Embed Size (px)
Citation preview
1
IT 244 Database Management System
Lecture 11More SQL
Constraints &Triggers, SQL Authorization ,Transactions
Foreign Keys, Local and Global Constraints, Privileges, Grant and Revoke, Grant Diagrams
Triggers, Serializability, Isolation Levels, Atomicity
Ref : - A First Course in Database System (Jeffrey D Ullman, Jennifer Widom) + online.
2
Constraints and Triggers
• A constraint is a relationship among data elements that the DBMS is required to enforce.– Example: key constraints.
• Triggers are only executed when a specified condition occurs, e.g., insertion of a tuple.– Easier to implement than many constraints.
3
Kinds of Constraints• Keys.
• Foreign-key, or referential-integrity.
• Value-based constraints.– Constrain values of a particular attribute.
• Tuple-based constraints.– Relationship among components.
• Assertions: any SQL boolean expression.
4
Foreign Keys
• Consider Relation Sells(bar, beer, price).
• We might expect that a beer value is a real beer --- something appearing in Beers.name .
• A constraint that requires a beer in Sells to be a beer in Beers is called a foreign -key constraint.
5
Expressing Foreign Keys
• Use the keyword REFERENCES, either:1. Within the declaration of an attribute, when
only one attribute is involved.
2. As an element of the schema, as:
FOREIGN KEY ( <list of attributes> )
REFERENCES <relation> ( <attributes> )
• Referenced attributes must be declared PRIMARY KEY or UNIQUE.
6
Example: With Attribute
CREATE TABLE Beers (
nameCHAR(20) PRIMARY KEY,
manfCHAR(20) );
CREATE TABLE Sells (
bar CHAR(20),
beerCHAR(20) REFERENCES Beers(name),
price REAL );
7
Example: As Element
CREATE TABLE Beers (nameCHAR(20) PRIMARY KEY,manfCHAR(20) );
CREATE TABLE Sells (bar CHAR(20),beerCHAR(20),price REAL,FOREIGN KEY(beer) REFERENCES Beers(name));
8
Enforcing Foreign-Key Constraints• If there is a foreign-key constraint from
attributes of relation R to the primary key of relation S, two violations are possible:
1. An insert or update to R introduces values not found in S.
2. A deletion or update to S causes some tuples of R to “dangle.”
9
Actions Taken -- 1
• Suppose R = Sells, S = Beers.
• An insert or update to Sells that introduces a nonexistent beer must be rejected.
• A deletion or update to Beers that removes a beer value found in some tuples of Sells can be handled in three ways.
10
Actions Taken -- 2
• The three possible ways to handle beers that suddenly cease to exist are:
1. Default : Reject the modification.
2. Cascade : Make the same changes in Sells. Deleted beer: delete Sells tuple. Updated beer: change value in Sells.
3. Set NULL : Change the beer to NULL.
11
Example: Cascade
• Suppose we delete the Royal tuple from Beers.– Then delete all tuples from Sells that have
beer = ’Royal’.
• Suppose we update the Royal tuple by changing ’Royal’ to ’Budweiser’.– Then change all Sells tuples with beer =
’Royal’ so that beer = ’Budweiser’.
12
Example: Set NULL
• Suppose we delete the Royal tuple from Beers.– Change all tuples of Sells that have beer =
’Royal’ to have beer = NULL.
• Suppose we update the Royal tuple by changing ’Royal’ to ’Budweiser’.– Same change.
13
Choosing a Policy• When we declare a foreign key, we may
choose policies SET NULL or CASCADE independently for deletions and updates.
• Follow the foreign-key declaration by:
ON [UPDATE, DELETE][SET NULL CASCADE]
• Two such clauses may be used.
• Otherwise, the default (reject) is used.
14
Example
CREATE TABLE Sells (bar CHAR(20),beer CHAR(20),price REAL,FOREIGN KEY(beer)
REFERENCES Beers(name)ON DELETE SET NULLON UPDATE CASCADE );
15
Attribute-Based Checks
• Put a constraint on the value of a particular attribute.
• CHECK( <condition> ) must be added to the declaration for the attribute.
• The condition may use the name of the attribute, but any other relation or attribute name must be in a subquery.
16
Example
CREATE TABLE Sells (
bar CHAR(20),
beer CHAR(20) CHECK ( beer IN
(SELECT name FROM Beers)),
price REAL CHECK ( price <= 5.00 )
);
17
Timing of Checks• An attribute-based check is checked only
when a value for that attribute is inserted or updated.– Example: CHECK (price <= 5.00) checks
every new price and rejects it if it is more than $5.
