1. DBSYSTEMS 1 of 13 Chapter 10 DB System Administration (Part II) 1 Based on G. Post, DBMS: Designing & Building Business Applications University of Manitoba Asper School of Business 3500 DBMS Bob Travica Updated 2007

2. DBSYSTEMS 2 of 13 Outline  User Identification  Access Privileges  Separation of Duties  Encryption

3. DBSYSTEMS 3 of 13 User Identification  User identification  Accounts  Individual  Groups  Passwords  Do not use “real” words.  Do not use personal (or pet) names.  Include non-alphabetic characters.  Use at least 6 (8) characters.  Change it often.  Too many passwords!  Alternative identification  Finger / hand print readers  Voice  Retina (blood vessel) scans  DNA typing  Hardware passwords  The one-minute password.  Card matched to computer.

4. DBSYSTEMS 4 of 13 SQL Security Commands  GRANT privileges  REVOKE privileges  Privileges include  SELECT  DELETE  INSERT  UPDATE  Objects include  Table  Table columns (SQL 92+)  Query  Users include  Name/Group  PUBLIC GRANT INSERT ON Bicycle TO OrderClerks REVOKE DELETE ON Customer FROM Assemblers

5. DBSYSTEMS 5 of 13 Oracle Security Manager

6. DBSYSTEMS 6 of 13 Using Queries for Control  Permissions apply to entire table or query.  Use query to grant access to part of a table.  Example  Employee table  Give all employees read access to name and phone (phonebook).  Give managers read access to salary.  SQL  Grant  Revoke Employee(ID, Name, Phone, Salary) Query: Phonebook SELECT Name, Phone FROM Employee Security Grant Read access to Phonebook for group of Employees. Grant Read access to Employee for group of Managers. Revoke all access to Employee for everyone else (except Admin).

7. DBSYSTEMS 7 of 13 Separation of Duties SupplierIDName… 673Acme Supply 772Basic Tools 983Common X Supplier OrderIDSupplierID 8882772 8893673 8895009 PurchaseOrder Referential integrity Clerk enters order data but not supplier data. He must use SupplierID from the Supplier table. Purchasing manager can add new suppliers, but cannot add new orders.

8. DBSYSTEMS 8 of 13 Securing an MS Access Database  Set up a secure workgroup  Accounts  Passwords  Run the Security Wizard in the database to be secured.  Assign user and group access privileges in the new database.  Encrypt the new database. Save it as an MDE file.

9. DBSYSTEMS 9 of 13 Procedure for Setting Up Password in Access 1.Start Access 2.Click File/Open 3.Mark the mdb file to be opened 4.On the Open button (lower part of Open window) click arrow and choose Open Exclusive 5. Click Tools/Security/Set Password 6. In Set Database Password window type the password Next time you try to open the database you will be asked to enter the password.

10. DBSYSTEMS 10 of 13 Encryption  Data transmission, distributed databases  Data Encryption Standard - DES; Advanced Encryption System – AES, 128-256 bits)  64 bit key can be broken within a few minutes to 2 weeks; 128 bit+ keys still safe Message Encrypted Message DES - Encrypt DES - Decrypt Single Key Method – shared private key Message

11. DBSYSTEMS 11 of 13  Using Ted’s private key ensures it came from him.  Using Mary’s public key ensures only she can read it.  Useful for changing partners context (supply chain, virtual organization) Mary Decripts Ted Encrypts Mary’s Public Key Mary’s Private Key Ted’s Private Key Message SENDERRECEIVER Ted’s Public Key Dual Key Method - private and public key

12. DBSYSTEMS 12 of 13 Sally’s Pet Store: Security Management Sally/CEO Sales Staff Store manager Sales people Business Alliances Accountant Attorney Suppliers Customers Products Sales Purchases Receive products Animals Sales Purchases Animal Healthcare Employees Hiring/Release Hours Pay checks Accounts Payments Receipts Management Reports Users Operations

13. DBSYSTEMS 13 of 13 Sally’s Pet Store: Purchases *Basic Supplier data: ID, Name, Address, Phone, ZipCode, CityID Legend: R: Read W: Write A: Add