Authorization RulesSome DBMS products authorize actionsbased on specific records and functionaldescriptions. However, most DBMS’s limitactions on tables to one of: • Read: view but not change • Insert: read and add records • Update: read, insert and change records • Alter/Delete: read, insert, update and delete records, change table structure
User Defined Procedures Code modules that enforce security procedures are run during processingUser DBMSProcedures Constraints DBMS
IntegrityComponents that preserve the relationship among differentrelated records in the database
IntegrityThe relationship among records in the database Referential Integrity Non Key Integrity Derived Conditions
Constraints in SQLCREATE TABLE … or ALTER TABLE … ADD CHECK(condition) PRIMARY KEY attribute-name FOREIGN KEY attribute-name REFERENCES parent-tableThe parent table must already have a primary key defined
Concurrency Preventing two users frominterfering with each other when they use the same information
ConcurrencyLockoutRestricting access to users who could be misled by partial transactionsVersioningMaking trial updates on versions of the database and denying one if there is a data conflict.
Locks Master Program 1 locks record Student Grade <exclusive>.00 Fred No other program can01 Anthony read the record. No program can have02 Steve an active lock.03 Ivan Program 2 locks record <shared> Other programs can read, but not change record. No program can have an exclusive lock.
LocksOn INSERT or UPDATE statementsSELECT column-namesFROM table-namesWHERE …FOR UPDATE OF column-namesNOWAIT;
Concurrency LocksGranularity Exclusivity• Field • Exclusive• Record • Shared• Table• Database
Concurrency DeadlockTwo programs request conflicting sets of data lock up the database while awaiting access. • Program 1 locks record A • Program 2 locks record B • Program 1 requests lock on record B; waits • Program 2 requests lock on record A; waitsSystem either times out and restarts each transaction after a random wait or recognizes the deadlock to abort one program.
Versioning Version 1 Time 1 Version 2 Version 3 Time 2 Time 3Commits version 3 only after changes to versions 1and 2 have been rolled back.
Backup and RecoveryProcesses to confirm and repeat transactions so that database can be restored to a valid state after a problem.
DBMS Logs Master Transaction Student Grade Insert Li with grade A00 Fred Change Fred’s grade to A01 Anthony02 Steve03 Ivan
Recover from Backup Transac- Backup + tion = Recovered DatabaseSlowMay give different answers from original
DBMS LogsTransaction Forward LogIns Li with grade A Student GradeChg Fred’s grade to A 03 Li A 00 Fred A Master Backward Log Student Grade Student Grade00 Fred A 03 n/p01 Anthony 00 Fred02 Steve03 Li A
DBMS LogsTransaction Forward LogIns Li with grade A Student GradeChg Fred’s grade to A 03 Li A10:00 Checkpoint 00 Fred A Chkpt Master Backward Log Student Grade Student Grade00 Fred A 03 n/p01 Anthony 00 Fred02 Steve Chkpt03 Li A
DBMS LogsTransaction Forward LogIns Li with grade A Student GradeChg Fred’s grade to A 03 Li A10:00 Checkpoint 00 Fred A ChkptChg Steve grade to B 02 Steve B Master Backward Log Student Grade Student Grade00 Fred A 03 n/p01 Anthony 00 Fred02 Steve B Chkpt03 Li A 02 Steve
Recover to Checkpoint Using Logs BackwardContaminated Database - Log = Correct at Checkpoint Recent + Transactions = Recovered Database
Transaction Processing A set of computer operations required to process a single unit of work.A transaction must conclude with the database in a valid state whether the transaction terminates correctly or abnormally
Transaction BoundariesSet savepoint:SAVEPOINT order_save;Commit or rollback:ROLLBACK TO order_save;
Transaction Boundaries Premiere Products ExampleSALESREP CUSTOMER ORDERPRODUCT ORDER-PRODUCT Place an order for a new customer with a 1500 credit limit
Transaction Boundaries Premiere Products Example SALESREP CUSTOMER ORDER PRODUCT ORDER-PRODUCT•Insert CUSTOMER Record•Update CUSTOMER with SALESREP Foreign Key•Insert ORDER Record•Insert ORDER-PRODUCT with Foreign Keys•Update ProductOnHand in PRODUCT•Check Credit Limit
Transaction Processing Programming LogicTwo phased locking requires obtaining locks on all necessary records before releasing locks on any records. Obtain locks on all records needed Perform calculations Release locks
Functions of a DBMS C.J. DateIndexing Backup/RecoveryViews DesignSecurity DocumentationIntegrity Update/QueryConcurrency