– Example: CHECK (beer IN (SELECT name FROM Beers)) not checked if a beer is deleted from Beers (unlike foreign-keys).
18
Tuple-Based Checks
• CHECK ( <condition> ) may be added as another element of a schema definition.
• The condition may refer to any attribute of the relation, but any other attributes or relations require a subquery.
• Checked on insert or update only.
19
Example: Tuple-Based Check• Only BF’s Bar can sell beer for more than $5:
CREATE TABLE Sells (
bar CHAR(20),
beer CHAR(20),
price REAL,
CHECK (bar = ’BF’’s Bar’ OR
price <= 5.00)
);
20
Assertions
• These are database-schema elements, like relations or views.
• Defined by:
CREATE ASSERTION <name>
CHECK ( <condition> );
• Condition may refer to any relation or attribute in the database schema.
21
Example: Assertion
• In Sells(bar, beer, price), no bar may charge an average of more than $5.
CREATE ASSERTION NoRipoffBars CHECK (NOT EXISTS (
SELECT bar FROM SellsGROUP BY barHAVING 5.00 < AVG(price)
));
Bars with anaverage priceabove $5
22
Example: Assertion
• In Drinkers(name, addr, phone) and Bars(name, addr, license), there cannot be more bars than drinkers.
CREATE ASSERTION FewBar CHECK (
(SELECT COUNT(*) FROM Bars) <=
(SELECT COUNT(*) FROM Drinkers)
);
23
Timing of Assertion Checks
• In principle, we must check every assertion after every modification to any relation of the database.
• A clever system can observe that only certain changes could cause a given assertion to be violated.– Example: No change to Beers can affect
FewBar. Neither can an insertion to Drinkers.
24
Triggers: Motivation
• Attribute- and tuple-based checks have limited capabilities.
• Assertions are sufficiently general for most constraint applications, but they are hard to implement efficiently.– The DBMS must have real intelligence to
avoid checking assertions that couldn’t possibly have been violated.
25
Triggers: Solution
• A trigger allows the user to specify when the check occurs.
• Like an assertion, a trigger has a general-purpose condition and also can perform any sequence of SQL database modifications.
26
Event-Condition-Action Rules
• Another name for “trigger” is ECA rule, or event-condition-action rule.
• Event : typically a type of database modification, e.g., “insert on Sells.”
• Condition : Any SQL boolean-valued expression.
• Action : Any SQL statements.
27
Example: A Trigger
• There are many details to learn about triggers.
• Here is an example to set the stage.
• Instead of using a foreign-key constraint and rejecting insertions into Sells(bar, beer, price) with unknown beers, a trigger can add that beer to Beers, with a NULL manufacturer.
28
Example: Trigger Definition
CREATE TRIGGER BeerTrig
AFTER INSERT ON Sells
REFERENCING NEW ROW AS NewTuple
FOR EACH ROW
WHEN (NewTuple.beer NOT IN
(SELECT name FROM Beers))
INSERT INTO Beers(name)
VALUES(NewTuple.beer);
The event
The condition
The action
29
Options: CREATE TRIGGER
• CREATE TRIGGER <name>
• Option:
CREATE OR REPLACE TRIGGER <name>– Useful if there is a trigger with that name and
you want to modify the trigger.
30
Options: The Condition
• AFTER can be BEFORE.– Also, INSTEAD OF, if the relation is a view.
• A great way to execute view modifications: have triggers translate them to appropriate modifications on the base tables.
• INSERT can be DELETE or UPDATE.– And UPDATE can be UPDATE . . . ON a
particular attribute.
31
Options: FOR EACH ROW• Triggers are either row-level or statement-
level.• FOR EACH ROW indicates row-level; its
absence indicates statement-level.• Row level triggers are executed once for
each modified tuple.• Statement-level triggers execute once for
an SQL statement, regardless of how many tuples are modified.
32
Options: REFERENCING• INSERT statements imply a new tuple (for
row-level) or new set of tuples (for statement-level).
• DELETE implies an old tuple or table.
• UPDATE implies both.
• Refer to these by
[NEW OLD][TUPLE TABLE] AS <name>
33
Options: The Condition• Any boolean-valued condition is
appropriate.
• It is evaluated before or after the triggering event, depending on whether BEFORE or AFTER is used in the event.
• Access the new/old tuple or set of tuples through the names declared in the REFERENCING clause.
34
Options: The Action
• There can be more than one SQL statement in the action.– Surround by BEGIN . . . END if there is more
than one.
