Chapter IV database exercise

6、
（1）

--标准SQL
grant all privileges
on table    学生，班级
to u1 

--T-sql
grant all 
on 学生
to u1
with grant option

grant all
on 班级
to u1 
with grant option 

（2）

grant select update (住址)
on table  班级
to public 
--标准SQL 
--T-sql 
grant select update (住址)
on   班级
to public 

(3)

grant select 
on table 班级
to public 
--标准SQL
grant select 
on 班级
to public 
--T_sql

(4)

grant select update
on table 学生
 to r1
 --标准sql 
 --T-sql
 grant select update
 on 学生
 to r1

(5)

grant r1
to u1 
with admin option 

--T-sql
alter role r1
add member u1;

7
(1)

grant select 
on table 职工,部门
to 王平

--
grant select
on 职工
to 王平
grant select 
on 部门
to 王平

(2)

grant delect,update 
on table 职工,部门
to 李勇
------
grant delete ,update 
on 职工
to 李勇
grant delete ,update 
on 部门
to 李勇

(3) The subject reference to the contents of the students will be given later link

grant select
on table 职工
when  user()=姓名--不知道为什么看到when 这个关键字不是那么惊讶，。可能是
--where 用多了
to  public 
--T-sql不再赘述

(4)

grant select ,update(工资)
on table 职工
to 刘星
--自己可以改工资，还有这操作，t_Sql 不再赘述

(5)

grant alter
on 职工,部门
to 张新
-----
grant alter 
on 职工
to 张新
grant alter 
on 部门
to 张新

(6)

grant all privileges 
on table 职工,部门
to 周平
with grant option 
---T-sql不再赘述

privileges
(7)
According to this subject can not be directly authorize a base table, the establishment of a view

create view money(num,max_money,min_money,avg_money)
as 
select 部门号,max(工资),min(工资),avg(工资)
from 职工
group by  部门号
grant select 
on  money 
to 杨兰
--标准不再赘述

8

(1)
revoke select 
on table 职工,部门
from 王平
(2)
revoke insert ,delete 
on table 职工，部门
from 李勇
(3)
revoke select 
on table 职工
when user()=名称
to  public
(4)
revoke select ,update(工资)
on table 职工
from 刘星
(5)
revoke alter 
on table 职工,部门
from 张新
(6)
revoke all privileges 
on 职工
from 周平 cascade 
--这个在t -sql 中也要有，否则会报错

(7)
revoke select 
on view money
from 杨兰

The above code, if there is an error, I hope you have educated us

Security summary

Introduction
A good database will have to consider the safety of, for example, if a user login account thousands of times a minute, that user is likely to be problematic. In order to better protect data security should be considered.

Database security
(1) security control database
<1> user identity checking
<2> MAC
<3> customize access method
<4> Authorized Grant / REVOKE
<. 5> mandatory access control method permission level is greater than the object body the secret level can be read
only when the permission level of the body less dense object can be written
(2) view
from above example can be seen in the view of the data can be protected.
(3) audit
can audit the operation of the user, the user find non-standard audit
(4) data encryption
can use some algorithm to encrypt data, do not worry even if the select
(5) other security protection

Finally recommend a blog, compared to this one this I really pales
https://blog.csdn.net/fu_gaga/article/details/105214694 (third and references 7 of this title)