LIBR 242 Database Management Assignment 7

Angelo Roselle
San Jose State University
Libr 242 Database Management
April 19, 2009

Excellent! Grade: 10 out of 10 points

Total points possible: 10

Target Due Date: 2009-05-04

Database Management - Assignment 7

Questions:

1. Describe Microsoft’s ODBC. What is it and what does it do

for you?
Microsoft’s OBDC (Open Database Connectivity) is a
commonly-used database connectivity interface, which is part of
the database middleware. It is Microsoft software that connects
databases to application programs. This is done by enabling
windows applications using SQL to connect to relational data
sources by way of an API (application programming interface).
The primary components of ODBC are 1) a high-level ODBC
application programming interface that allows application
programs to use ODBC functionality, 2) A driver manager that
manages the database connections, and 3) An ODBC driver that
connects to the DBMS. By incorporating ODBC database drivers
into their databases, vendors are enabling standard Windows
applications to access their databases. This is a great option
as it allows for the standard applications to be compatible with
the database. To use ODBC, one first has to define a data source
by creating a DSN (data source name). Next one must provide an
ODBC driver, which would be specific to the DBMS that in use. A
DSN name is also needed, which is a unique name used to identify
the data source for the ODBC. The last step is to supply ODBC
driver parameters so that one can connect to the database. Once
the data source is defined by creating a DSN, application
programmers will be able to issue commands which will allow them
to write to the ODBC API. Why is Microsoft’s ODBC connectivity
interface important? The reason Microsoft’s ODBC has become the
de facto database connectivity interface is that it gives users
running an application the ability to connect to multiple
databases concurrently.
 LIBR 242 Database Management Assignment 7

2. Rewrite the step-by-step trace of the Web-to-database

middleware using specific example involving user search for a
book using a library Web site.

1. George is a student at the University of Ophelia and he is at

home writing a research paper (due tomorrow) on the movement of
the Eastern people into the Byzantine Empire. He wants to find a
book called “Eastern people and the Byzantine Empire” from U of
O’s library so that he can begin writing his paper. George logs
onto his computer and opens up his browser. After bringing up
the library web site, and typing in his search query, George’s
browser sends a page request for this book to the Web server.

2. The Web server receives the request from George’s browser and
validates the request. After realizing the request contains
script language, the web server passes the request to the Web-
to-database middleware for processing.
3. The Web-to-database middleware reads, validates, and executes
the script, which it then passes along to the library database
by moving the query through the database connectivity layer. For
this example, the middleware could be Microsoft’s ODBC.
4. The library database server executes the query (i.e. it finds
the book in its database) and tells the Web-to-database
middleware that George is in luck and passes along the results.
5. The Web-to-database middleware assembles the result set
obtained from the library database server. Next the middleware
will pass along the query results (the data about the book, e.g.
its availability, its location, numbers in stock, isbn numbers,
etc) in a nicely formatted HTML page to the Web server.
6. The Web server will then send this new HTML page (remember,
this is a dynamic query in that George is looking for real time
results about the book) back to George’s browser.
7. George’s browser receives the HTML page that shows him that
the library does currently have a copy of “Eastern People and
the Byzantine Empire” and it is located on the second floor in
the antiquities section.

3. What is XML and describe a common way to present data stored

in XML format.Give a specific example.
XML stands for “Extensible Markup Language” and it is meant
to be a simple way store and transfer data over the internet
through a variety of applications or systems. XML elements are
created or defined by an author, and tags are not predefined;
therefore, data elements can be manipulated to fit particular
 LIBR 242 Database Management Assignment 7

data or a company’s internet document. XML is “self descriptive”

