Module 3 Database Management
description
Transcript of Module 3 Database Management
![Page 1: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/1.jpg)
ITEC 450
1
MODULE 3 DATABASE MANAGEMENTSection 3 Database Security
Fall 2012
![Page 2: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/2.jpg)
2
ITEC 450
TABLESPACE AND DATA FILLEFall 2012
![Page 3: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/3.jpg)
3
ITEC 450
TABLESPACE AND DATA FILLE Tablespaces are made up of at least one
datafile You cannot create a table space without creating
its initial datafile; you cannot create a datafile without an associated tablespace
Big file tablespaces must be locally managed Undo tablespaces are specialized to store
undo (rollback) data
Fall 2012
![Page 4: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/4.jpg)
4
ITEC 450
THE DATAFILE CLAUSE When creating a tablespace with a user-
managed file, specify a datafile name in the command
Each datafile must have a specified SIZE Exceptions: OMFs and named files that already exist
Omitting AUTOEXTEND and SIZE parameters results in AUTOEXTEND set to ON
Example:
Fall 2012
![Page 5: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/5.jpg)
5
ITEC 450THE EXTENT MANAGEMENT AND SEGMENT
SPACE MANAGEMENT CLAUSES
These clauses tell Oracle how to track the usage of blocks within each extent
Locally vs. dictionary-managed performance: Locally managed tablespaces store the map of
where extents are in datafiles in a rapid access bitmap, in the header of the datafile
Dictionary-managed tablespaces store this information in metadata, in the SYSTEM tablespace
Fall 2012
![Page 6: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/6.jpg)
6
ITEC 450THE EXTENT MANAGEMENT AND SEGMENT
SPACE MANAGEMENT CLAUSES
Deallocated extents return to free space list in data dictionary as a contiguous chunk of data blocks For these to be usable, the next object that
needs an extent must be that exact size (or smaller) extent
Otherwise, deallocated data blocks are passed over, and data blocks at the end of datafile are used Datafile grows faster than necessary
If there are contiguous deallocated extents, they aren’t seen as a chunk of space until coalesced Coalescence: combining of multiple adjacent free
extents into a single contiguous free extent Occurs periodically through the SMON background
process
Fall 2012
![Page 7: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/7.jpg)
7
ITEC 450THE EXTENT MANAGEMENT AND SEGMENT
SPACE MANAGEMENT CLAUSESFall 2012
![Page 8: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/8.jpg)
8
ITEC 450CREATING A DICTIONARY-MANAGED TABLESPACE
Fall 2012
Dictionary-managed tablespaces cause slower performance of DML commands Updates involve multiple tables behind the
scenes Locally managed tablespaces
reduce/eliminate the problem of unused free space gaps
![Page 9: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/9.jpg)
9
ITEC 450CREATING A DICTIONARY-MANAGED TABLESPACE
Fall 2012
![Page 10: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/10.jpg)
10
ITEC 450SEGMENT TYPES AND THEIR USES
Fall 2012
![Page 11: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/11.jpg)
11
ITEC 450
TEMPORARY TABLESPACE Temporary segments need a temporary
tablespace Oracle recommends creating locally managed,
temporary tablespaces
You can also create multiple temporary tablespaces Require a tablespace group Group can be set as the default for the entire DB
Assign the user a default temporary tablespace:
Fall 2012
![Page 12: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/12.jpg)
12
ITEC 450
ALTER TABLESPACE COMMAND Tasks you can handle with ALTER
TABLESPACE: Change DEFAULT STORAGE settings for any
future objects created in (dictionary-managed) tablespace
Change the MINIMUM EXTENT size Change LOGGING to NOLOGGING and vice versa Change PERMANENT to TEMPORARY (vice versa) Change READ ONLY to READ WRITE (vice versa) Coalesce contiguous storage space Add a new datafile or temporary file Rename a datafile or temporary file Begin and end an open backup
Fall 2012
![Page 13: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/13.jpg)
13
ITEC 450ALTER TABLESPACE COMMAND
To change an existing datafile’s storage, you must use the ALTER DATABASE command instead:
To modify tempfile: ALTER DATABASE TEMPFILE
Fall 2012
![Page 14: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/14.jpg)
14
ITEC 450
ALTER TABLESPACE COMMAND
