Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide


  1. 1. <ul><li>The protection of the database against intentional or unintentional threats using computer-based or non-computer-based controls. </li></ul>Database Security
  2. 2. <ul><li>The granting of a right or privilege, which enables a subject to have legitimate access to a system or a system’s object. </li></ul><ul><li>The term “object” represents a database table, view, application, procedure, or any other object that can be created within the system. </li></ul><ul><li>Closed systems vs. open system. </li></ul><ul><li>Ownership of objects gives the owner all appropriate privileges on the objects owned. </li></ul><ul><li>The DBMS needs to keep track of all privileges granted to users, and by whom, in order to maintain the correct set of privileges. </li></ul><ul><li>Authentication refers to a mechanism that determines whether a user is who he or she claims to be. </li></ul>Authorization
  3. 3. <ul><li>Database administrator (DBA) –manages the system and its users by performing administrative duties. </li></ul><ul><li>Security officer –enrolls users, controls and monitors user access to the database, and maintains system security. </li></ul><ul><li>Application developer – designs and implements database applications. </li></ul><ul><li>Application administrator – responsible for the administration needs of a particular application. </li></ul><ul><li>Database users – interact with the database via applications or utilities. </li></ul><ul><li>Network administrators – responsible for administering Oracle networking products, such as Net8. </li></ul>Type of Oracle Users
  4. 4. <ul><li>A predefined role, named &quot;DBA&quot;, is automatically created with every Oracle database. This role contains all database system privileges. Therefore, it is very powerful and should be granted only to fully functional database administrators. </li></ul><ul><li>Two user accounts are automatically created with the database and granted the DBA role: SYS – CHANGE_ON_INSTALL and SYSTEM – MANAGER. </li></ul><ul><li>The database administrator usernames need a more secure authentication scheme. </li></ul><ul><li>Network administrators – responsible for administering Oracle networking products, such as Net8. </li></ul>Database Administrator
  5. 5. Database Administrator Authentication Methods                                                                                    
  6. 6. <ul><li>Tablespaces – logical storage units that group related logical structures together. </li></ul><ul><li>Schema objects – the logical structures that directly refer to the database's data such as tables, views, sequences, stored procedures, synonyms, indexes, clusters, and database links. </li></ul><ul><li>Data block –a specific number of bytes of physical database space on disk. Its size is specified for each Oracle database when the database is created. </li></ul><ul><li>Extent –a specific number of contiguous data blocks, obtained in a single allocation, used to store a specific type of information. </li></ul><ul><li>Segment –a set of extents allocated for a certain logical structure. </li></ul>Logical Database Structure
  7. 7. Databases, Tablespaces, and Datafiles                                                                                                         
  8. 8. Datafiles and Tablespaces                                                                                                         
  9. 9. The Relationships Among Segments, Extents, and Data Blocks
  10. 10. <ul><li>Data files – Every Oracle database has one or more physical datafiles . One or more datafiles form a logical unit of database storage called a tablespace. </li></ul><ul><li>Redo log files – Every Oracle database has a set of two or more redo log files . The set of redo log files for a database is collectively known as the database's redo log . </li></ul><ul><li>Control files – Every Oracle database has a control file . A control file contains entries that specify the physical structure of the database such as database name, names and locations of the data files and redo log files, time stamp of database creation, etc. </li></ul>Physical Database Structure
  11. 11. <ul><li>Database user and schema – each user has a security domain that determines the privileges and roles, the tablespace quota, and the system resource limits for the user. </li></ul><ul><li>Privilege – a right to execute a particular type of SQL statement. </li></ul><ul><li>Roles – named groups of related privileges that are granted to users or other roles. </li></ul><ul><li>Storage settings and quotas – Oracle provides means for directing and limiting the use of disk space allocated to the database on a per user basis. </li></ul><ul><li>Resource limits – Each user is assigned a profile that specifies limitations on several system resources available to the user </li></ul><ul><li>Auditing – aid in the investigation of suspicious database use. </li></ul>Oracle Security Mechanism
  12. 12. Oracle Security Features                                                                                                         
  13. 13. <ul><li>A view is the dynamic result of one or more relational operations operating on the base relations to produce another relation. </li></ul><ul><li>Views hide irrelevant attributes and/or rows from those users who don’t need to know them. </li></ul><ul><li>A user can be granted privilege to use a view that is generated from several base tables but not privilege to use the base tables. </li></ul>Views (Subschemas)
  14. 14. <ul><li>The process of periodically taking a copy of the database and log file (and possibly programs) onto offline storage media. </li></ul><ul><li>A DBMS should provide logging facilities referred to as journaling, which keep track of the current state of transactions and database changes, to provide support for recovery procedures. </li></ul><ul><li>A DBMS should provide a checkpoint facility, which enables updates to the database which are in progress to be made permanent. When a checkpoint is taken, the DBMS ensures that all the data in main memory is written out to disk and a special checkpoint record is written to the journal. </li></ul>Backup
  15. 15. <ul><li>A backup is a copy of data. You can make physical backups using either the Oracle8 i Recovery Manager utility ( or operating system utilities ( </li></ul><ul><li>A physical backup is a copy of a datafile, tablespace, or database made at a specific time. </li></ul>Backup in Oracle
  16. 16. Whole Database Backup Options
  17. 17. Online Redo Log File Use in ARCHIVELOG Mode              
  18. 18. <ul><li>You can only restore the database to the point of the most recent full database backup. </li></ul><ul><li>You can only perform an operating system backup of the database when it is shut down cleanly. </li></ul><ul><li>You can only restore a whole database backup and then open the database when the backup was taken while the database was closed cleanly. </li></ul><ul><li>You cannot perform online tablespace backups. </li></ul><ul><li>You cannot take use the online tablespace backup previously taken while the database operates in the ARCHIVELOG mode. </li></ul>NONARCHIVELOG Mode
  19. 19. Tablespace Backups in NOARCHIVELOG Mode                                       
  20. 20. <ul><li>To restore a physical backup is to reconstruct it and make it available to the Oracle database server. </li></ul><ul><li>To recover a restored datafile is to update it using redo records , that is, records of changes made to the database after the backup was taken. </li></ul><ul><li>Oracle performs crash recovery and instance recovery automatically after an instance failure. Instance recovery is an automatic procedure that involves two distinct operations: rolling forward the backup to a more current time by applying online redo records and rolling back all changes made in uncommitted transactions to their original state. </li></ul><ul><li>Media recovery requires you to issue recovery commands. </li></ul>Recovery in Oracle
  21. 21. Restoring and Recovering a Database
  22. 22. <ul><li>Static Data Dictionary Views - change only when a change is made to the data dictionary, for example, when a new table is created or a user is granted new privileges. ( </li></ul><ul><li>Oracle contains a set of underlying views that are maintained by the server and accessible to the database administrator user SYS. These views are called dynamic performance views because they are continuously updated while a database is open and in use, and their contents relate primarily to performance. ( </li></ul>Information for DBA