Presentation is loading. Please wait.

Presentation is loading. Please wait.

© 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 1 IT 390 Business Database Administration Unit 8:

Published byMelvyn Wiggins Modified over 9 years ago

Similar presentations

Presentation on theme: "© 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 1 IT 390 Business Database Administration Unit 8:"— Presentation transcript:

1 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 1 IT 390 Business Database Administration Unit 8: Security Management and the Multi-user Environment

2 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 2 Objectives Explain the importance of security in SQL Server 2000. Identify basic database security features and roles. Describe the SQL Server 2000 security models. Plan and monitor security in SQL Server 2000. Implement Authentication on a Microsoft SQL Server Database. Explain authentication modes and mechanisms in SQL Server 2000.

3 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 3 Security controls access the system resources, such as computer systems and databases. SQL Server 2000 provides a reliable interface by authorizing users to use the system resources. Provide SQL Server 2000 security at the following levels:  Physical  Manual Security in SQL Server 2000

4 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 4 Provides protection from the hackers and safeguards the database against unauthorized access. Ensure security through the following:  Roles  Permissions  Authentication mechanisms  Authentication modes SQL Server 2000 Security Model

5 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 5 The SQL Server 2000 logins let you authorize users to access the database by specifying valid usernames and passwords. Groups are a collection of database members who are given permissions to use the SQL Server 2000 database. Roles group users according to their database use. User Logins, Groups, and Roles

6 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 6 Thomas, the DBA of a company wants to differentiate authorized users into readers, writers, and modifiers of the SQL Server 2000 database. Which part of the security model would enable him to do this task? Activity

7 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 7 Thomas, the DBA of a company wants to differentiate authorized users into readers, writers, and modifiers of the SQL Server 2000 database. Which part of the security model would enable him to do this task? A Role Solution

8 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 8 ACID Transactions Acronym ACID transaction is one that is Atomic, Consistent, Isolated, and Durable Atomic means either all or none of the database actions occur Durable means database committed changes are permanent

9 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 9 ACID Transactions Consistency means either statement level or transaction level consistency.  Statement level consistency: each statement independently processes rows consistently  Transaction level consistency: all rows impacted by either of the SQL statements are protected from changes during the entire transaction. With transaction level consistency, a transaction may not see its own changes.

10 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 10 ACID Transactions Isolation means application programmers are able to declare the type of isolation level and to have the DBMS manage locks so as to achieve that level of isolation SQL-92 defines four transaction isolation levels:  Read uncommitted  Read committed  Repeatable read  Serializable

11 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 11 Transaction Isolation Level

12 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 12 Concurrency Control Concurrency control ensures that one user’s work does not inappropriately influence another user’s work  No single concurrency control technique is ideal for all circumstances  Trade-offs need to be made between level of protection and throughput

13 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 13 Atomic Transactions A transaction, or logical unit of work (LUW), is a series of actions taken against the database that occurs as an atomic unit  Either all actions in a transaction occur or do none of them

14 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 14 Errors Introduced Without Atomic Transaction

15 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 15 Errors Prevented With Atomic Transaction

16 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 16 Concurrent Transaction Concurrent transactions refer to two or more transactions that appear to users as they are being processed against a database at the same time. In reality, CPU can execute only one instruction at a time.  Transactions are interleaved meaning that the operating system quickly switches CPU services among tasks so that some portion of each of them is carried out in a given interval. Concurrency problems: lost update and inconsistent reads.

17 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 17 Concurrent Transaction Processing

18 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 18 Lost-Update Problem

19 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 19 Resource Locking Resource locking prevents multiple applications from obtaining copies of the same record when the record is about to be changed

20 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 20 Lock Terminology Implicit locks are locks placed by the DBMS Explicit locks are issued by the application program Lock granularity refers to size of a locked resource  Rows, page, table, and database level Large granularity is easy to manage but frequently causes conflicts Types of lock  An exclusive lock prohibits other users from reading the locked resource  A shared lock allows other users to read the locked resource, but they cannot update it

21 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 21 Concurrent Processing with Explicit Locks

22 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 22 Serializable Transactions Serializable transactions refer to two transactions that run concurrently and generate results that are consistent with the results that would have occurred if they had run separately. Two-phased locking is one of the techniques used to achieve serializability.

23 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 23 Two-phased Locking Two-phased locking  Transactions are allowed to obtain locks as necessary (growing phase).  Once the first lock is released (shrinking phase), no other lock can be obtained. A special case of two-phased locking.  Locks are obtained throughout the transaction.  No lock is released until the COMMIT or ROLLBACK command is issued.  This strategy is more restrictive but easier to implement than two-phased locking.

24 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 24 Deadlock Deadlock, or the deadly embrace, occurs when two transactions are each waiting on a resource that the other transaction holds. Preventing deadlock  Allows users to issue all lock requests at one time.  Requires all application programs to lock resources in the same order. Breaking deadlock  Almost every DBMS has algorithms for detecting deadlock.  When deadlock occurs, DBMS aborts one of the transactions and rollbacks partially completed work.