The status of a tablespace defines its availability to end-users and also defines how it is handled during backup and recovery ONLINE OFFLINE
NORMAL
TEMPORARY IMMEDIATE
It is possible to take individual datafiles offline
Fall 2012
![Page 15: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/15.jpg)
15
ITEC 450
READ-ONLY TABLESPACEFall 2012
![Page 16: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/16.jpg)
16
ITEC 450DROPPING & RENAMING
TABLESPACESFall 2012
![Page 17: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/17.jpg)
17
ITEC 450
TABLESPACE VIEWSFall 2012
![Page 18: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/18.jpg)
18
ITEC 450
DATA INTEGRITY Database structure integrity
Index corruption, data block corruption Invalid objects Managing structural problems: DBMS utility
Semantic data integrity Entity integrity – primary key should be used Check constraint , rules in SQL Server –
validate data Trigger – a piece of code that is executed
automatically when a data modification happens
Referential integrity – establish the relationship between primary and foreign key columns
Fall 2012
![Page 19: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/19.jpg)
19
ITEC 450
ASPECTS OF DATABASE SECURITY Authorization – controlling access to data Authentication – restricting access to
legitimate users Auditing – ensuring accountability and
inspection Encryption – safeguarding key data in the
database Enterprise security – managing the security
of the entire organizational information structure beyond database itself
Fall 2012
![Page 20: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/20.jpg)
20
ITEC 450
AUTHORIZATIONAuthorization – controlling access to data Policy issues – what info should be viewed Integrity issues – preventing unexpected
results Types of privileges
Data access – read, write, or reference to a table, a view
Database object – create or modify database objects
System – perform certain types of system-wide activities
Procedure – execute specific functions and stored procedures
Fall 2012
![Page 21: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/21.jpg)
21
ITEC 450AUTHORIZATION IMPLEMENTATIONData Control Language (DCL) – Grant and
Revoke Grant different types of privileges
GRANT SELECT, INSERT on Titles to user5; GRANT CREATE session, CREATE table to user1; GRANT SELECT ANY table to user9; GRANT EXECUTE on Proc1 to user2, user5;
Grant with GRANT option – pass the granted authority to others GRANT SELECT on Titles to user3 WITH GRANT OPTION;
Revoke REVOKE INSERT on Titles from user5;
Fall 2012
![Page 22: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/22.jpg)
22
ITEC 450
ROLE AND GROUP Roles – a collection of granted privileges
A role can be created using the CREATE ROLE. The permissions are granted to the role The role is assigned to users using GRANT. These
users will get all the privileges from the role. Groups – DBMS built-in roles
System administrator: SYS in Oracle, SA in SQL Server
Database administrator: all privileges over the database
Operations control: perform certain operations such as backup and recovery
Fall 2012
![Page 23: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/23.jpg)
23
ITEC 450
AUTHENTICATIONAuthentication – restricting access to
legitimate users DBMS user ID and password
Password guidance and enforcement Operating system login ID and
password LDAP authentication
A global login account is established for enterprise access
In order to access a database, the global login account has to be associated with the database.
It is a single sign-on or with same login and password
Fall 2012
![Page 24: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/24.jpg)
24
ITEC 450
AUDITINGAuditing – ensuring accountability and
inspection When auditing is enabled, the DBMS
will produce an audit trail of database operations.
Auditing level – database, user, object Auditing issues – performance
degradation, storage usage Examples of audit facilities
Login and logoff attempts Commands issued to an object Stored procedure executions
Fall 2012
![Page 25: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/25.jpg)
25
ITEC 450
ENCRYPTIONEncryption – protect sensitive data in the
database It is a security technique that encodes
legible data into a scrambled format. Encryption consists of applying an
encryption algorithm to data using some pre-specified encryption key. The resulting data has to be decrypted using a decryption key to recover the original data.
