Presentation is loading. Please wait.

Presentation is loading. Please wait.

I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: 3-1-2 (Creation of Database) (All submitted!)  Naming standard, Logical to physical design.

Published byJason Harris Modified over 9 years ago

Similar presentations

Presentation on theme: "I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: 3-1-2 (Creation of Database) (All submitted!)  Naming standard, Logical to physical design."— Presentation transcript:

1 I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: 3-1-2 (Creation of Database) (All submitted!)  Naming standard, Logical to physical design  OEM required Listener configuration, Delete group 3  Lessons learned (10 points): error and resolution, documentation as future instruction manual, reflection of your learning  Turn in the 3-1-3 only in the future, not 3-1-1 and 3-1-2  Turned in: 5-1 (Connectivity Paper)  Due this week: 6-1 (High Availability Paper)  Review of previous week and module  Database Change Management  Availability Requirement and Architecture  Database access validation: were you able to use OEM and SQL Plus?  Overview of this week  Database Security  User Management and Security in Oracle  Midterm Review 1 ITEC 450 2011 Fall

2 M ODULE 3 D ATABASE M ANAGEMENT Section 3 Database Security 2 ITEC 450 2011 Fall

3 D ATA I NTEGRITY Database structure integrity Index corruption, data block corruption Invalid objects Managing structural problems: DBMS utility Semantic data integrity Entity integrity – primary key should be used Check constraint, rules in SQL Server – validate data Trigger – a piece of code that is executed automatically when a data modification happens Referential integrity – establish the relationship between primary and foreign key columns 2011 Fall 3 ITEC 450

4 A SPECTS OF D ATABASE S ECURITY Authorization – controlling access to data Authentication – restricting access to legitimate users Auditing – ensuring accountability and inspection Encryption – safeguarding key data in the database Enterprise security – managing the security of the entire organizational information structure beyond database itself 2011 Fall 4 ITEC 450

5 A UTHORIZATION Authorization – controlling access to data Policy issues – what info should be viewed Integrity issues – preventing unexpected results Types of privileges Data access – read, write, or reference to a table, a view Database object – create or modify database objects System – perform certain types of system-wide activities Procedure – execute specific functions and stored procedures 2011 Fall 5 ITEC 450

6 A UTHORIZATION I MPLEMENTATION Data Control Language (DCL) – Grant and Revoke Grant different types of privileges GRANT SELECT, INSERT on Titles to user5; GRANT CREATE session, CREATE table to user1; GRANT SELECT ANY table to user9; GRANT EXECUTE on Proc1 to user2, user5; Grant with GRANT option – pass the granted authority to others GRANT SELECT on Titles to user3 WITH GRANT OPTION; Revoke REVOKE INSERT on Titles from user5; 2011 Fall 6 ITEC 450

7 R OLE AND G ROUP Roles – a collection of granted privileges A role can be created using the CREATE ROLE. The permissions are granted to the role The role is assigned to users using GRANT. These users will get all the privileges from the role. Groups – DBMS built-in roles System administrator: SYS in Oracle, SA in SQL Server Database administrator: all privileges over the database Operations control: perform certain operations such as backup and recovery 2011 Fall 7 ITEC 450

8 A UTHENTICATION Authentication – restricting access to legitimate users DBMS user ID and password Password guidance and enforcement Operating system login ID and password LDAP authentication A global login account is established for enterprise access In order to access a database, the global login account has to be associated with the database. It is a single sign-on or with same login and password 2011 Fall 8 ITEC 450

9 A UDITING Auditing – ensuring accountability and inspection When auditing is enabled, the DBMS will produce an audit trail of database operations. Auditing level – database, user, object Auditing issues – performance degradation, storage usage Examples of audit facilities Login and logoff attempts Commands issued to an object Stored procedure executions 2011 Fall 9 ITEC 450

10 E NCRYPTION Encryption – protect sensitive data in the database It is a security technique that encodes legible data into a scrambled format. Encryption consists of applying an encryption algorithm to data using some pre-specified encryption key. The resulting data has to be decrypted using a decryption key to recover the original data. Examples of encryption Public key encryption Digital signature 2011 Fall 10 ITEC 450

11 E NTERPRISE S ECURITY Enterprise security – managing the security of the entire organizational information structure beyond database itself System-related issues: Operating system, database physical files, network access and control Legal and ethical issues 2011 Fall 11 ITEC 450

12 M ODULE 3 D ATABASE M ANAGEMENT Section 4 User Management and Security in Oracle 12 ITEC 450 2011 Fall

13 U SER M ANAGEMENT Creating a new user Privilege required: “create user” system privilege SQL> CREATE USER mobeydick IDENTFIEDY BY whitewhale; Altering a user – modifying password, assign resource, etc. Privilege required: “alter user” system privilege SQL> ALTER USER Jim IDENTIFIED BY red; SQL> ALTER USER Jim DEFAULT TABLESPACE users; Resource Default tablespace, temporary tablespace Profile: limit on the amount of resources a user can use 2011 Fall 13 ITEC 450