• But queries make no sense in an action, so we are really limited to modifications.
35
Another Example
• Using Sells(bar, beer, price) and a unary relation RipoffBars(bar) created for the purpose, maintain a list of bars that raise the price of any beer by more than $1.
36
The Trigger
CREATE TRIGGER PriceTrigAFTER UPDATE OF price ON SellsREFERENCING
OLD ROW as oldNEW ROW as new
FOR EACH ROWWHEN(new.price > old.price + 1.00)INSERT INTO RipoffBars
VALUES(new.bar);
The event –only changesto prices
Updates let ustalk about oldand new tuples
We need to considereach price change
Condition:a raise inprice > $1
When the price changeis great enough, addthe bar to RipoffBars
37
Triggers on Views• Generally, it is impossible to modify a view,
because it doesn’t exist.• But an INSTEAD OF trigger lets us
interpret view modifications in a way that makes sense.
• Example: We’ll design a view Heilala that has (drinker, beer, bar) triples such that the bar serves the beer, the drinker frequents the bar and likes the beer.
38
Example: The View
CREATE VIEW Heilala AS
SELECT Likes.drinker, Likes.beer, Sells.bar
FROM Likes, Sells, Frequents
WHERE Likes.drinker = Frequents.drinker
AND Likes.beer = Sells.beer
AND Sells.bar = Frequents.bar;
Natural join of Likes,Sells, and Frequents
Pick one copy ofeach attribute
39
Interpreting a View Insertion• We cannot insert into Heilala --- it is a
view.
• But we can use an INSTEAD OF trigger to turn a (drinker, beer, bar) triple into three insertions of projected pairs, one for each of Likes, Sells, and Frequents.– The Sells.price will have to be NULL.
40
The Trigger
CREATE TRIGGER ViewTrig
INSTEAD OF INSERT ON Heilala
REFERENCING NEW ROW AS n
FOR EACH ROW
BEGIN
INSERT INTO LIKES VALUES(n.drinker, n.beer);
INSERT INTO SELLS(bar, beer) VALUES(n.bar, n.beer);
INSERT INTO FREQUENTS VALUES(n.drinker, n.bar);
END;
41
Summary
• Constraints and Triggers
• Kinds of Constraints (Foreign Keys)
• Attribute-Based Checks
• Assertions
• Event-Condition-Action Rules
• Triggers
• Triggers on Views
42
SQL Authorization
Privileges, Grant and Revoke
Grant Diagrams
43
Authorization
• A file system identifies certain privileges on the objects (files) it manages.– Typically read, write, execute.
• A file system identifies certain participants to whom privileges may be granted.– Typically the owner, a group, all users.
44
Privileges --- 1
• SQL identifies a more detailed set of privileges on objects (relations) than the typical file system.
• Nine privileges in all, some of which can be restricted to one column of one relation.
45
Privileges --- 2
• Some important privileges on a relation:1. SELECT = right to query the relation.
2. INSERT = right to insert tuples. May apply to only one attribute.
3. DELETE = right to delete tuples.
4. UPDATE = right to update tuples. May apply to only one attribute.
46
Example: Privileges
• For the statement below:
INSERT INTO Beers(name)
SELECT beer FROM Sells
WHERE NOT EXISTS
(SELECT * FROM Beers
WHERE name = beer);• We require privileges SELECT on Sells and
Beers, and INSERT on Beers or Beers.name.
beers that donot appear inBeers. We addthem to Beerswith a NULLmanufacturer.
47
Authorization ID’s
• A user is referred to by authorization ID, typically their name.
• There is an authorization ID PUBLIC.– Granting a privilege to PUBLIC makes it
available to any authorization ID.
48
Granting Privileges
• You have all possible privileges on the objects, such as relations, that you create.
• You may grant privileges to other users (authorization ID’s), including PUBLIC.
• You may also grant privileges WITH GRANT OPTION, which lets the grantee also grant this privilege.
49
The GRANT Statement
• To grant privileges, say:
GRANT <list of privileges>
ON <relation or other object>
TO <list of authorization ID’s>;
• If you want the recipient(s) to be able to pass the privilege(s) to others add:
WITH GRANT OPTION
50
Example: GRANT
• Suppose you are the owner of Sells. You may say:
GRANT SELECT, UPDATE(price)
ON Sells
TO sione;
• Now Sione has the right to issue any query on Sells and can update the price component only.