so that an XML document can be easily understood and a user can
know what information is contained in it as well as the
structure of that information. Similar to HTML, XML also has
strict rules and formats for tags that must be followed to be
valid. Validation of XML documents happens though using DTD
(Document Type Definition) and XSD (XML Schema Definition).
There must be an XML declaration statement, elements must have
an opening and closing tag, also if there is an attribute value
it must be within quotes. All elements must be properly nested.
A user may want to share data with other users without worrying
about incompatible between applications or systems, and XML
provides the ability to make this happen.
An example of how XML is used could be found within the
archival community. The archival community has been using XML to
encode archival finding aids, as XML provides a standardized and
structured way to move traditional hard copy finding aids into
an electronic format. Archivists use standard EAD (Encoded
Archival Description) for encoding archival finding aids by
using XML. The reason that XML is important is that it focuses
on how data is described and represented, which enables easy
maintenance and manipulation of structured documents. Finding
aids that use valid XML are able to be shared with other
archival repositories that may be running different applications
without conflict. XML is “self describing,” and as long as the
finding is correctly structured with a declaration statement,
properly tagged elements with opening and closing tags, and
valid XML syntax, an archivist creating an EAD for a finding aid
could use the following XML tags: <ead>This would enclose the
entire finding aid</ead>; <eadheader>This would enclose various
other finding aid specific tags such as <filedesc>file
description would go here</filedesc> and <profiledesc>profile
description would go here</profiledesc></eadheader>; <archdesc>
This would enclose several other descriptive tags such as
<abstract> finding aid abstract would go here</abstract> and
<scopecontent>the scope text would go here </scopecontent>
</archdesc>; and I can continue to add other nested
tags/elements (e.g. container, physical description, item dates,
etc) to this file. Some archival institutions may add more
advanced XML elements/tags to their finding aids, and some may
go with only the basic standard tags, but these files would be a
standard way to share and make available archival finding aids.

4. Define security and privacy. How are these two concepts

related to each other?
 LIBR 242 Database Management Assignment 7

Security refers to the actions taken to protect an

information system by maintaining confidentiality, integrity,
and availability of data. Maintaining confidentiality means
proper measures should be taken to ensure that unauthorized
access to data is not allowed, but if authorized users access
the data, then confidentiality also means ensuring that the way
data is being used is allowed. Having integrity means that data
is consistent and does not have data anomalies. Availability
requires actions that allow authorized access to data when it is
needed by protecting against service interruptions of the system.
Privacy refers to the rights of people and organizations to
determine who is allowed to access the data, as well as when,
where, and how that data is allowed to be used.
Maintaining security by ensuring confidentiality,
integrity, and availability of data is closely related to
privacy. In a shared data environment, such as a library DBMS,
numerous users (authorized and unauthorized) may attempt to
access data. Management tools should be used to provide data
security while at the same time permitting people to determine
the rights of access to data by other users. These management
tools and security measures allow for certain people within an
organization to protect the data (security) from unauthorized
users and system interruptions. At the same time, these people
managing the security aspects of the DBMS are also deciding who
will have access to the data (privacy) by saying when, where,
and how that data can be accessed and used.

5. Discuss Disaster Management as it might relate to a Library

system database. What are the risks/rewards of the different
type of backup techniques?
Disaster can happen both in the form of physical disasters
and internal database failures. Whatever type of disaster,
disaster management needs to be in place to insure the safety of
the data by providing a way to recover the data if necessary. As
I read about disaster management in our text book, I immediately
thought about how I could relate this discussion to Southern
California Libraries. Southern California is well-known for two
types of physical disasters that happen every year, fires and
earthquakes. Both of these disasters can greatly damage a
library’s database. Libraries are often places that people rely
on to help get back on their feet, and if patron and company
data is either partially to totally lost and there was not a
proper backup carried out, then it can be devastating to the
library as recovery of the data would be impossible. The
database administrator of the library system database must work
to foresee all possible disaster, both physical and internal,
and design and test out data backup and recovery options.
 LIBR 242 Database Management Assignment 7

There are several options available for backing up data

and implementing contingency plans. There are full backups,
which is when the entire database is copied as a backup. Every
object within the database will be copied. A recovery of a
database using a full backup is convenient as all the data is in
the backup disk. Creating a full backup of a database is a great
option for securing all data objects; however, to constantly be
running full backups is not practical unless the company has a
lot of time and money to invest in backup and storage of the
database copies. Another option is an incremental backup, which
only backups data changed since the last backup. This is
definitely quicker type of backup and would save the company
both time and money; still, a database administrator cannot only
rely on incremental backups because if it has been awhile since
the last full backup, the incremental backup will be backing up
large amounts of data similar to a full backup. In addition, to
recover data after a data loss would mean using backup disks
from both the full backup and an incremental backup which may
not be convenient if trying to speed up the recovery process.
It may be a good idea to have a full backup scheduled at a set
time (once a week) with incremental backups run every day until
the next week’s full backup. The third option is a concurrent
backup, a concurrent backup happens while the database is in use.
As data is added or changed, the database will be backed-up. A
concurrent backup is a faster backup method and if a disaster
happens without warning, the data will already be stored and
easier to recover, but constantly running a concurrent backup
will add time to the daily managing of the database.