14 O RACLE P RIVILEGES In oracle, there are two types of privileges: system and object. System privilege - allowing a user to perform a particular action within the database, or on any schema objects Object privilege - gives user ability to perform some operations on a specific object such as table, view, procedure, function. A role is a named group of collected system and object privileges. 2011 Fall 14 ITEC 450

15 S YSTEM P RIVILEGE System privilege - allowing a user to perform a particular action within the database, or on any schema objects Privilege required: the system privilege with ADMIN OPTION, or GRANT ANY PRIVILEGE system privilege Examples: CREATE SESSION: connect to a database CREATE ANY INDEX, SELECT ANY TABLE Information is stored in: dba_sys_privs 2011 Fall 15 ITEC 450

16 O BJECT P RIVILEGE Object privilege - gives user ability to perform some operations on a specific object such as table, view, procedure, function Privilege required: the owner of the object, object privileges with the GRANT option, GRANT ANY OBJECT system privilege Examples: GRANT SELECT, INSERT ON Titles to user1; Information is stored in: dba_tab_privs 2011 Fall 16 ITEC 450

17 O RACLE N AMING C ONVENTION In Oracle data dictionary, most object names begin with one of three prefixes: USER_information about objects owned by the user performing the query ALL_ information from USER plus other objects on which privileges have been granted to PUBLIC or to the user DBA_all database objects, regardless of owner Oracle dynamic views: current instance information V$v$session contains info of all current sessions 2011 Fall 17 ITEC 450

18 E XAMPLES OF D ATA D ICTIONARY V IEWS DBA_USERS – information about all user accounts DBA_ROLES – all the roles in the database USER_TAB_PRIVS – table privileges for which you are the grantee, the grantor, or the object owner USER_SYS_PRIVS – system privileges that have been granted to the user USER_ROLE_PRIVS – roles that have been assigned to the user SESSION_PRIVS – system privileges currently enabled for the login user SESSION_ROLES – roles currently enabled for the user 2011 Fall 18 ITEC 450

19 M IDTERM R EVIEW DBA roles and responsibilities DBMS architecture and selection drivers Oracle architecture database vs. instance logical and physical structures high-level understand background processes and memory structure DBMS installation basics, change consideration Database design: conceptual, logical, and physical design Database connectivity layers, ODBC/JDBC architecture Oracle Net, Listener, purposes of “listener.ora” and “tnsnames.ora” Database change: types, impacts, and management Database high-availability problems and solutions Database security: aspects, authorization, authentication Oracle privileges: system and object, roles 2011 Fall 19 ITEC 450

Download ppt "I NTRODUCTION OF W EEK 7  Assignment Discussion  Graded: 3-1-2 (Creation of Database) (All submitted!)  Naming standard, Logical to physical design."

Similar presentations

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.

Chapter 23 Database Security and Authorization Copyright © 2004 Pearson Education, Inc.
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 12 System and Object Privileges.
Database Management System

Database Management System
10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/25/2001Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 15 Database Administration and Security.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 15 Database Administration and Security.
System Administration Accounts privileges, users and roles

System Administration Accounts privileges, users and roles
Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.

Backup The flip side of recovery. Types of Failures Transaction failure –Transaction must be aborted System failure –Hardware or software problem resulting.
Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.

Oracle8 - The Complete Reference. Koch a& Loney1 By What Authority? Presented by Victor Matos.
About physical design After you have provided your scripts Understand the problems Present a template that can be used to report on the physical design.

About physical design After you have provided your scripts Understand the problems Present a template that can be used to report on the physical design.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Advanced Databases Basic Database Administration Guide to Oracle 10g 1.

Advanced Databases Basic Database Administration Guide to Oracle 10g 1.
Database Security Managing Users and Security Models.

Database Security Managing Users and Security Models.
10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.

10/5/1999Database Management -- R. Larson Data Administration and Database Administration University of California, Berkeley School of Information Management.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
D ATABASE A DMINISTRATION ITEC 450 Fall 2012 Instructor: Dr. Rama Gudhe.

D ATABASE A DMINISTRATION ITEC 450 Fall 2012 Instructor: Dr. Rama Gudhe.
ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.

ISOM MIS3150 Data and Info Mgmt Database Security Arijit Sengupta.
Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 3 Administration of Users.
D ATABASE A DMINISTRATION ITEC 450 Fall 2011 Instructor: Dr. Justin M. Wang.

D ATABASE A DMINISTRATION ITEC 450 Fall 2011 Instructor: Dr. Justin M. Wang.
Chapter 101. 2 Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.

Chapter Oracle Server An Oracle Server consists of an Oracle database (stored data, control and log files.) The Server will support SQL to define.
By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

By Lecturer / Aisha Dawood 1.  Administering Users  Create and manage database user accounts.  Create and manage roles.  Grant and revoke privileges.

Similar presentations

Ads by Google