25 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 25 Deadlock

26 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 26 Optimistic versus Pessimistic Locking Optimistic locking assumes that no transaction conflict will occur:  DBMS processes a transaction; checks whether conflict occurred: If not, the transaction is finished If so, the transaction is repeated until there is no conflict Pessimistic locking assumes that conflict will occur:  Locks are issued before a transaction is processed, and then the locks are released Optimistic locking is preferred for the Internet and for many intranet applications

27 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 27 Optimistic Locking

28 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 28 Pessimistic Locking

29 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 29 Declaring Lock Characteristics Most application programs do not explicitly declare locks due to its complication Instead, they mark transaction boundaries and declare locking behavior they want the DBMS to use  Transaction boundary markers: BEGIN, COMMIT, and ROLLBACK TRANSACTION Advantage  If the locking behavior needs to be changed, only the lock declaration need be changed, not the application program

30 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 30 Marking Transaction Boundaries

31 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 31 Can you… ? Differentiate between the Windows NT/2000 authentication mode and Mixed security mode.

32 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 32 Authentication in SQL Server 2000 The process of validation of the SQL Server 2000 database users file by these two modes of authentication:  Windows NT/2000 authentication mode  Mixed security mode

33 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 33 Planning and Monitoring Security Security planning deals with the decisions by which the users are permitted to access a part of the database. SQL Server 2000 provides two types of permissions:  Statement permissions  Object permissions

34 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 34 Planning and Monitoring Security (cont.) The SQL Server 2000 permissions can exist in any of the following modes:  Grant  Deny  Revoke

35 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 35 You can implement a security scheme using the following SQL statements: GRANT: You specify the following options in a GRANT statement:  The list of privileges to be granted  The name of the table or views to which the privileges apply  The User ID to which the privileges are granted REVOKE: Similar to granting privileges, you can revoke all privileges on a table from a user. The cascading effect of the REVOKE statement varies with the kind of privilege you are working. Establishing a Security Scheme

36 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 36 System-level privileges: System-level privileges are applied to a particular user account and may include commands to create a table or a view, alter, drop, and modify a table, or to select specific data from a table. Object-level privileges: Object-level privileges are granted on a table or a view that the user must be allowed to access. In SQL, the following privileges can be specified for each table or view Object: SELECT, INSERT, DELETE, and UPDATE. Types of Privileges

37 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 37

38 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 38

39 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 39 Activity Are the following SQL syntax correct?  Syntax 1:  Syntax 2: GRANT CONNECTION TO Joe REVOKE CONNECT FROM Matthew

40 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 40 Solution  Syntax 1: The syntax is wrong and the correct form is:  Syntax 2: The syntax is correct. GRANT CONNECT TO Joe

41 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 41 In a nested transaction, the outer most transaction needs to be committed so that the complete structure is saved. Save Points are last good known committed flags in the transaction log, to which a transaction can be rolled back. State Whether True or False

42 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 42 Solutions Statement 1 is True. Statement 2 is True.

43 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 43 Concurrency Concurrency involves using the most updated data in a networked environment.

44 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 44 Activity Identify the concurrency issue.  The business unit of Ethnic Blends Inc. in Tokyo sells the last remaining stock of a famous designer. Due to a technical flaw in the network, the unit at Paris could not update the same transaction. It receives a request for the same product and processes the new transaction. Which concurrency issue has taken place?

45 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 45 Solution The lost update concurrency issue.

46 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 46 Activity Identify the concurrency issue.  The Finance department is updating the annual packages of the employees of Ethnic Blends Inc. The appraisal is part of the annual bonus agreement. At the same time the MIS department tries to retrieve the average annual package of all the departments. This is done to prepare the annual reports. Which concurrency issue takes place?

47 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 47 Solution The incorrect summary problem.

48 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 48 Activity Identify the concurrency issue.  The finance department of Ethnic Blends have finally updated the salary structure of employees of all departments. By mistake, the Sales department updating does not get committed. The Tax department is now calculating the return taxes and the Sales department figures are giving contradictory results. Which concurrency issue has taken place?

49 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 49 Solution The uncommitted dependency problem.

50 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 50 Concurrency Control Technique The methods used for eradication of concurrency issues are known as concurrency control techniques.

51 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 51 Activity Identify the concurrency control technique used.  The EmployeeID details is unique for each employee. In cases where employee join or leave Ethnic Blends, the database modifications are performed with respect to the EmployeeID. For addition or removing an Employee record, exclusive rights need to be assigned to a transaction. Which concurrency control technique should be used?

52 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 52 Solution Lock-based protocols.

