DATABASE ADMINISTRATION

LECTURE NO 3Muhammad Abrar

DATABASE ADMINISTRATION

A technical function that is responsible for physical database design and for dealing with technical issues such as security enforcement, database performance, and backup and recovery

DATABASE SECURITY

Protection of the data against accidental or intentional loss, destruction or misuse

THREATS TO DATA SECURITY

Accidental losses, including human error, software, and hardware caused breaches

Theft and fraud Loss of privacy or confidentiality Loss of data integrity Loss of availability

DATA SECURITY PLAN

A comprehensive data security plan will include establishing administrative policies and procedures, physical protections, and data management software protections

SECURITY FEATURES OF DATA MANAGEMENT SOFTWARE

Views or Schemas: Which restrict user views of the database

Authorization Rules: Which identify users and restrict the action they may take against the database

User-defined procedures: Which define additional constraints or limitations in using a database

DATA MANAGEMENT SOFTWARE FEATURES

Encryption Procedures: Which encodes data in an unrecognizable form

Authorization Schemes: Which positively identify a person attempting to gain access to the database

Backup, journaling, and checkpoint capabilities: These facilitate recovery procedures

VIEWS

A subset of the database that is presented to one or more users. A view is created by querying one or more of the base tables, producing a dynamic result for the user at the time of request

AUTHORIZATION RULES

Controls incorporated in the data management systems that restrict access to data and also restrict the action s that people may take when they access data.

For example, a person who can supply a password may be authorized to read any record in the database but can not necessarily modify those records.

AUTHORIZATION TABLES

A table that specifies who is authorized to perform which type of action against an object and under what condition.

Example

AUTHORIZATION TABLES/MATRICES

Most of the customary DBMSs don’t implement the authorization tables directly . They rather use simplified versions of authorization tables. Usually two types of simple tables are used.

Authorization table for subjects Authorization tables for objects

AUTHORIZATION TABLE FOR SUBJECTS(SALESPERSONS)

TABLE

CUSTOMERRECORDS

ORDERRECORDS

READ Y Y

INSERT Y Y

MODIFY Y N

AUTHORIZATION TABLE FOR OBJECTS(ORDER RECORDS)

Salesperson(PasswordBATMAN)

Order Entry(PasswordJOKER)

Accounting(PasswordTRACY)

Read Y Y Y

Insert N Y N

Modify N Y Y

Delete N N Y

ORACLE AUTHORIZATION SCHEME

Oracle defines the following privileges that can be granted to users at database, table, or column levels

ORACLE PRIVILEGES

TABLE OF ORACLE PRIVILEGES

PRIVILEGES CAPABILITY

SELECT QUERY THE OBJECT

INSERT INSERT RECORDS INTO THE TABLE/VIEW,CAN BE GIVEN FOR SPECIFIC COLUMNS

UPDATE UPDATE RECORDS IN A TABLE/VIEW, CANBE GIVEN FOR SPECFIC COLUMNS

DELETE DELETE RECORDS FROM TABLE/VIEW

ALTER ALTER ABLE

INDEX CREATE INDEXES ON THE TABLE

REFRENCES CREATE FOREIGN KEYS THAT REFRENCESTHE TABLE

EXECUTE EXECCUTE THE PROCEDURE, FUNCTION, ORTABLE

ENCRYPTION

The coding or scrambling of data so that humans cannot read them

This facility can be used to secure sensitive data during storage and transmission

BIOMETRIC DEVICES

Measures or detects personal characteristics such as fingerprints, voice points, eye pictures, or signature dynamics

BACKING UP DATABASES

Uses mechanisms for restoring a database quickly and accurately after loss or damage

These are called recovery mechanisms

BASIC RECOVERY FACILITIES

BACKUP FASCILITIES: Which provide periodic backup copies of the database

JOURNALISTING FACILITIES: Which maintain an audit trail of transactions and database changes

CHECKPOINT FACILITY: By this the DBMS periodically suspends all processing and synchronize its files and journals

RECOVERY MANAGER: Which allows the DBMS to restore the database to a correct condition and restart processing transactions

JOURNALISTING FACILITIES

An audit trail of transactions and database changes. This facility is based on the following concepts

TRANSACTION: A discrete unit of work that must be completely processed or not processed at all within a computer system. entering a customer order is an example of a transaction

JOURNALISTING FACILITIES

TRANSACTION LOG: Contains a record of the essential data for each transaction that is processed against the database

DATABASE CHANGE LOG: Contains before and after images of records that have been modified by transactions

BEFORE-IMAGE: A copy of a record or page of memory before it has been modified

AFTER-IMAGE: A copy of records or page of memory after it has been modified

CHECKPOINT FACILITY

A facility by which the DBMS periodically refuses to accept any new transactions. The system is in a quite state, and the database and transaction logs are synchronized

CHECKPOINT FACILITY

The system refuses to accept any new transaction. All current transactions are completed and journal files are brought update. Then the database and transaction logs are synchronized. The DBMS writes a special record called checkpoint record to the log file which is like the snapshot of the database. This record contains information to restart the system. Any dirty data blocks are written to the system

 

RECOVERY PROCEDURES

Procedures used to restore the database after it has been lost or damaged

RECOVERY MANAGER: A module of the DBMS that restore the database to a correct condition when a failure occur and resumes processing user requests

TYPES OF DATABASE FAILURES

ABORTED TRANSACTIONS: A Transaction In Processing That Terminates Abnormally

SYSTEM FAILURE: Power failure, network failure, hardware failure etc

DATABASE DESTRUCTION: The database itself is lost or destroyed or cannot be read

CONTROLLING CONCURRENT ACCESS

The process of managing simultaneous operations against a database so that data integrity is maintained and the operations do not interfere with each other in a multiuser environment

CONCURRENCY PROBLEMS

An unrepeatable read, one that occurs when one user reads data that have been partially updated by another user