51
Example: Grant Option
• Suppose we also grant:
GRANT UPDATE ON Sells TO sione
WITH GRANT OPTION;
• Now, Sione can not only update any attribute of Sells, but can grant to others the privilege UPDATE ON Sells.– Also, she can grant more specific
privileges like UPDATE(price) ON Sells.
52
Revoking Privileges
REVOKE <list of privileges>
ON <relation or other object>
FROM <list of authorization ID’s>;
• Your grant of these privileges can no longer be used by these users to justify their use of the privilege.– But they may still have the privilege because
they obtained it independently from elsewhere.
53
REVOKE Options• We must append to the REVOKE
statement either:1. CASCADE. Now, any grants made by a
revokee are also not in force, no matter how far the privilege was passed.
2. RESTRICT. If the privilege has been passed to others, the REVOKE fails as a warning that something else must be done to “chase the privilege down.”
54
Grant Diagrams
• Nodes = user/privilege/option/isOwner?– UPDATE ON R, UPDATE(a) on R, and
UPDATE(b) ON R live in different nodes.– SELECT ON R and SELECT ON R WITH
GRANT OPTION live in different nodes.
• Edge X ->Y means that node X was used to grant Y.
55
Notation for Nodes• Use AP for the node representing
authorization ID A having privilege P.– P * represents privilege P with grant option.– P ** represents the source of the privilege P.
That is, AP ** means A is the owner of the object on which P is a privilege.
• Note ** implies grant option.
56
Manipulating Edges --- 1• When A grants P to B, We draw an edge
from AP * or AP ** to BP.– Or to BP * if the grant is with grant option.
• If A grants a subprivilege Q of P (say UPDATE(a) on R when P is UPDATE ON R) then the edge goes to BQ or BQ *, instead.
57
Manipulating Edges --- 2
• Fundamental rule: user C has privilege Q as long as there is a path from XQ ** (the origin of privilege Q ) to CQ, CQ *, or CQ**.– Remember that XQ** could be CQ**.
58
Manipulating Edges --- 3
• If A revokes P from B with the CASCADE option, delete the edge from AP to BP.
• If A uses RESTRICT, and there is an edge from BP to anywhere, then reject the revocation and make no change to the graph.
59
Manipulating Edges --- 4
• Having revised the edges, we must check that each node has a path from some ** node, representing ownership.
• Any node with no such path represents a revoked privilege and is deleted from the diagram.
60
Example: Grant Diagram
AP**
A owns theobject onwhich P isa privilege
BP*
A: GRANT PTO B WITHGRANT OPTION
CP*
B: GRANT PTO C WITHGRANT OPTION
CP
A: GRANT PTO C
61
Example: Grant Diagram
AP** BP* CP*
CP
A executesREVOKE P FROM B CASCADE;
However, C stillhas P without grantoption because ofthe direct grant.
Not only does B loseP*, but C loses P*.Delete BP* and CP*.
Even hadC passed Pto B, bothnodes arestill cut off.
62
Summary• Authorization• Privileges • Authorization ID’s• Granting Privileges• The GRANT Statement and Grant Option• Revoking Privileges and REVOKE Options• Grant Diagrams• Notation for Nodes• Manipulating Edges
63
Transactions
Serializability, Isolation LevelsAtomicity
64
The Setting
• Database systems are normally being accessed by many users or processes at the same time.– Both queries and modifications.
• Unlike Operating Systems, which support interaction of processes, a DMBS needs to keep processes from troublesome interactions.
65
Example: Bad Interaction
• You and your spouse each take $100 from different ATM’s at about the same time.– The DBMS better make sure one account
deduction doesn’t get lost.
• Compare: An OS allows two people to edit a document at the same time. If both write, one’s changes get lost.
66
ACID Transactions• A DBMS is expected to support “ACID
transactions,” which are:– Atomic : Either the whole process is done or
none is.– Consistent : Database constraints are
preserved.– Isolated : It appears to the user as if only one
process executes at a time.– Durable : Effects of a process do not get lost if
the system crashes.
67
Transactions in SQL
• SQL supports transactions, often behind the scenes.– Each statement issued at the generic query
interface is a transaction by itself.– In programming interfaces like Embedded
SQL or PSM, a transaction begins the first time an SQL statement is executed and ends with the program or an explicit end.
68
COMMIT
• The SQL statement COMMIT causes a transaction to complete.– It’s database modifications are now
permanent in the database.
69
ROLLBACK
• The SQL statement ROLLBACK also causes the transaction to end, but by aborting.– No effects on the database.
• Failures like division by 0 can also cause rollback, even if the programmer does not request it.
