Module 6:Data Protection

Overview

What does Data Protection include?

Protecting data from unauthorized users and authorized users who are trying to update the same data simultaneously

Using locking modes to achieve concurrency and consistency

Implementing database security features to protect the database, database objects and data

Using auditing features to monitor database activity

Concurrency and Consistency

Isolation Levels and Concurrency Issues

Concurrency and consistency are mutually opposing goals

Oracle supports Read Committed and Serializable isolation levels

Achieves other levels through Row VersioningSQL Server Removes “Writers Blocking Readers – Readers Blocking Writers” with Snapshot Isolation

SQL Server Supports all Four Isolation levels

Isolation Table Dirty Read Non-Repeatable Read Phantom Read

Read Uncommitted Possible Possible Possible

Read Committed Not Possible Possible Possible

Repeatable Read Not Possible Not Possible Possible

Serializable Not Possible Not Possible Not Possible

Locking

Locking granularity

SQL Server supports lock escalation

Explicit locking can be achieved by using lock hints in Both DBMS

Oracle Locking

SQL Server Locking

•Table

•Partition

•Page

•Row (default)

Demonstration 1: Isolation Level Behaviors

In this demonstration you will see how to:

Create a dirty read

Create a committed read with blocking

Create a snapshot isolation to remove blocking

Database Security

Security is implemented in both DBMSs using logins and privileges

Users can be classified as:• Schema owners (SQL Server database object owners)

• Application users

• Administrative users

User authentication can be achieved through the operating system login or database login

SQL Server security depends on Windows security for features such as password expiration

Privileges and Roles

Oracle and SQL Server both contain:• System-level privileges – to perform actions against any object in the

database• Object-level privileges – to perform actions against specific schema

objects

Roles Group System-level and object-level privileges

SQL Server groups fixed roles: Server and DatabaseApplication roles in SQL Server

Implemented using application logic Password protected

Demonstration 2: Provide Instance Security

In this demonstration you will see how to:

Create a Windows user account

Associate a SQL Server login with the Windows user account

Auditing

Auditing facilitates database activity monitoringMonitoring

statements, privileges, or objectsOracle audit key DDL and DML statements. SQL Server 2008 all actions (DDL and DML) are auditable.SQL Server audits can be enabled and generated, and then viewed from the audit targetSQL Server Profiler offers various events that can be used for auditingSQL Server features such as DDL triggers and event notifications can aid in auditing

Review

We defined concurrency and consistency and saw the challenges they offer

We learned how concurrency and consistency can be balanced by use of isolation levels implemented using lock modes

We learned about login and authentication at the database system level and database level, the various system and object level privileges and privilege management using roles

We learned the basics of auditing functionality in SQL Server as compared to Oracle