D ATABASE A DMINISTRATION L ECTURE N O 3 Muhammad Abrar

D ATABASE A DMINISTRATION A technical function that is responsible for physical database design and for dealing with technical issues such as security enforcement, database performance, and backup and recovery

D ATABASE S ECURITY Protection of the data against accidental or intentional loss, destruction or misuse

T HREATS TO D ATA S ECURITY Accidental losses, including human error, software, and hardware caused breaches Theft and fraud Loss of privacy or confidentiality Loss of data integrity Loss of availability

D ATA S ECURITY P LAN A comprehensive data security plan will include establishing administrative policies and procedures, physical protections, and data management software protections

S ECURITY F EATURES OF D ATA M ANAGEMENT S OFTWARE Views or Schemas: Which restrict user views of the database Authorization Rules: Which identify users and restrict the action they may take against the database User-defined procedures: Which define additional constraints or limitations in using a database

D ATA M ANAGEMENT S OFTWARE F EATURES Encryption Procedures: Which encodes data in an unrecognizable form Authorization Schemes: Which positively identify a person attempting to gain access to the database Backup, journaling, and checkpoint capabilities: These facilitate recovery procedures

V IEWS A subset of the database that is presented to one or more users. A view is created by querying one or more of the base tables, producing a dynamic result for the user at the time of request

AUTHORIZATION RULES Controls incorporated in the data management systems that restrict access to data and also restrict the action s that people may take when they access data. For example, a person who can supply a password may be authorized to read any record in the database but can not necessarily modify those records.

AUTHORIZATION TABLES A table that specifies who is authorized to perform which type of action against an object and under what condition. Example

AUTHORIZATION TABLES/MATRICES Most of the customary DBMSs don’t implement the authorization tables directly. They rather use simplified versions of authorization tables. Usually two types of simple tables are used. Authorization table for subjects Authorization tables for objects

AUTHORIZATION TABLE FOR SUBJECTS(SALESPERSONS) TABLE

AUTHORIZATION TABLE FOR OBJECTS(ORDER RECORDS)

ORACLE AUTHORIZATION SCHEME Oracle defines the following privileges that can be granted to users at database, table, or column levels

ORACLE PRIVILEGES TABLE OF ORACLE PRIVILEGES

ENCRYPTION The coding or scrambling of data so that humans cannot read them This facility can be used to secure sensitive data during storage and transmission

BIOMETRIC DEVICES Measures or detects personal characteristics such as fingerprints, voice points, eye pictures, or signature dynamics

BACKING UP DATABASES Uses mechanisms for restoring a database quickly and accurately after loss or damage These are called recovery mechanisms

BASIC RECOVERY FACILITIES BACKUP FASCILITIES: Which provide periodic backup copies of the database JOURNALISTING FACILITIES: Which maintain an audit trail of transactions and database changes CHECKPOINT FACILITY: By this the DBMS periodically suspends all processing and synchronize its files and journals RECOVERY MANAGER: Which allows the DBMS to restore the database to a correct condition and restart processing transactions

JOURNALISTING FACILITIES An audit trail of transactions and database changes. This facility is based on the following concepts TRANSACTION: A discrete unit of work that must be completely processed or not processed at all within a computer system. entering a customer order is an example of a transaction

JOURNALISTING FACILITIES TRANSACTION LOG: Contains a record of the essential data for each transaction that is processed against the database DATABASE CHANGE LOG: Contains before and after images of records that have been modified by transactions BEFORE-IMAGE : A copy of a record or page of memory before it has been modified AFTER-IMAGE: A copy of records or page of memory after it has been modified

CHECKPOINT FACILITY A facility by which the DBMS periodically refuses to accept any new transactions. The system is in a quite state, and the database and transaction logs are synchronized

CHECKPOINT FACILITY The system refuses to accept any new transaction. All current transactions are completed and journal files are brought update. Then the database and transaction logs are synchronized. The DBMS writes a special record called checkpoint record to the log file which is like the snapshot of the database. This record contains information to restart the system. Any dirty data blocks are written to the system

RECOVERY PROCEDURES Procedures used to restore the database after it has been lost or damaged RECOVERY MANAGER: A module of the DBMS that restore the database to a correct condition when a failure occur and resumes processing user requests

TYPES OF DATABASE FAILURES ABORTED TRANSACTIONS: A Transaction In Processing That Terminates Abnormally SYSTEM FAILURE: Power failure, network failure, hardware failure etc DATABASE DESTRUCTION: The database itself is lost or destroyed or cannot be read

CONTROLLING CONCURRENT ACCESS The process of managing simultaneous operations against a database so that data integrity is maintained and the operations do not interfere with each other in a multiuser environment

CONCURRENCY PROBLEMS An unrepeatable read, one that occurs when one user reads data that have been partially updated by another user