<b><center>
<span style="font-size: 24pt; line-height: 1.2">
COMS W4111: Introduction to Databases
</span>
</center></b>
<p>
<i><center>
<span style="font-size: 20pt; line-height: 1.2">
Lecture 6 $-$ Advanced SQL, Data Modeling, Midterm Exam
</span>
</center></i>

__Environment Set Up__

In [78]:
%load_ext sql
%sql mysql+pymysql://root:dbuserdbuser@localhost/lahman2019clean
%sql select * from people where playerid='willite01'

The sql extension is already loaded. To reload it, use:
  %reload_ext sql
1 rows affected.


playerID,birthYear,birthMonth,birthDay,birthCountry,birthState,birthCity,deathYear,deathMonth,deathDay,deathCountry,deathState,deathCity,nameFirst,nameLast,nameGiven,weight,height,bats,throws,debut,finalGame,retroID,bbrefID,birthDate,deathDate
willite01,1918,8,30,USA,CA,San Diego,2002,7,5,USA,FL,Inverness,Ted,Williams,Theodore Samuel,205,75,L,R,1939-04-20,1960-09-28,willt103,willite01,1918-08-30 00:00:00,2002-07-05 00:00:00


# Introduction

## Today's Topics

1. Resolving some confusion around:
    - Key/index/column metadata and definitions.
    - REST, resources and databases.
<br><br>
3. A overview of data modeling, entity-relationship modeling.
<br><br>
2. A worked example for realizing some advanced SQL concepts.
<br><br>
4. Midterm discussion and walk-through.

## Questions, Answers, Discussion

### Column Order

- Reminder: Classic Models sample data (http://www.mysqltutorial.org/mysql-sample-database.aspx) that I use in examples.

| <img src="../../images/classic_models_er.png"> |
| :---: |
| __Class Models Sample Database__ |

- Consider the table ```classicmodels.offices.```

```
CREATE TABLE `offices` (
  `officeCode` varchar(10) NOT NULL,
  `city` varchar(50) NOT NULL,
  `phone` varchar(50) NOT NULL,
  `addressLine1` varchar(50) NOT NULL,
  `addressLine2` varchar(50) DEFAULT NULL,
  `state` varchar(50) DEFAULT NULL,
  `country` varchar(50) NOT NULL,
  `postalCode` varchar(15) NOT NULL,
  `territory` varchar(10) NOT NULL,
  PRIMARY KEY (`officeCode`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

```

- Just for the heck of it, I have decided that the combination ```(addressLine1, addressLine2, city, state, country, postalCode)``` must be unique. Two offices cannot have EXACTLY the same address.


- I added the constraints:

```
ALTER TABLE `classicmodels`.`offices` 
ADD UNIQUE INDEX `UQ_Address` (`addressLine1` ASC, `addressLine2` ASC, `city` ASC, `state` ASC, `country` ASC, `postalCode` ASC) VISIBLE;
;
```

- And the table is now, ...

```
CREATE TABLE `offices` (
  `officeCode` varchar(10) NOT NULL,
  `city` varchar(50) NOT NULL,
  `phone` varchar(50) NOT NULL,
  `addressLine1` varchar(50) NOT NULL,
  `addressLine2` varchar(50) DEFAULT NULL,
  `state` varchar(50) DEFAULT NULL,
  `country` varchar(50) NOT NULL,
  `postalCode` varchar(15) NOT NULL,
  `territory` varchar(10) NOT NULL,
  PRIMARY KEY (`officeCode`),
  UNIQUE KEY `UQ_Address` (`addressLine1`,`addressLine2`,`city`,`state`,`country`,`postalCode`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

```

- What happens if I examine the keys?

In [3]:
%sql show keys from classicmodels.offices

7 rows affected.


