̀ ̀ ̀ ̀ GV Phi Loan - Khoa CNTT – UIH ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀ ̀