6. Describe how you might manage users of a library system and

what security considerations might there be?
A database administrator has the privilege of designating
users, roles, and profiles within a system. If I was the DBA of
a library system, security would be my primary concern as I
would be worried about the database locking up or having errors
as the result of a user’s access to it. It would take some
research of users tasks within the library to determine how best
to assign privileges and roles for the users. The users with
access to the database in the library system would range from
interns and librarians up to department managers and the
director. The access privileges would differ for each user
dependent upon the tasks they perform. It would be a requirement
for all users with access to the database to be issued a logon
user ID. As users are not usually security minded, passwords
with expiration dates would be assigned to all users and users
will be issued a “change your password” warning every day for
 LIBR 242 Database Management Assignment 7

two weeks following up to the expiration date. If passwords are

not changed, the system will lock them out. This would help keep
unauthorized users, or users that are no longer part of the
library to be kept out of the system. Also, preventing
unauthorized users from accessing the library system would mean
limiting the time that a user is idle after login. If a user is
logged on but idle longer than 20 minutes, I would want them to
be disconnected. Dependent upon the size of the library system,
limiting storage space will be most likely a top priority on my
part in managing users.
Most of the librarians and front desk staff will have
limited access to the database. Interns will only be granted
read-only privileges as they are not true employees. Some
librarians will be given a CONNECT role that allows them to
connect to the database and modify some tables and views;
however, they would not be allowed to change other database
objects or create triggers and procedures. Designating RESOURCE
and DBA roles will be assigned to a select few after
consultation with the department managers and director about the
various tasks of the departments. It is unlikely that I would
assign these roles to many individuals as these roles will be
kept to the data management department. Security issues include
unauthorized access to objects, former users accessing the
system and maliciously modifying objects and data, and
unauthorized physical access to the DBMS facilities. Keeping a
secured database system is key, and I would want to implement as
many safeguards to the system as possible.

7. Describe Stored Procedures and Triggers and give an example

of how that might be used in a Library system database.
A stored procedure is a named group of procedural and SQL
statements which are stored in a database. The primary benefit
of a stored procedure is that several SQL statements for a
particular business transaction can be grouped and executed as a
single transaction. Stored procedures also help to speed up the
database because individual SQL statements do not travel over
the systems network, but can be committed locally in the RDBMS.
In addition, stored procedures work to reduce the duplication of
code. A trigger is procedural SQL code that goes into action
when there is a change in a database table (e.g. INSERT, UPDATE,
or DELETE) as the result of a database transaction. Triggers are
important tools that help to enforce business or security
constraints, help in creating audit logs, useful for
automatically generating derived column values, and for creating
replica tables for backups. In a library database system, these
tools would be helpful in enforcing library business rules. For
 LIBR 242 Database Management Assignment 7

example, a library patron wants to check out 15 library items,

the limit on the items checked out per patron is set at 20 items.
This library patron already has 10 items checked out. If a
trigger was set in the library system database it would enforce
the business rule that requires at least 5 of the 10 checked out
items be returned before the 15 new items are checked out. Both
stored procedures and triggers are useful tools for database
automation, enforcing business rules, and increasing the
performance of a system database.

8. What special considerations must you take into account when

you consider the introduction of a DBMS into an organization?
There are several special considerations that must be
taken into account if one is introducing a DBMS into an
organization. It would be unwise to put a DBMS into operation in
a library without considering the users that may be reluctant to
accept this change or users that lack the technical skills to
adapt to it. Even though a DBMS might be designed well, it could
still be problematic if not administered correctly. The first
consideration would be selecting a DBMS that matches the storage,
access, and security needs of the library. If the DBMS does not
fit the library’s needs, then there will be problems from the
start. The individuals working on installing the DBMS must not
only be knowledgeable about the DBMS, but also about the library
(or organization) that they are bringing the DBMS into. All
aspects of the information system and inner workings of the
current information system in place need to be understood. These
people need to be able to communicate with others in the
organization and provide technical support as well as proper
training, because if there is a breakdown in communication, the
move to this new database system may be held back.
One must consider current personnel within the library.
Are there enough knowledgeable people within management to
administer the DBMS once it is set up? If there are not people
to fill these roles, a top priority will be finding new
personnel. One will also have to consider the costs associated
with training current staff or brining in new personnel to work
with this new database system. What type of budget and resources
are available for implementing the DBMS? Change will be brought
about in the library with the introduction to the DBMS and the
new shared-data environment. It will be important to think about
the library staff’s attitudes towards this change. Some
department supervisors in this library may have been accustomed
to working with data in their own scheme for a long time and be
unwilling to change. With this new DBMS, there may be problems
in not only training these managers, but also in trying to
 LIBR 242 Database Management Assignment 7