Table,Non_unique,Key_name,Seq_in_index,Column_name,Collation,Cardinality,Sub_part,Packed,Null,Index_type,Comment,Index_comment,Visible,Expression
offices,0,PRIMARY,1,officeCode,A,10,,,,BTREE,,,YES,
offices,0,UQ_Address,1,addressLine1,A,9,,,,BTREE,,,YES,
offices,0,UQ_Address,2,addressLine2,A,9,,,YES,BTREE,,,YES,
offices,0,UQ_Address,3,city,A,9,,,,BTREE,,,YES,
offices,0,UQ_Address,4,state,A,9,,,YES,BTREE,,,YES,
offices,0,UQ_Address,5,country,A,9,,,,BTREE,,,YES,
offices,0,UQ_Address,6,postalCode,A,9,,,,BTREE,,,YES,


- An equivalent query is,

In [4]:
%%sql
select
	constraint_name, table_schema, table_name, column_name,
    ordinal_position, position_in_unique_constraint,
    referenced_table_schema, referenced_table_name
    from information_schema.key_column_usage
	where
		table_schema='classicmodels' and table_name='offices';

7 rows affected.


constraint_name,table_schema,table_name,column_name,ordinal_position,position_in_unique_constraint,referenced_table_schema,referenced_table_name
PRIMARY,classicmodels,offices,officeCode,1,,,
UQ_Address,classicmodels,offices,city,3,,,
UQ_Address,classicmodels,offices,addressLine1,1,,,
UQ_Address,classicmodels,offices,addressLine2,2,,,
UQ_Address,classicmodels,offices,state,4,,,
UQ_Address,classicmodels,offices,country,5,,,
UQ_Address,classicmodels,offices,postalCode,6,,,


- There are two (or more) positions associated with a column:
    - _Ordinal position_ is the order in the ```CREATE TABLE``` statement.
    - $Seq\_in\_index$ is the order the columns in an index definition.
    - $Seq\_in\_index$ can set set explicitly when you define an index, or "implicitly" when you define a key constraint.
    - The order does not impact the correctness/integrity of the constraint, but can have odd, unexpected considerations due the fact that __it does matter__ for the created index.
    - Order __does__ matter in the index. We will discuss later in Module II.
    - Do not worry now, and it should not impact HW2 or the midterm but be aware that there _may_ be issues.
    
    
- To be transparent,
    - An index with order $(playerID, teamID, yearID, stint)$ 
        - Is an index on $(playerID),\  (playerID, teamID),\  (playerID, teamID, yearID)$ and  $(playerID, teamID, yearID, stint)$
        - Is __NOT__ an index/compatible with indexes of the form $(teamID),\  (playerID, yearID),$ ... 
    - This can sometimes cause issues when defining foreign keys.

### REST and Database Perspective

- There is a bit of confusion about the relationship between REST and "databases." For example, "Is a resource a table?"


- Everything on the web __is a resource.__ Resource is the abstraction. The server decides how to expose the things that it manages as resources.


- [Uniform Resource Locators (URL)](https://en.wikipedia.org/wiki/URL) locates/identifies a resource.


- We have covered the format, which is:

```
scheme:[//authority]path[?query][#fragment]
```

- ```scheme:[//authority]``` identify and locate the sever, and are like the ```pymysql.connect()``` parameters.


- ```path``` identifies the resource within the server, and the sever determines the mapping from the resource abstraction to the actual "thing" that is the resource.


- In our HW2 projects, __all__ of the following are resources:
    - ```http://127.0.0.1:50021/```
    - ```http://127.0.0.1:50021/api``` $-$ the resource that is the collection of all "apis."
    - ```http://127.0.0.1:50021/api/databases``` $-$ the resource that is the collection of all of the databases.
    - ``````http://127.0.0.1:50021/static/W4111/index.html``` $-$ the resource that is the "home page" for the application.
    
    
| <img src="../../images/resource_in_postman.png"> |
| :---: |
| __Home Page Resource in Postman__ |


| <img src="../../images/resource_in_browser.png"> |
| :---: |
| __Home Page Resource in Browser |

- The web is just a "database of resources."
    - REST (HTTP) defines the "resource database API."
    - The servers decide how to surface their internal resource/data model as web resources.
    - The server "routes" the request to code inside of it that can handle the request.
    