53 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 53 Activity Identify the type of failure.  During a commit process for an online transaction, the billing department system fails to bill the customer’s account. Due to this, the purchasing process does not complete successfully. What could be the type of failure if given that the network and peripherals were error-free?

54 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 54 Solution Transaction failure

55 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 55 Activity Harry, the DBA of a company wants to deny a Windows 2000 group to connect to SQL Server 2000 and grant a user account, on the current database, for an SQL Server 2000 login. Which system stored procedures should he use?

56 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 56 Solution Harry, the DBA of a company wants to deny a Windows 2000 group to connect to SQL Server 2000 and grant a user account, on the current database, for an SQL Server 2000 login. Which system stored procedures should he use? sp_grantdbaccess sp_denylogin

57 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 57  Understanding and maintaining security on a database requires a wide variety of skills.  A DBA should have a good grasp on basic transaction and security guidelines and what kinds of things can go wrong without that understanding and implementation.  Some of the commands an Administrator must be familiar with in-depth are GRANT, DENY and REVOKE. Summary

58 © 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 58  Did you understand the key points from the Lesson?  Do you have any questions? Summary

Download ppt "© 2006 ITT Educational Services Inc. Course Name: IT390 Business Database Administration Unit 8 Slide 1 IT 390 Business Database Administration Unit 8:"

Similar presentations

Indra Budi indra@cs.ui.ac.id Transaction Indra Budi indra@cs.ui.ac.id.

Indra Budi Transaction Indra Budi
Chapter 16 Concurrency. Topics in this Chapter Three Concurrency Problems Locking Deadlock Serializability Isolation Levels Intent Locking Dropping ACID.

Chapter 16 Concurrency. Topics in this Chapter Three Concurrency Problems Locking Deadlock Serializability Isolation Levels Intent Locking Dropping ACID.
TRANSACTION PROCESSING SYSTEM ROHIT KHOKHER. TRANSACTION RECOVERY TRANSACTION RECOVERY TRANSACTION STATES SERIALIZABILITY CONFLICT SERIALIZABILITY VIEW.

TRANSACTION PROCESSING SYSTEM ROHIT KHOKHER. TRANSACTION RECOVERY TRANSACTION RECOVERY TRANSACTION STATES SERIALIZABILITY CONFLICT SERIALIZABILITY VIEW.
Database Administration Chapter Six DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 4 th Edition.

Database Administration Chapter Six DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 4 th Edition.
Data and Database Administration Chapter 12. Outline What is Concurrency Control? Background Serializability  Locking mechanisms.

Data and Database Administration Chapter 12. Outline What is Concurrency Control? Background Serializability  Locking mechanisms.
Database Administration Chapter Six DAVID M. KROENKE’S DATABASE CONCEPTS, 2 nd Edition.

Database Administration Chapter Six DAVID M. KROENKE’S DATABASE CONCEPTS, 2 nd Edition.
Transaction Management and Concurrency Control

Transaction Management and Concurrency Control
Prentice Hall © 2004 1 COS 346 Day 18. 7-2 Agenda Questions? Assignment 8 Due Assignment 9 posted –Due April 2:05 PM Quiz 2 Today –SQL Chaps 2-19.

Prentice Hall © COS 346 Day Agenda Questions? Assignment 8 Due Assignment 9 posted –Due April 2:05 PM Quiz 2 Today –SQL Chaps 2-19.
10 1 Chapter 10 Transaction Management and Concurrency Control Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.

10 1 Chapter 10 Transaction Management and Concurrency Control Database Systems: Design, Implementation, and Management, Seventh Edition, Rob and Coronel.
Transaction Management and Concurrency Control

Transaction Management and Concurrency Control
Transaction Management and Concurrency Control

Transaction Management and Concurrency Control
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 4-1 David M. Kroenke Database Processing Chapter 9 Managing Multi- User.

DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 4-1 David M. Kroenke Database Processing Chapter 9 Managing Multi- User.
Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.

Database Systems: Design, Implementation, and Management Eighth Edition Chapter 10 Transaction Management and Concurrency Control.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 9-1 COS 346 Day 19.

DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 9-1 COS 346 Day 19.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 8-1 COS 346 Day 18.

DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition © 2006 Pearson Prentice Hall 8-1 COS 346 Day 18.
Chapter 9 Transaction Management and Concurrency Control

Chapter 9 Transaction Management and Concurrency Control
Database Administration

Database Administration
Database Administration Chapter Six DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 6 th Edition.

Database Administration Chapter Six DAVID M. KROENKE and DAVID J. AUER DATABASE CONCEPTS, 6 th Edition.
9 Chapter 9 Transaction Management and Concurrency Control Hachim Haddouti.

9 Chapter 9 Transaction Management and Concurrency Control Hachim Haddouti.
Database Administration Part 1 Chapter Six CSCI260 Database Applications.

Database Administration Part 1 Chapter Six CSCI260 Database Applications.

Similar presentations

Ads by Google