Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Database Controls


Published on

  • Be the first to comment

  • Be the first to like this

Database Controls

  1. 1. Database Controls Chapter 14
  2. 2. Introduction <ul><li>The database subsystem is responsible for defining, creating, modifying, deleting, and reading data in an information system </li></ul><ul><li>It maintains declarative data, relating to the specific aspects of real- world objects and their associations. </li></ul><ul><li>The major components in the database subsystem are the database management system used to manage the data, the application programs that perform operations on data, the central processor and primary storage in which operations are performed and the storage media that maintains the permanent or semi-permanent copy of the database </li></ul>
  3. 3. Introduction <ul><li>Declarative data </li></ul><ul><li>Procedural data </li></ul><ul><li>Knowledge base </li></ul><ul><li>Object oriented </li></ul><ul><li>Data warehouses </li></ul><ul><li>Data marts </li></ul><ul><li>Data mining </li></ul>
  4. 4. Topics to Consider <ul><li>Access Controls </li></ul><ul><li>Integrity Controls </li></ul><ul><li>Application Software Controls </li></ul><ul><li>Concurrency Controls </li></ul><ul><li>Cryptographic Controls </li></ul><ul><li>File Handling Controls </li></ul><ul><li>Audit Trail Controls </li></ul><ul><li>Existence Controls </li></ul>
  5. 5. Access Control Policy <ul><li>Used to prevent unauthorized access to and use of data </li></ul><ul><li>Discretionary – users can specify who can access the data they own and what action privileges they have </li></ul><ul><li>Mandatory – system administrator assigns security aspects to data that cannot be changed by database users </li></ul>
  6. 6. Discretionary Access Controls <ul><li>Permit or deny access to: </li></ul><ul><li>Name dependent restrictions </li></ul><ul><li>Content dependent restrictions </li></ul><ul><li>Context dependent restrictions </li></ul><ul><li>History dependent restrictions </li></ul>
  7. 7. Mandatory Access Controls <ul><li>Classification level </li></ul><ul><ul><li>Assigned to specific data attributes or relations in a record or </li></ul></ul><ul><ul><li>to records or relations as a whole </li></ul></ul><ul><li>Clearance level assigned to users </li></ul><ul><li>Security system compares 2 >= 1 OK </li></ul>
  8. 8. Some Implementation Issues <ul><li>Single or multiple components </li></ul><ul><li>Efficiency and effectiveness versus size of the kernel </li></ul><ul><li>Security exercised in the operating system and the database </li></ul><ul><li>Distributed databases </li></ul><ul><ul><li>Database replication </li></ul></ul><ul><ul><li>Database partition </li></ul></ul>
  9. 9. Elements of the User-Level Security Model <ul><li>To establish User-Level security, the Jet database engine uses a set of elements that, taken as a whole, describe the model. The four elements that make up the model are: </li></ul><ul><ul><li>The user of your solution   This may be a real person or a process running on a computer. </li></ul></ul><ul><ul><li>The group   A group is a collection of users who require the same level of access to a set of objects. Users can belong to more than one group. </li></ul></ul><ul><ul><li>The SystemDB or workgroup information file   This is a Microsoft Jet database that stores the definitions of users, groups, and passwords. </li></ul></ul><ul><ul><li>Your database   The database contains your solution's objects, along with the permissions settings for each object for each user and group. </li></ul></ul>
  10. 10. The Microsoft Jet Security Model
  11. 11. DBMS Integrity Controls <ul><li>Maintain accuracy, completeness and uniqueness of instances of the constructs used within the conceptual modeling or data modeling approach used to structure the database </li></ul>
  12. 12. Integrity Controls <ul><li>Entity-Relationship Model Integrity Constraints </li></ul><ul><li>Relational Model Constraints </li></ul><ul><li>Object Data Model Integrity Constraints </li></ul><ul><li>Referential, Composition, Cardinality </li></ul>Uniqueness Maximum cardinality Minimum cardinality Entity identifier Value type identifier Value set of identifier Primary Key Unique PK not Null Entity Referential Unique identifier Unique key Value type of attribute Value set of attribute Types of inheritance
