Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Oracle Database wikipedia , lookup
Concurrency control wikipedia , lookup
Microsoft Access wikipedia , lookup
Entity–attribute–value model wikipedia , lookup
Open Database Connectivity wikipedia , lookup
Microsoft SQL Server wikipedia , lookup
Microsoft Jet Database Engine wikipedia , lookup
Extensible Storage Engine wikipedia , lookup
Functional Database Model wikipedia , lookup
Relational model wikipedia , lookup
VIEWS AND STORED QUERIES Running head: THE PURPOSE OF CREATING SQL SERVER 2000 VIEWS The Purpose of Creating SQL Server 2000 Views, also known as a Stored Query, and How Views Can Enhance Database Security. Unit 2 Discussion Board Assignment Ignatius C. Spots Carnegie-Mellon University Database Design and Implementation ITS610-02 Professor Archie Addo, Ph.D. November 25, 2003 1 VIEWS AND STORED QUERIES Abstract This paper will describe some of the various uses for stored queries, also known as database views. This paper will focus on how views fulfill the need of data users to access pertinent data in a convenient manner while allowing data owners to maintain the security of sensitive data that may be contained in the same or adjoining tables. 2 VIEWS AND STORED QUERIES 3 The Purpose of Creating SQL Server 2000 Views, also known as a Stored Query, and How Views Can Enhance Database Security. A Structured Query Language (SQL) view, also known as a stored query, can be created for many purposes. By drawing upon key columns and rows of data, views can be used to summarize data into a condensed and concise form. Views can also be used to restrict access to data by hiding sensitive columns and rows from those who do not have a “need to know.” Even the criteria for creating a view can be hidden from users, by using encrypted views. (Dewson, R., 2002). Such would be the case if you did not want any users to know what methods were used to derive certain data (in order to obscure how – and from where – the data came). Views can be based upon columns and row in one table or many tables. Views can be based upon data in one database or in several databases (distributed views). be based upon other views. Views can Views can be saved (as a stored query) and re-used over and over again. “…a view is a virtual table whose contents are defined by a query. Like a real table, a view consists of a set of named columns and rows of data. However, a view does not exist as a stored set of data values in a database. The rows and columns of data come from tables referenced in the query defining the view and are produced dynamically when the view is referenced…” (Microsoft, 2000). VIEWS AND STORED QUERIES 4 The flexibility of views allows this structure to be used for many different purposes. Some examples follow. Web-based front-end applications are very popular, due to the fact that they lack the requirement for any proprietary client software. In an n-tiered application, the web-based front end application (1st tier) accesses data from middleware (2nd tier - that applies business rules and/or business logic to the process) and the middleware accesses a database (3rd tier) as its back-end component. For anonymous users who reference information from a web browser, views can be used to present summarized data that does not include any personal or sensitive data. Such a case would be needed with public users accessing US census data on a public web site sponsored by a federal agency. In this situation a view is essential to allow limited access to a subset of the collected data that that should be made available to the general public, by law. In a corporate situation, those who deal with personnel information may be restricted from viewing financial data on employees, including salary data, commissions, and end-of-theyear bonuses. Database views can facilitate limited access to non-financial information on employees, while restricting access to all other information. In a military environment, where information is categorized as non-classified, classified, secret, and top-secret, those with the proper clearance would be able to view rows of data that met, but did not exceed, the clearance and corresponding classification of the viewer. Views help to implement the VIEWS AND STORED QUERIES 5 security, in this situation, that is needed to protect classified information. In an educational situation, those responsible for updating student records can be kept from updating employee records, in a similar manner, by the use of views. Views can facilitate the work that employees need to do to accomplish their job, while protecting data that may be contained in the same database and the same tables; data that should not be updated by the employees (i.e. their own salaries, vacation time, etc.). A view can save a considerable amount of re-programming and re-work, for instance, by acting as a global search and replace mechanism. A view can be defined to present rows and columns of data that meet only a certain criteria, such as the set of raw materials (i.e. carbon) used in the manufacture of a finished product (i.e. composite material used to make the skin of the fighter jets/aircraft). Once a view is presented containing the records and columns meeting the specific criteria, these records can systematically or mathematically be updated to reflect an increase in the cost of these raw materials. This would allow an update to selected records without the need to re-program an entire database or database application. Similarly, a view can be re-used in different situations, such as the display of critical business information for different sales regions, without the need to completely redefine or re-program an application. The view can be “re- targeted” to a different region’s database, and little or no reprogramming is necessary to draw out the same type of VIEWS AND STORED QUERIES information about the strategic information relating to widely spread geographical business regions. As you can see, views present a convenient mechanism for the purpose of organizing and presenting information contained in a relational database. This is all done without the need to store the pertinent data separately from the source data. Since views have most of the capabilities of tables, then most of the functions that you would perform on a table can be performed on a view. data. Views are very efficient, since views do not replicate Because of the fact that only the queries that establish a view are stored in the database tables, views do not have to take up a lot of room. Views can be indexed, which does increase their storage requirement, but this performance feature is more that offset by the savings in “wait” time and increase in access speed that it affords. The use of views should be considered in any situation that requires limited access to data by multiple people. When used in conjunction with integrity controls, authorization rules, user-defined procedures, encryption, and authentication schemes (Hoffer, J. A., et. al., 2002), database views help to enhance the security of any database while allowing [limited] access to necessary information. Typically, database applications use a very large number of view. In summary, views are mainly used for three purposes: As a security measure by restricting users to certain rows and columns 6 VIEWS AND STORED QUERIES As a method of joining data from multiple tables and presenting it as if it resides in one table To return summary data instead of detailed data (Dewson, R., 2002). 7 VIEWS AND STORED QUERIES 8 References Dewson, R. (2002). Beginning SQL Server 2000 Programming. Wrox Press. Birmingham, UK. 1st Ed. Pp. 489-518. Hoffer, J. A., et. al. (2002). Modern Database Management. Pearson Education, Inc. Upper Saddle River, New Jersey. 6th Ed. Pp. 268-273, 459-464. Microsoft (2000). SQL Server Books Online. Creating and Maintaining Databases – Views. SQL Server 2000 Enterprise Manager – Help File. Riordan, R. M. (2001). Microsoft SQL Server 2000 Programming Step by Step. Microsoft Press. Redmond, WA. 1st Ed. Pp. 299322.