Examples of encryption Public key encryption Digital signature
Fall 2012
![Page 26: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/26.jpg)
26
ITEC 450
ENTERPRISE SECURITYEnterprise security – managing the security of
the entire organizational information structure beyond database itself
System-related issues: Operating system, database physical files, network access and control
Legal and ethical issues
Fall 2012
![Page 27: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/27.jpg)
ITEC 450
27
MODULE 3 DATABASE MANAGEMENTSection 4 User Management and Security in Oracle
Fall 2012
![Page 28: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/28.jpg)
28
ITEC 450
USER MANAGEMENT Creating a new user
Privilege required: “create user” system privilege SQL> CREATE USER mobeydick IDENTFIEDY BY
whitewhale; Altering a user – modifying password, assign
resource, etc. Privilege required: “alter user” system privilege SQL> ALTER USER Jim IDENTIFIED BY red; SQL> ALTER USER Jim DEFAULT TABLESPACE users;
Resource Default tablespace, temporary tablespace Profile: limit on the amount of resources a user can
use
Fall 2012
![Page 29: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/29.jpg)
29
ITEC 450
CREATE USERFall 2012
![Page 30: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/30.jpg)
30
ITEC 450
ALTER USERFall 2012
![Page 31: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/31.jpg)
31
ITEC 450
DROP USERFall 2012
Removing users requires the DROP USER system privilege, which the SYSTEM user has.DROP USER <user> CASCADE; Use CASCADE if user owns tables or DB objects
If a user has created other users, those users are not dropped when the creating user is dropped The new users do not belong to the original
user’s schema If a user has created tables you want to keep,
do not drop the user Instead, change the user account to LOCK status
![Page 32: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/32.jpg)
32
ITEC 450
PROFILES
Specify a profile when you create/alter a DB user
Profile: collection of settings that limits the use of system resources and the database A profile can be assigned to any number of users
A user can be assigned only one profile at a time A newly assigned profile overrides the old one
User’s current session isn’t affected by profile change DEFAULT profile has no resource or DB use limits
As a system grows, resources may become stretched Profiles can be used for managing passwords too
Fall 2012
![Page 33: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/33.jpg)
33
ITEC 450
CREATE PROFILECREATE PROFILE <profile> LIMIT<password_setting> ...<resource_setting> <limit> ...;
Password settings: FAILED_LOGIN_ATTEMPTS, PASSWORD_LIFE_TIME,
PASSWORD_REUSE_TIME, PASSWORD_REUSE_MAX, PASSWORD_LOCK_TIME, FAILED_LOGIN_ATTEMPTS, PASSWORD_GRACE_TIME, PASSWORD_VERIFY_FUNCTION
You can limit nine resources: SESSSIONS_PER_USER, CPU_PER_SESSION,
CPU_PER_CALL, CONNECT_TIME, IDLE_TIME, LOGICAL_READS_PER_SESSION, LOGICAL_READS_PER_CALL, PRIVATE_SGA, COMPOSITE_LIMIT
Fall 2012
![Page 34: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/34.jpg)
34
ITEC 450
PASSWORD MANAGEMENT
There are three different areas to examine when working with passwords: Changing a password and making it expire Enforcing password time limits, history, and
other settings Enforcing password complexity
Uses a combination of a function and a profile Predefined SQL script to verify the complexity of a
password Adjust the PASSWORD_VERIFY_FUNCTION setting in
a profile and assign that profile to a user
Fall 2012
![Page 35: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/35.jpg)
35
ITEC 450
ALTER PROFILE
ALTER PROFILE, with resource clauses listed:ALTER PROFILE <profile> LIMIT<password_setting> ...SESSIONS_PER_USER <concurrent sessions>CPU_PER_SESSION <hundredths of seconds>CPU_PER_CALL <hundredths of seconds>CONNECT_TIME <minutes>IDLE_TIME <minutes>LOGICAL_READS_PER_SESSION <data blocks>LOGICAL_READS_PER_CALL <data blocks>PRIVATE_SGA <bytes>COMPOSITE_LIMIT <service units>
Example:ALTER SYSTEM SET RESOURCE_LIMIT=TRUE;ALTER PROFILE PROGRAMMER LIMITIDLE_TIME 15CPU_PER_CALL 100;ALTER RESOURCE COSTCPU_PER_SESSION 1000PRIVATE_SGA 1;
Fall 2012
![Page 36: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/36.jpg)
36
ITEC 450
DROP PROFLE
The syntax of DROP PROFILE is similar to the syntax for dropping a user in that it includes a CASCADE parameter:DROP PROFILE <profile> CASCADE;
You must add CASCADE if any users have been assigned the profile being dropped Oracle automatically resets these users to the
DEFAULT profile For example, if three users have been
assigned to the ACCT_MGR profile, drop the profile like this:DROP PROFILE ACCT_MGR CASCADE;
Fall 2012
![Page 37: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/37.jpg)
37
ITEC 450
ORACLE PRIVILEGESIn oracle, there are two types of privileges:
system and object. System privilege - allowing a user to perform
a particular action within the database, or on any schema objects
Object privilege - gives user ability to perform some operations on a specific object such as table, view, procedure, function.