- The code structure for my (previous) version of HW2 is:

| <img src="../../images/rest_server_structure.png"> |
| :---: |
| __Project Structure__ |

- The abstract is that there is a set of resources,
    - Some may _contain_ other resources.
    - Some may be linked to other resources.
    

| <img src="../../images/rest_concepts.png"> |
| :---: |
| __Project Structure__ |

- If the resource is a _collection,_
    - ```?col1=x&coll3=y&...``` identifies the resources in the collection that "match the template."
    - POST means "put the thing I am POSTing into the collection, e.g. ```INSERT.```
    
    
- A common convention is to not support ```PUT``` and ```DELETE``` on collections.
    - ```DELETE``` on a collection is logically like ```DROP TABLE ...```
    - This is a _schema_ change (DML) not a data change (DDL), and not part of the API.
    
    
- And, the data is self-describing:
    - Data types:
        - Hypertext Transfer Protocol transfers __text.__
        - The text is a sequence of bytes, which could be HTML, JPG, ...
        - The _Content-Type_ headers allow the endpoints to know what the text means.
    - Links:
        - Resources are linked, by _hyperlinks._
        - The client application does not have to guess how to move between resources, e.g. guess how to use fields.
        - There are explicit links.
        

- This GET ```127.0.0.1:50021/api/lahman2019clean/people/dff21?fields=playerID,nameLast,nameFirst,height```


- Would return a body that looks something like this

```
{
    "playerID": "dff21",
    "nameLast": "Ferguson",
    "nameFirst": "Donald",
    "height": null,
    "links": [
        {
            "rel": "self",
            "href": "http://127.0.0.1:50021/api/lahman2019clean/people/dff21?fields=playerID,nameLast,nameFirst,height"
        },
        {
            "rel": "Appearances",
            "href": "/api/lahman2019clean/appearances?playerID=dff21"
        },
        {
            "rel": "Batting",
            "href": "/api/lahman2019clean/batting?playerID=dff21"
        },
        {
            "rel": "Managers",
            "href": "/api/lahman2019clean/managers?playerID=dff21"
        }
    ]
}
```

- The REST server gives you named links. You do not need to have special understanding of the data.

# Data Modeling/E-R Modeling

## Introduction

- There is a lot of good information and tutorials on data modeling/E-R modeling:
    - "Database System Concepts 7th Edition." Silberschatz, Henry F. Korth, S. Sudarshan, chapter 6.
    - "Database Management Systems, 3rd Edition."  Raghu Ramakrishnan, Johannes Gehrke, Chapter 3.
    - "ER Model - Basic Concepts," https://www.tutorialspoint.com/dbms/er_model_basic_concepts.htm
    
    
- My experience is that teams and projects build E-R Models, but not with the full rigor, notation, etc. that the tutorials and books define.


- I will go through some core concepts, and more importantly some patterns.


- I will also use a simplified notation: [Crow's Foot Notation](https://www.vertabelo.com/blog/crow-s-foot-notation/)
    - The notation is less complex and good enough for most scenarios.
    - Is the notation that MySQL Workbench uses.
    
    
| <img src="../../images/crows_foot_notation.jpeg"> |
| :--: |
| __Crow's Foot Notation__ |

## Data Modeling 

- “Data modeling (data modelling) is the analysis of data objects and their relationships to other data objects. Data modeling is often the first step in database design and object-oriented programming as the designers first create a conceptual model of how data items relate to each other. Data modeling involves a progression from conceptual model to logical model to physical schema.” (http://www.webopedia.com/TERM/D/data_modeling.html)


- Conceptual-Logical-Physical

| <img src="../../images/conceptuallogicalphysical.jpeg"> |
| :---: |
| [Data Model](https://en.wikipedia.org/wiki/Data_model) |


- “What is a datamodel?
A data model is a __notation__ for describing data or information. The description generally consists of three parts:
    - Structure of data.
    - Operations on the data.
    - Constraints on the data.”<br>
(Database Systems: The Complete Book (2nd Edition)
by Hector Garcia-Molina (Author), Jeffrey D. Ullman (Author), Jennifer Widom (Author))