70
An Example: Interacting Processes
• Assume the usual Sells(bar,beer,price) relation, and suppose that BF’s Bar sells only Royal for $2.50 and VB for $3.00.
• Sione is querying Sells for the highest and lowest price BF charges.
• BF decides to stop selling Royal and VB, but to sell only Ikale at $3.50.
71
Sione’s Program
• Sione executes the following two SQL statements, which we call (min) and (max), to help remember what they do.
(max) SELECT MAX(price) FROM Sells
WHERE bar = ‘BF’’s Bar’;
(min) SELECT MIN(price) FROM Sells
WHERE bar = ‘BF’’s Bar’;
72
BF’s Program• At about the same time, BF executes the
following steps, which have the mnemonic names (del) and (ins).
(del) DELETE FROM Sells
WHERE bar = ‘BF’’s Bar’;
(ins) INSERT INTO Sells
VALUES(‘BF’’s Bar’, ‘Ikale’,
3.50);
73
Interleaving of Statements
• Although (max) must come before (min) and (del) must come before (ins), there are no other constraints on the order of these statements, unless we group Sione’s and/or BF’s statements into transactions.
74
Example: Strange Interleaving
• Suppose the steps execute in the order (max)(del)(ins)(min).
BF’s Prices:
Statement:
Result:
• Sione sees MAX < MIN!
2.50, 3.00
(del) (ins)
3.50
(min)
3.50
2.50, 3.00
(max)
3.00
75
Fixing the Problem With Transactions
• If we group Sione’s statements (max)(min) into one transaction, then he cannot see this inconsistency.
• He see’s BF’s prices at some fixed time.– Either before or after he changes prices, or in
the middle, but the MAX and MIN are computed from the same prices.
76
Another Problem: Rollback• Suppose BF executes (del)(ins), but after
executing these statements, thinks better of it and issues a ROLLBACK statement.
• If Sione executes his transaction after (ins) but before the rollback, he sees a value, 3.50, that never existed in the database.
77
Solution
• If BF executes (del)(ins) as a transaction, its effect cannot be seen by others until the transaction executes COMMIT.– If the transaction executes ROLLBACK
instead, then its effects can never be seen.
78
Isolation Levels
• SQL defines four isolation levels = choices about what interactions are allowed by transactions that execute at about the same time.
• How a DBMS implements these isolation levels is highly complex, and a typical DBMS provides its own options.
79
Choosing the Isolation Level
• Within a transaction, we can say:
SET TRANSACTION ISOLATION LEVEL X
where X =1. SERIALIZABLE
2. REPEATABLE READ
3. READ COMMITTED
4. READ UNCOMMITTED
80
Serializable Transactions• If Sione = (max)(min) and BF = (del)(ins) are
each transactions, and Sione runs with isolation level SERIALIZABLE, then he will see the database either before or after BF runs, but not in the middle.
• It’s up to the DBMS vendor to figure out how to do that, e.g.:– True isolation in time.– Keep BF’s old prices around to answer Sione’s
queries.
81
Isolation Level Is Personal Choice
• Your choice, e.g., run serializable, affects only how you see the database, not how others see it.
• Example: If BF Runs serializable, but Sione doesn’t, then Sione might see no prices for BF’s Bar.– i.e., it looks to Sione as if he ran in the
middle of BF’s transaction.
82
Read-Commited Transactions
• If Sione runs with isolation level READ COMMITTED, then he can see only committed data, but not necessarily the same data each time.
• Example: Under READ COMMITTED, the interleaving (max)(del)(ins)(min) is allowed, as long as BF commits.– Sione sees MAX < MIN.
83
Repeatable-Read Transactions
• Requirement is like read-committed, plus: if data is read again, then everything seen the first time will be seen the second time.– But the second and subsequent reads may
see more tuples as well.
84
Example: Repeatable Read
• Suppose Sione runs under REPEATABLE READ, and the order of execution is (max)(del)(ins)(min).– (max) sees prices 2.50 and 3.00.– (min) can see 3.50, but must also see 2.50
and 3.00, because they were seen on the earlier read by (max).
85
Read Uncommitted
• A transaction running under READ UNCOMMITTED can see data in the database, even if it was written by a transaction that has not committed (and may never).
• Example: If Sione runs under READ UNCOMMITTED, she could see a price 3.50 even if BF later aborts.
86
Summary• The Setting• ACID Transactions• Transactions in SQL• COMMIT• ROLLBACK• Isolation Levels• Serializable Transactions• Read-Commited Transactions• Repeatable-Read Transactions