A role is a named group of collected system and object privileges.
Fall 2012
![Page 38: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/38.jpg)
38
ITEC 450
SYSTEM PRIVILEGESystem privilege - allowing a user to perform a
particular action within the database, or on any schema objects
Privilege required: the system privilege with ADMIN OPTION, or GRANT ANY PRIVILEGE system privilege
Examples: CREATE SESSION: connect to a database CREATE ANY INDEX, SELECT ANY TABLE
Information is stored in: dba_sys_privs
Fall 2012
![Page 39: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/39.jpg)
39
ITEC 450
OBJECT PRIVILEGEObject privilege - gives user ability to perform
some operations on a specific object such as table, view, procedure, function
Privilege required: the owner of the object, object privileges with the GRANT option, GRANT ANY OBJECT system privilege
Examples: GRANT SELECT, INSERT ON Titles to user1;
Information is stored in: dba_tab_privs
Fall 2012
![Page 40: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/40.jpg)
40
ITEC 450
OBJECT PRIVILEGESFall 2012
![Page 41: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/41.jpg)
41
ITEC 450
ORACLE NAMING CONVENTIONIn Oracle data dictionary, most object names begin
with one of three prefixes: USER_ information about objects owned by
the user performing the query ALL_ information from USER plus other objects
on which privileges have been granted to PUBLIC or to the user
DBA_ all database objects, regardless of owner
Oracle dynamic views: current instance information V$ v$session contains info of all current
sessions
Fall 2012
![Page 42: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/42.jpg)
42
ITEC 450
ROLESFall 2012
![Page 43: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/43.jpg)
43
ITEC 450
DATA DICTIONARY VIEWSFall 2012
![Page 44: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/44.jpg)
44
ITEC 450EXAMPLES OF DATA DICTIONARY VIEWS DBA_USERS – information about all user
accounts DBA_ROLES – all the roles in the database USER_TAB_PRIVS – table privileges for
which you are the grantee, the grantor, or the object owner
USER_SYS_PRIVS – system privileges that have been granted to the user
USER_ROLE_PRIVS – roles that have been assigned to the user
SESSION_PRIVS – system privileges currently enabled for the login user
SESSION_ROLES – roles currently enabled for the user
Fall 2012
![Page 45: Module 3 Database Management](https://reader036.fdocuments.in/reader036/viewer/2022062222/568164e9550346895dd75393/html5/thumbnails/45.jpg)
45
ITEC 450
MIDTERM REVIEW DBA roles and responsibilities DBMS architecture and selection drivers Oracle architecture
database vs. instance logical and physical structures high-level understand background processes and memory
structure DBMS installation basics, change consideration Database design: conceptual, logical, and physical design Database connectivity layers, ODBC/JDBC architecture Oracle Net, Listener, purposes of “listener.ora” and “tnsnames.ora” Database change: types, impacts, and management Database high-availability problems and solutions Database security: aspects, authorization, authentication Oracle privileges: system and object, roles
Fall 2012