- __Notation:__ 
    - "A visual notation is a graphical representation. It consists of graphical symbols, their definitions, and a visual grammar. Some examples of graphical symbols are: lines, surfaces, volumes, textual labels and spatial relationships. These elements are used to build the visual vocabulary of a notation; Mind Maps for example, consist of lines and labels. Visual representations are effective because they convey information more concisely and precisely than language. They are also better remembered." (https://www.sciencedaily.com/releases/2013/07/130718161429.htm)
    - Think "well-defined clipart" with grammar (rules, meaning)
    

## Forward Engineering $-$ Reverse Engineering

| <img src="../../images/forward_reverse_engineer.png" width="700px"> |
| :---: |
| [Forward/Reverse Engineering](http://erwin.com/bookshelf/public_html/Content/Installation/Implementation/Overview.html) |

"__Forward Engineering:__ Going from a logical data model to a physical data model. This is easy because the design includes all dependencies, indexes and relationships between the components of the data model.

__Reverse Engineering:__ Attempting to reconstruct the logical data model from a physical data model. This is hard because not every database engine has the means to store the interdependencies between objects in a logical model, and sometimes these relationships are lost altogether. This information has to be somehow recovered by analyzing the data and inferring the missing relationships."<br>
(https://stackoverflow.com/questions/32318183/what-is-the-difference-between-reverse-and-forward-engineering-in-sql)


- Most large environments and organizations wind up doing both, as well as "meet in the middle."

## Core Modeling Concepts

<hr style="height:2px;">	<img src='../../images/ch6/Slide7.jpeg'>	<hr style="height:2px;">
<hr style="height:2px;">	<img src='../../images/ch6/Slide9.jpeg'>	<hr style="height:2px;">

## Work Example $-$ Part 1

- Entity/Entity sets:
    - Student
    - Faculty
    - Course
    - Section
    
    
- Relationships:
    - Advises
    - Teaches
    - EnrolledIn
    
    
__Note:__ Will demo using an online tool: LucidChart    


- Basic concepts.
    - Entity sets
    - Associative Entity
    - Factoring, e.g. majors, departments, class codes, ...

## Inheritance

- E-R associations/relationships represent terms like:
    - A purchase order __has__ line items.
    - A shopping card __contains__ purchase items.
    - A course section __has__ enrolled students.
    - A course __has__ a prereqs.
    - MySQL installation __depends on__ the operating system.
    
    
- There is another type of association, __IsA.__
    - A __Batter__ is a __Person__
    - A __Pitcher__ is a __Person__
    - And this may not be exclusive, e.g. someone can be a Batter and Pitcher.
    
    
- Implementing _IsA_ is a design pattern in E-R diagrams and databases.


- The [Vertabelo blog](http://www.vertabelo.com/blog/technical-articles/inheritance-in-a-relational-database) has a good overview of inheritance modeling and implementation.


- (From the blog) Subclass/inheritance Constraints are described along two dimensions:
    - Incomplete/Complete
        - In an incomplete specialization only some instances of the parent class are specialized (have unique attributes). Other instances of the parent class have only the common attributes.
        -n In a complete specialization, every instance of the parent class has one or more unique attributes that are not common to the parent class.
    - Disjoint/Overlapping
        - In a disjoint specialization, an object could be a member of only one specialized subclass.
        - In an overlapping specialization, an object could be a member of more than one specialized subclass.
        