  13. 13. Application Software Controls <ul><li>Update Protocols </li></ul><ul><ul><li>Sequence check order of transaction and master files </li></ul></ul><ul><ul><li>Ensure all records on files are processed </li></ul></ul><ul><ul><li>Process multiple transactions for a single record in the correct order </li></ul></ul><ul><ul><li>Maintain a suspense account </li></ul></ul><ul><li>Report Protocols </li></ul><ul><ul><li>Print control data for internal table (standing data) </li></ul></ul><ul><ul><li>Print run-to-run control totals </li></ul></ul><ul><ul><li>Print suspense account entries </li></ul></ul>
  14. 14. Concurrency Controls <ul><li>Nature of the shared data resource problem </li></ul><ul><li>The problem of deadlock </li></ul><ul><ul><li>lockout / concurrency / additional request / no preemption / circular wait </li></ul></ul><ul><li>Solutions to deadlock </li></ul><ul><li>Preventing deadlock </li></ul><ul><ul><li>ACID properties - atomicity/consistency/isolation/durability </li></ul></ul>
  15. 15. Distributed database concurrency controls <ul><li>This is more complex </li></ul><ul><li>Replicated databases – one replica is designated as the primary copy </li></ul><ul><li>Before accessing a data item, a transaction must acquire a lock on the primary copy </li></ul><ul><li>Partitioned database – a transaction must first find the scheduler for the data item is is seeking to access </li></ul>
  16. 16. Cryptographic Controls <ul><li>Primary means used is block encryption – stream encryption would require extra data be accessed and would slow down retrieval </li></ul><ul><li>Portable media encrypted by a secure encryption device in the controller. Privacy is protected if the media is stolen, but one users data is not protected from actions by another user. </li></ul><ul><li>To protect one user’s data from another user we need personal cryptographic keys </li></ul><ul><li>Shared schemes </li></ul><ul><ul><li>file key / secondary key / master key / protect access to the secondary key (password or clearance) </li></ul></ul>
  17. 17. File Handling Controls <ul><li>Internal Label </li></ul><ul><li>Generation Number </li></ul><ul><li>Retention Date </li></ul><ul><li>Control Totals </li></ul><ul><li>Magnetic tape file protection rings </li></ul><ul><li>Read only switches </li></ul><ul><li>External labels </li></ul>
  18. 18. Audit Trail Controls <ul><li>Accounting Audit Trail maintains the chronology of events that occur in the database definition or in the database itself </li></ul><ul><li>It must permit either an: </li></ul><ul><ul><li>implosion operation – data can be traced from its source to the items it affects </li></ul></ul><ul><ul><li>or an explosion operation – the sequence of events that have occurred in a data item in the database definition or the database can be reconstructed </li></ul></ul><ul><li>Certain condition are difficult to handle </li></ul>
  19. 19. Audit Trail Controls <ul><li>Unique time stamp on all transactions </li></ul><ul><ul><li>Implosion purpose </li></ul></ul><ul><ul><li>Explosion purpose </li></ul></ul><ul><li>Attach before and after images of the data item against which the transaction is applied </li></ul><ul><li>Facilities to define, create, modify, delete and retrieve data in the audit trail </li></ul><ul><li>Retention time for the audit trail </li></ul>
  20. 20. Operational audit trail <ul><li>Maintains the chronology of resource consumption events that affect the database definition or the database. </li></ul><ul><li>Database Administrators use the operation audit trail to determine when the database needs to be reorganized or when the processes that access the database need to be rewritten to improve their efficiency </li></ul>
  21. 21. Existence Controls <ul><li>Cause of destruction or damage </li></ul><ul><ul><li>Application program error </li></ul></ul><ul><ul><li>System software error </li></ul></ul><ul><ul><li>Hardware failure </li></ul></ul><ul><ul><li>Procedural error </li></ul></ul><ul><ul><li>Environmental failure </li></ul></ul><ul><li>Existence controls in the database system must restore the database in the event of loss - Backup and Recovery </li></ul>
  22. 22. Backup strategies <ul><li>All backup strategies require maintenance of : </li></ul><ul><ul><li>a prior version of the database and </li></ul></ul><ul><ul><li>a log of transactions or changes to the database </li></ul></ul><ul><ul><li>update creates new physical version of the backup - retain </li></ul></ul><ul><ul><li>otherwise, periodically a dump of the database is required </li></ul></ul>
  23. 23. SQL Server 2000 backup and restore capabilities <ul><li>Options for how a database is backed up and restored: </li></ul><ul><li>A transaction log backup copies only the transaction log. </li></ul><ul><li>A differential backup copies only the database pages modified after the last full database backup. </li></ul><ul><li>A file or filegroup restore allows the recovery of just the portion of a database that was on the failed disk. </li></ul><ul><li>A full database backup is a full copy of the database. </li></ul>
