Architectures and Models for Administration of User-Role Assignment in Role Based Access Control
Multi-user Database Processing Architectures Architectures Transactions Transactions Security...
-
Upload
tracy-andrews -
Category
Documents
-
view
226 -
download
2
Transcript of Multi-user Database Processing Architectures Architectures Transactions Transactions Security...
Multi-user Database Multi-user Database ProcessingProcessing
ArchitecturesArchitecturesTransactionsTransactionsSecuritySecurityAdministrationAdministration
Multi-user Processing Architectures
Teleprocessing Systems Teleprocessing Systems Client-Server SystemsClient-Server Systems File Sharing SystemsFile Sharing Systems Distributed Database SystemsDistributed Database Systems
Teleprocessing Systems Central CPU & ApplicationsCentral CPU & Applications Central DBMSCentral DBMS Central DatabaseCentral Database
Communication lines
Client-Server Systems Distributed CPUs & ApplicationsDistributed CPUs & Applications Central Central
DBMSDBMS Central Central
DBDB
File Sharing Systems Distributed CPUs & Applications Distributed CPUs & Applications Distributed Distributed
DBMSDBMS Central Central
DB DB
Distributed Database Systems
Distributed Distributed CPUs & CPUs & ApplicationsApplications
Distributed Distributed DBMSDBMS
Distributed Distributed DBDB
Alternative CPU Application DBMS Database
Teleprocessing C C C C
Client Server D D C C
File Sharing D D D C
Distributed D D D D
Alternative CPU Application DBMS Database
Teleprocessing C C C C
Client Server D D C C
File Sharing D D D C
Distributed D D D DC = centralized, D = distributed
Comparing Architectures
No Yes
No NonpartitionedNonreplicated
PartitionedNonreplicated
YesNonpartitioned
ReplicatedPartitionedReplicated
No Yes
No NonpartitionedNonreplicated
PartitionedNonreplicated
YesNonpartitioned
ReplicatedPartitionedReplicatedR
eplic
atio
nTypes of Distributed
Databases
Partition
UnifedDatabase
DistributedDatabase
SingleNonpartionedNonreplicated
PartitionedNonreplicated
NonpartitionedReplicated
PartitionedReplicated
Distributed Database Continuum
Simplicity Security Affordability
Independence Flexibility
Availability
Distributed DBs: Your turn An example of distributed database!An example of distributed database!
Partitioned?Partitioned? Replicated?Replicated? 3 ad3 advantages?vantages?
IndependenceIndependence FlexibilityFlexibility AvailabilityAvailability
3 disadvantages?3 disadvantages? ComplexityComplexity InsecurityInsecurity CostCost
Database Reliability Concurrency controlConcurrency control
Hide other usersHide other users Database recoveryDatabase recovery
Hide failuresHide failures
Change CUSTOMER dataChange SALESPERSON dataInsert ORDER data
Alice reads ACCOUNTAlice adds $50Bob reads ACCOUNTAlice writes ACCOUNTBob takes $100Bob writes ACCOUNT
Database Transactions TransactionTransaction = logical unit of work = logical unit of work Series of actions defined such that Series of actions defined such that
either all of them or none of them are either all of them or none of them are performedperformed
Should always Should always transform the transform the database from database from one consistent one consistent state to anotherstate to another
Start TransactionChange CUSTOMER dataChange SALESPERSON dataInsert ORDER data
If no errors thenCommit Transaction
ElseRollback Transaction
End If
BEGIN TRANSACTION
COMMIT ROLLBACK
Transaction Outcomes
If successful, transaction is committed If successful, transaction is committed & database reaches a new state& database reaches a new state
If unsuccessful, transaction is aborted & If unsuccessful, transaction is aborted & database must be restored to previous database must be restored to previous statestate
Problems Caused by Concurrency
Lost updateLost update Overwrite another user’s updateOverwrite another user’s update
Uncommitted dependency Uncommitted dependency When user sees intermediate step of When user sees intermediate step of
another transaction before it is committedanother transaction before it is committed Inconsistent analysis Inconsistent analysis
Read partial results of incomplete update Read partial results of incomplete update transaction transaction
Concurrency Control
Goal: Goal: SerializabilitySerializability concurrent transactions concurrent transactions