        
- (From Vertabelo blog) There are three core patterns for modeling inheritance/subclassing in relational data models.

| <img src="../../images/isa_1.jpeg"> |
| :---: |
| __Simple Model__ |

| <img src="../../images/isa_2.jpeg"> |
| :---: |
| __One Table__ |

| <img src="../../images/isa_3.jpeg"> |
| :---: |
| __Two Table__ |

| <img src="../../images/isa_4.jpeg"> |
| :---: |
| __Three Table__ |

## An Example

### Schema

- We will do a 3-table solution to ```Person, Student``` and ```Faculty```

```
CREATE TABLE `person3` (
  `uni` varchar(12) NOT NULL,
  `last_name` varchar(45) NOT NULL,
  `first_name` varchar(45) NOT NULL,
  `email` varchar(128) NOT NULL,
  PRIMARY KEY (`uni`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;


CREATE TABLE `student3` (
  `uni` varchar(12) NOT NULL,
  `school` varchar(12) NOT NULL,
  `major` varchar(12) NOT NULL,
  PRIMARY KEY (`uni`),
  CONSTRAINT `s_to_p` FOREIGN KEY (`uni`) REFERENCES `person3` (`uni`) ON DELETE NO ACTION ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8;


CREATE TABLE `faculty3` (
  `uni` varchar(12) NOT NULL,
  `title` varchar(12) NOT NULL,
  `department` varchar(12) NOT NULL,
  PRIMARY KEY (`uni`),
  CONSTRAINT `f_to_p` FOREIGN KEY (`uni`) REFERENCES `person3` (`uni`) ON DELETE NO ACTION ON UPDATE NO ACTION
) ENGINE=InnoDB DEFAULT CHARSET=utf8;

```

### Step 1: Generate UNI Function

- How to make a UNI?

```
CREATE DEFINER=`root`@`localhost` FUNCTION `generate_uni`(first_name varchar(32), last_name varchar(32)) RETURNS varchar(12) CHARSET utf8 deterministic
BEGIN

	declare f_prefix varchar(2);
    declare l_prefix varchar(2);
    declare prefix_count int;
    declare full_prefix varchar(5);
    declare result varchar(12);
    
    
    set f_prefix = lower(substr(first_name, 1, 2));
    set l_prefix = lower(substr(last_name, 1, 2));
    
    set full_prefix = concat(f_prefix, l_prefix, '%');
    
    set prefix_count = (select count(*) as count from person3 where uni like(full_prefix));
    
    set result = concat(f_prefix, l_prefix, prefix_count+1);
    
    return result;
    
END
```

In [7]:
%%sql
use w4111f19new;
select generate_uni('Donald', 'Ferguson') as uni

0 rows affected.
1 rows affected.


uni
dofe1


In [8]:
%%sql
insert into person3 values(
    generate_uni('Donald', 'Ferguson'), 'Donald', 'Ferguson', 'dff9@columbia.edu')

1 rows affected.


[]

In [9]:
%%sql
insert into person3 values(
    generate_uni('Douglas', 'Ferrer'), 'Douglas', 'Ferrer', 'dff21@columbia.edu')

1 rows affected.


[]

In [10]:
%sql select * from person3

2 rows affected.


uni,last_name,first_name,email
dofe1,Donald,Ferguson,dff9@columbia.edu
dofe2,Douglas,Ferrer,dff21@columbia.edu


### Digression: Functions, Procedures, Triggers

| <img src="../../images/function_procedure.png"> |
| :---: |
| __Functions vs. Stored Procedures__ |


- A trigger is a _procedure,_
    - The inputs are the old values and new values for a row(s).
    - You do not call a trigger. It happens when an event occurs. These are typically ```INSERT, UPDATE, DELETE.```
    - Does not return anything, but can modify the new rows.
    - May call arbitrary SQL.
    

### Step 2: Add Triggers to person3


- Trusting people to call the ```generate_uni()``` properly and every time is "risky."


- I want to __automatically__ generate the UNI on ```INSERT.``` I can use a trigger for this.


```
CREATE DEFINER=`root`@`localhost` TRIGGER `W4111F19`.`person3_BEFORE_INSERT` BEFORE INSERT ON `person3` FOR EACH ROW
BEGIN

	set new.uni = generate_uni(new.first_name, new.last_name);

END
```

- Make the UNI immutable on ```UPDATE.```

```
CREATE DEFINER=`root`@`localhost` TRIGGER `W4111F19`.`person3_BEFORE_UPDATE` BEFORE UPDATE ON `person3` FOR EACH ROW
BEGIN

	IF new.uni != old.uni then
		signal sqlstate '45002'
			set message_text="UNI is immutable";
	end if;
    
END
```

- Let's give it a try.