  24. 24. Recovery Strategies <ul><li>Roll-forward operation – the current state of the database is recovered from a previous version </li></ul><ul><li>Roll-back operation – a previous state of the database id recovered from the current one </li></ul>Database Database Current Previous Roll-forward Roll-back
  25. 25. Existence Control Strategies <ul><li>Grandfather, Father, Son Strategy </li></ul><ul><li>Dual Recording/Mirroring Strategy </li></ul><ul><li>Dumping </li></ul><ul><ul><li>physical dump </li></ul></ul><ul><ul><li>logical dump - complexity with shared DB </li></ul></ul><ul><li>Logging: input, beforeimages, afterimages </li></ul><ul><li>Strengths and limitations </li></ul><ul><li>Residual Dumping </li></ul><ul><li>Differential files/shadow paging </li></ul>
  26. 26. Grandfather, Father, Son Strategy Transaction File Input master file Update Reports Output Master File Update Program (Grandfather—kept for further 2 cycles) (Father—kept for further 2 cycles)
  27. 27. Dual recording/mirroring strategy Front-end processor Primary processor Duplicate processor Primary database Duplicate database Remotely located Remotely located
  28. 28. Separate logging of successful and unsuccessful input transactions Transaction input Database management system Unsuccessful input transactions Successful input transactions Database
  29. 29. Differential file strategy for backup and recovery Transaction input Database management system Differential file Primary file Separate channels Separate devices
  30. 30. Database Administration Using Oracle <ul><li>Detailed look at how a DBA might handle the following technical tasks in a specific DBMS - Oracle Workgroup 2000 for Windows NT: </li></ul><ul><ul><li>Creation and expansion of the database storage structures. </li></ul></ul><ul><ul><li>Management of database objects such as tables, indexes, triggers, procedures, and so on. </li></ul></ul><ul><ul><li>Management of the end user database environment, including the type and extent of database access. </li></ul></ul><ul><ul><li>Customization of database initialization parameters. </li></ul></ul>
  31. 31. Database Administration Using Oracle <ul><li>Oracle Database Administration Tools </li></ul><ul><ul><li>Security Manager </li></ul></ul><ul><ul><li>Schema Manager </li></ul></ul><ul><ul><li>Storage Manager </li></ul></ul><ul><ul><li>SQL Worksheet </li></ul></ul><ul><ul><li>Instance Manager </li></ul></ul>The Oracle Administrator Toolbar
  32. 32. Database Administration Using Oracle <ul><li>The Default Login </li></ul>Figure 15.10 Oracle Login Information
  33. 33. Database Administration Using Oracle <ul><li>Ensuring an Automatic RDBMS Start </li></ul>Verifying That The Oracle Services Are Running
  34. 34. Database Administration Using Oracle <ul><li>Using the Storage Manager to Create Tablespaces and Datafiles </li></ul><ul><ul><li>A database is logically composed of one or more tablespaces. A tablespace is a logical storage space. Tablespaces are primarily used to logically group related data. </li></ul></ul><ul><ul><li>The tablespace data are physically stored in one or more datafiles. A datafile physically stores the database’s data. </li></ul></ul>
  35. 35. Database Administration Using Oracle <ul><li>When the DBA creates a database, Oracle automatically creates the tablespaces and datafiles: </li></ul><ul><ul><li>The SYSTEM tablespace is used to store the data dictionary data. </li></ul></ul><ul><ul><li>The USER_DATA tablespace is used to store the table and to index data created by the end users. </li></ul></ul><ul><ul><li>The TEMPORARY_DATA tablespace is used to store the temporary tables and indexes created during the execution of SQL statements. </li></ul></ul><ul><ul><li>The ROLLBACK_DATA tablespace is used to store database transaction recovery information. </li></ul></ul>
  36. 36. Database Administration Using Oracle <ul><li>Using the Storage Manager, the DBA can </li></ul><ul><ul><li>Create additional tablespaces to organize the data in the database. </li></ul></ul><ul><ul><li>Create additional tablespaces to organize the different subsystems that may exist within the database. </li></ul></ul><ul><ul><li>Expand the tablespace storage capacity by creating additional datafiles. </li></ul></ul>
  37. 37. The Oracle Storage Manager
  38. 38. Creating a New Tablespace
  39. 39. The Oracle Schema Manager
  40. 40. The Oracle Security Manager
  41. 41. The Create User Dialog Box
  42. 43. Creating A New Database With The Oracle Instance Manager
  43. 44. New Instance Screen
  44. 45. Advanced Parameters Screen
  45. 46. IOMEGA