convince them of the need and importance of the DBMS. Even once
the DBMS is up and running, it will take time to work out the
kinks with the current library personnel; therefore, it will be
essential to consider the types of problems that may be faced
from the various departments within the library. If these
problems, such as opposition to the DBMS or lack of technical
skills, are thought through before introducing the DBMS, the
transition will be smoother. If or when these issues do arise,
steps will need to be taken to provide support and shore up
confidence in the new system.

9. Who is the database administrator? Describe the DA's

responsibilities.
A database administrator is the person in charge of the
day-to-day operations of the DBMS by making sure that it
functions correctly; therefore, it must be noted that the
database administrator has an extremely important job. In
addition to evaluating, selecting, installing, and upgrading the
DBMS, the database administrator is the technical supervisor of
the DBMS and must constantly test the DBMS and its components to
make certain that it does not have bugs or irregularities. This
position also requires the database administrator to implement
policies and programming standards for the DBMS, manage hardware
and software components, and deal with security issues and
organize data backup and recovery procedures. The database
administrator has the task of assigning users, roles, and
profiles for the system. This is a vital part of the database
administrator’s job as security issues may arise as a result of
decisions made on the part of the database administrator.
Another responsibility is determining backup and recovery
procedures for the DBMS, such as whether to run full backups,
full backups with incremental backups, or implementing
concurrent backups. Foreseeing disasters and preparing for
numerous problems as the result of physical or internal
disasters is critical to the database administrator’s role.
Although the DA’s and the DBA’s roles are similar in many
cases, the DA’s responsibilities differ from DBA’s in that the
data administrator (DA) usually plays a more executive role than
the database administrator (DBA) and usually has a higher degree
of responsibility. The DBA role is more focused on the technical
operations of the DBMS even though they may do may do similar
work as the DA. The DA’s responsibilities are more general in
nature as the DA has to deal with data outside the scope of the
DBMS and oversee data resources that are not in the DBMS.
 LIBR 242 Database Management Assignment 7

10. Define the concept of a data dictionary. Then discuss the

different types of data dictionaries. If you were to manage an
organization's entire data set, what characteristics would you
look for in the data dictionary?
The data dictionary is an essential administration tool for
a DBMS. It stores metadata, which is the data about the data in
the DBMS. In other words, how does certain data relate to other
data, how is the data used, who is using this data, what
programs have accessed the data, and details related to the
creation of tables and indexes. The data dictionary is a tool
that helps the database administrator fix data issues within the
system. This information that the data dictionary stores helps
monitor authorized usage as detailed information can be queried
to bring up usage history.
There are two main types of data dictionaries, integrated
and standalone. An integrated data dictionary is one that is an
internal part of the DBMS and is the standard type of data
dictionary in a relational DBMS; however, it only stores
metadata that is managed by the DBMS and is specific to that
DBMS. A standalone data dictionary is a third-party data
dictionary that exists outside the original DBMS and may be used
as alternative to integrated data dictionaries. In contrast to
the integrated data dictionary, a standalone dictionary is more
flexible as it enables the database administrator to not only
manage the DBMS information, but also the non-computerized data
that is found outside of the DBMS. In addition, there are active
data dictionaries and passive data dictionaries. As the name
suggests, an active data dictionary is a data dictionary that
automatically updates when the database is accessed, thereby
keeping the metadata current. In contrast, a passive data
dictionary does not automatically update, and a “batch process”
must be manually run.
If I was in charge of managing an organization’s data set,
such as a library’s data set, I would want to choose a data
dictionary that has the best chance of keeping an accurate
account of the information it stores as well as a data
dictionary that maintains the integrity of the metadata. Also, I
think it would be important to have a data dictionary that was
as automated as possible in its updates as that would mean less
manual work for me. In addition, since I am managing the entire
data set and not just the DBMS data, I may consider a data
dictionary that allows me to store information about data
outside of the DBMS in addition to internal data. Although it
may be difficult to find one data dictionary that contains all
these characteristics, and I may have to choose accuracy and
integrity over flexibility, these are characteristics that I
 LIBR 242 Database Management Assignment 7

would definitely look for when evaluating a data dictionary for

incorporation into my DBMS.