In [11]:
%%sql
    insert into person3 (first_name, last_name, email)
        values('Doogie', 'Felon', 'ddd@x.com')
    

1 rows affected.


  result = self._query(query)


[]

In [12]:
%sql select * from person3;

3 rows affected.


uni,last_name,first_name,email
dofe1,Donald,Ferguson,dff9@columbia.edu
dofe2,Douglas,Ferrer,dff21@columbia.edu
dofe3,Felon,Doogie,ddd@x.com


In [13]:
try:
    %sql update person3 set uni="cat" where uni="dofe3";
    print("This is bad.")
except Exception as e:
    print("This is good.")
    print("Exception e = ", e)

This is good.
Exception e =  (pymysql.err.InternalError) (1644, 'UNI is immutable')
[SQL: update person3 set uni="cat" where uni="dofe3";]
(Background on this error at: http://sqlalche.me/e/2j85)


### Step 3: Stored Procedures

- We do not want to rely on external applications to ensure integrity and understand schema.


- We cannot rely on every program and every programmer correctly inserting rows into people3, faculty3, ...


- We will make these operations an intrinsic part of the data model and will enforce integrity.


- We will write procedures that create, update and delete ```student3``` and ```faculty3```


```
CREATE DEFINER=`root`@`localhost` PROCEDURE `create_student3`(
	in l_name varchar(45), in f_name varchar(45), in e_mail varchar(128),
    in s varchar(12), in m varchar(12))
BEGIN

	declare new_uni varchar(12);
    
	insert into person3 (last_name, first_name, email)
		values(l_name, f_name, e_mail);
        
	set new_uni = (select uni from person3 where email=e_mail);
    
    insert into student3(uni, school, major)
		values(new_uni, s, m);
    

END

```

- And test.

In [14]:
%sql select * from student3;

0 rows affected.


uni,school,major


In [15]:
%sql select * from person3;

3 rows affected.


uni,last_name,first_name,email
dofe1,Donald,Ferguson,dff9@columbia.edu
dofe2,Douglas,Ferrer,dff21@columbia.edu
dofe3,Felon,Doogie,ddd@x.com


In [16]:
%sql call w4111f19new.create_student3('Ferguson', 'Donald', 'dddd', 'CC', 'CS');

1 rows affected.


[]

In [17]:
%sql select * from student3;

1 rows affected.


uni,school,major
dofe4,CC,CS


In [18]:
%sql select * from person3;

4 rows affected.


uni,last_name,first_name,email
dofe1,Donald,Ferguson,dff9@columbia.edu
dofe2,Douglas,Ferrer,dff21@columbia.edu
dofe3,Felon,Doogie,ddd@x.com
dofe4,Ferguson,Donald,dddd


### Some Comments

- This is not quite correct.


- I may want to encapsulate/hide the details of the inheritance implementation. Instead, I want to surface:
    - Query on ```student,``` and ```faculty,``` and ```person.```
    - Create, Update and Delete on ```student``` and ```faculty.```
    
    
- This is not the only model but is a reasonable one.


- I have a lot of examples in my teaching code. So, I am going to use "3all" for the table names.

In [20]:
%%sql
create view student3all as select
	*
from 
	person3 join student3 using(uni);

0 rows affected.