produce same result produce same result as serial executionas serial execution
Technique: Technique: LockingLockingAlice reads ACCOUNTAlice adds $50Alice writes ACCOUNTBob reads ACCOUNTBob takes $100Bob writes ACCOUNT
Two-Phase Locking Transaction can obtain locks as neededTransaction can obtain locks as needed Once first lock is released, no other locks Once first lock is released, no other locks
may be obtainedmay be obtained Guarantees Guarantees
serializabilityserializabilityA1. Lock item 100A2. Read item 100A3. Reduce count by 5A4. Write item 100
B1. Lock item 100B2. Read item 100B3. Reduce count by 3B4. Write item 100
1. Lock item 100 for A2. Read item 100 for A3. Lock item 100 for B; cannot, so place B in wait state4. Set item count to 5 for A5. Write item 100 for A6. Release A's lock on item 1007. Place lock on item 100 for B8. Read item 100 for B9. Set item count to 2 for B10. Write item 100 for B11. Release B's lock on item 100
Dealing with Deadlock
Two-phase locking can lead to deadlockTwo-phase locking can lead to deadlock PreventionPrevention
All or nothing lockingAll or nothing locking Detection and RecoveryDetection and Recovery
DBMS detects deadlock and aborts one of DBMS detects deadlock and aborts one of the transactionsthe transactions
1. Lock paper for user A2. Lock pencils for user B3. Process A's requests; write paper record4. Process B's requests; write pencil record5. Put A in wait state for pencils6. Put B in wait state for paper[Deadlock…]
Recovery via Reprocessing
Return to known point and reprocess Return to known point and reprocess the transactionsthe transactions
Requires database save and log of Requires database save and log of transactionstransactions
Problems:Problems: InefficiencyInefficiency Asynchrony may lead to different end Asynchrony may lead to different end
resultsresults
Recovery via Roll-back Requires log of changes made to databaseRequires log of changes made to database Undo changes made by erroneous or Undo changes made by erroneous or
incomplete transactions, restart valid incomplete transactions, restart valid transactionstransactions
Recovery via Roll-forward Requires database save and log of Requires database save and log of
changes made to databasechanges made to database Restore database save and apply changes Restore database save and apply changes
from logfrom log Frequent checkpoints decrease delayFrequent checkpoints decrease delay
Security
Set by DBA, enforced by DBMSSet by DBA, enforced by DBMS Authorization RulesAuthorization Rules = table in which each = table in which each
record keeps processing permissions via record keeps processing permissions via the following fields:the following fields: Subject - user, group, application, computer...Subject - user, group, application, computer... Object - database, relation, row, column, view, Object - database, relation, row, column, view,
transaction…(transaction…(GranularityGranularity = size of objects) = size of objects) Action - read, write, execute, create, grant...Action - read, write, execute, create, grant... Authorization constraint - limit...Authorization constraint - limit...
Actual DBMS security
The capabilities of the Authorization Rules The capabilities of the Authorization Rules model are only partially implementedmodel are only partially implemented Subject-oriented securitySubject-oriented security
For each subject, binary Action/Object tableFor each subject, binary Action/Object table
Object-oriented securityObject-oriented security For each object, binary Action/Subject tableFor each object, binary Action/Subject table
Constraints via programmable exitsConstraints via programmable exits Triggers to constraint-checking programsTriggers to constraint-checking programs
DBA Responsibilities Manage the DB structureManage the DB structure
Contribute to DB & application developmentContribute to DB & application development Maintain Maintain documentationdocumentation to facilitate changes to facilitate changes
Manage data activityManage data activity Data standards & documentationData standards & documentation Establish and maintain the DB Establish and maintain the DB data dictionarydata dictionary SecuritySecurity Backup & recoveryBackup & recovery
Manage the DBMS softwareManage the DBMS software