Module 6: Data Protection. Overview What does Data Protection include? Protecting data from...
-
Upload
toby-lawrence -
Category
Documents
-
view
212 -
download
0
Transcript of Module 6: Data Protection. Overview What does Data Protection include? Protecting data from...
Module 6:Data Protection
Overview
What does Data Protection include?
Protecting data from unauthorized users and authorized users who are trying to update the same data simultaneously
Using locking modes to achieve concurrency and consistency
Implementing database security features to protect the database, database objects and data
Using auditing features to monitor database activity
Concurrency and Consistency
Isolation Levels and Concurrency Issues
Concurrency and consistency are mutually opposing goals
Oracle supports Read Committed and Serializable isolation levels
Achieves other levels through Row VersioningSQL Server Removes “Writers Blocking Readers – Readers Blocking Writers” with Snapshot Isolation
SQL Server Supports all Four Isolation levels
Isolation Table Dirty Read Non-Repeatable Read Phantom Read
Read Uncommitted Possible Possible Possible
Read Committed Not Possible Possible Possible
Repeatable Read Not Possible Not Possible Possible
Serializable Not Possible Not Possible Not Possible
Locking
Locking granularity
SQL Server supports lock escalation
Explicit locking can be achieved by using lock hints in Both DBMS
Oracle Locking
SQL Server Locking
•Table
•Partition
•Page
•Row (default)
Demonstration 1: Isolation Level Behaviors
In this demonstration you will see how to:
Create a dirty read
Create a committed read with blocking
Create a snapshot isolation to remove blocking
Database Security
Security is implemented in both DBMSs using logins and privileges
Users can be classified as:• Schema owners (SQL Server database object owners)
• Application users
• Administrative users
User authentication can be achieved through the operating system login or database login
SQL Server security depends on Windows security for features such as password expiration
Privileges and Roles
Oracle and SQL Server both contain:• System-level privileges – to perform actions against any object in the
database• Object-level privileges – to perform actions against specific schema
objects
Roles Group System-level and object-level privileges
SQL Server groups fixed roles: Server and DatabaseApplication roles in SQL Server
Implemented using application logic Password protected
Demonstration 2: Provide Instance Security
In this demonstration you will see how to:
Create a Windows user account
Associate a SQL Server login with the Windows user account
Auditing
Auditing facilitates database activity monitoringMonitoring
statements, privileges, or objectsOracle audit key DDL and DML statements. SQL Server 2008 all actions (DDL and DML) are auditable.SQL Server audits can be enabled and generated, and then viewed from the audit targetSQL Server Profiler offers various events that can be used for auditingSQL Server features such as DDL triggers and event notifications can aid in auditing
Review
We defined concurrency and consistency and saw the challenges they offer
We learned how concurrency and consistency can be balanced by use of isolation levels implemented using lock modes
We learned about login and authentication at the database system level and database level, the various system and object level privileges and privilege management using roles
We learned the basics of auditing functionality in SQL Server as compared to Oracle