[]

In [21]:
%sql select * from student3all;

1 rows affected.


uni,last_name,first_name,email,school,major
dofe4,Ferguson,Donald,dddd,CC,CS


- Going to rename the stored procedure for completeness.

```
CREATE DEFINER=`root`@`localhost` PROCEDURE `create_student3all`(
	in l_name varchar(45), in f_name varchar(45), in e_mail varchar(128),
    in s varchar(12), in m varchar(12))
BEGIN

	declare new_uni varchar(12);
    
	insert into person3 (last_name, first_name, email)
		values(l_name, f_name, e_mail);
        
	set new_uni = (select uni from person3 where email=e_mail);
    
    insert into student3(uni, school, major)
		values(new_uni, s, m);
    

END

```

## Status

- Sort of encapsulated the data model. There is a view and there is a stored procedure. But, if people can still see the tables, they will play with them.


- ```root``` and ```dbuser``` are, well root. So, I cannot take the access away from them.


- Let's assume we have a simple user.

In [22]:
%sql create user 'simpleruser'@'%' identified by 'dbuserdbuser';

0 rows affected.


[]

- A variation of the principle of least privilege is to revoke all access rights, and then grant just the ones the user needs.
    - The worst that happens is that I forget to grant a right.
    - This is better than forgetting to "restrict a right."
    

In [81]:
%sql REVOKE ALL PRIVILEGES, GRANT OPTION FROM'simpleruser'@'%';

0 rows affected.


[]

- OK. So the user does not have any rights. We can add some.


- I am going to use code for accessing the databases to avoid having two connections from the notebook.

In [82]:
import pymysql
simple_u_conn = pymysql.connect(user='simpleruser', host='localhost', password='dbuserdbuser')

In [83]:
cur = simple_u_conn.cursor()
res = cur.execute('show databases;')
print(res)

1


In [84]:
d = cur.fetchall()
d

(('information_schema',),)

- OK. Simple user cannot really see anything. Let's grant some rights.

In [85]:
%sql grant select on `w4111f19new`.`student3all` to 'simpleruser'@'%';

0 rows affected.


[]

In [86]:
# Now let's reconnect and see what happens.
simple_u_conn = pymysql.connect(user='simpleruser', host='localhost', password='dbuserdbuser')
cur = simple_u_conn.cursor()
res = cur.execute('show databases;')
d = cur.fetchall()
d

(('information_schema',), ('w4111f19new',))

- Can now see the schema. Can the simpleruser do other things?

In [87]:
try:
    res = cur.execute('select * from w4111f19new.person3')
    d = cur.fetchall()
    print("This is bad.")
except Exception as e:
    print("Exception e = ", e)
    print("Getting an exception is correct.")

Exception e =  (1142, "SELECT command denied to user 'simpleruser'@'localhost' for table 'person3'")
Getting an exception is correct.


- Well, can the simpleruser see ```student3all.```

In [88]:
try:
    res = cur.execute('select * from w4111f19new.student3all')
    d = cur.fetchall()
    print("Getting data is good. The data is = ")
    print(d)
except Exception as e:
    print("Exception e = ", e)
    print("Getting an exception is bad!.")

Getting data is good. The data is = 
(('dofe4', 'Ferguson', 'Donald', 'dddd', 'CC', 'CS'),)


- What can the simpleruser see?

In [89]:
res = cur.execute('show tables from w4111f19new;')
d = cur.fetchall()
d

(('student3all',),)

- Cannot see any other tables. Can the user make a user? Not yet.

In [91]:
%sql grant execute on procedure `w4111f19new`.`create_student3all` to 'simpleruser'@'%';

0 rows affected.


[]

- New let's see if simpleruser can make a student3all.

In [92]:
res = cur.execute("call w4111f19new.create_student3all('Ferguson', 'Donald', 'eee', 'SEAS', 'ECON')")

In [93]:
simple_u_conn.commit()

In [95]:
q = "select * from w4111f19new.student3all"
res = cur.execute(q)
d = cur.fetchall()
d

(('dofe4', 'Ferguson', 'Donald', 'dddd', 'CC', 'CS'),
 ('dofe5', 'Ferguson', 'Donald', 'eee', 'SEAS', 'ECON'))

## Summary

- We have seen a few things.
    - Using a function to generate values from input parameters and queries to data.
    - Using triggers to automate computations during events, and also to prevent changes.
    - Using views to encapsulate underlying data.
    - Using stored procedures to provide capabilities to users without exposing access to underlying tables.
    - GRANT statements to enforce security and visibility.
    
    
- Now, on to the midterm!