MODULE ONE

Databases and Database Systems

Databases and database systems have become an essential component of everyday life in modern
society. In the course of a day, most of us encounter several activities that involve some
interaction with a database. Which one can you think of now? For example, if we go to the bank to
deposit or withdraw funds, if we transact on ATM, if we make a hotel or airline reservation, if we
access a computerized library catalog to search for a bibliographic item, or if we buy some item-
such as a book, toy, or computer-from an Internet vendor through its Web page, chances are that
our activities will involve some computer program accessing a database
Computer databases typically contain aggregations of data records or files, such as sales
transactions, product catalogs and inventories, and customer profiles. Typically, a database
manager provides users the capabilities of controlling read/write access, specifying report
generation, and analyzing usage. Traditional databases are organized by fields, records, and files.
A field is a single piece of information; a record is one complete set of fields; and a file is a
collection of records. For example, a telephone book is analogous to a file. It contains a list of
records, each of which consists of three fields: name, address, and telephone number.
DATA
Data can be defined as the information in a form suitable for processing by a computer, such as
digital representation of txt, numbers, graphic images, or sounds. Strictly speaking, “data” is the
plural of the Latin word “datum”, meaning an item of information, but it is commonly used in both
plural and singular constructions.
DATABASE
A database can be defined as a collection of information that is organized so that it can easily be
accessed, managed, and updated. A system intended for easily organizing, storing and retrieving
large amounts of data, is called a database. In other words, a database holds a bundle of organized
data (typically in digital form) for one or more users.
Database is a collection of related data and data is a collection of facts and figures that can be
processed to produce information. Mostly data represents recordable facts. Data aids in producing
information, which is based on facts. For example, if we have data about marks obtained by all
students, we can then conclude about toppers and average marks.
A database management system stores data in such a way that it becomes easier to retrieve,
manipulate, and produce information.
In one view, databases often abbreviated DB can be classified according to types of content:
bibliographic, full-text, numeric, and images. In computing, databases are sometimes classified
according to their organizational approach. The most prevalent approach is the relational, a tabular
database in which data is defined so that it can be reorganized and accessed in a number of
different ways. A distributed database is one that can be dispersed or replicated among different
points in a network. An object-oriented programming database is one that is congruent with the
data defined in object classes and subclasses.

Database Management Study Pack1 by Prince Asade Mojeed Adeniyi

DATABASE MANAGEMENT SYSTEM (DBMS)
A database management system (DBMS) is system software for creating and managing
databases. The DBMS provides users and programmers with a systematic way to create, retrieve,
update and manage data.
An alternative definition goes thus; A database management system (DBMS) is a computer
software application that interacts with the user, other applications, and the database itself to
capture and analyze data. A general-purpose DBMS is designed to allow the definition, creation,
querying, update, and administration of databases.
DBMS (Database Management System) is actually the whole system used for managing digital
databases which allows storage of database content, creation/maintenance of data, search and other
functionalities. In today’s world a database itself is useless if there is no DBMS associated with it
for accessing its data. But, increasingly, the term Database is used as shorthand for Database
Management System.

Database Architecture
A Database may contain different levels of abstraction in its architecture. Typically, the three
levels: External, Conceptual and Internal make up the database architecture.
External level defines how the users view the data. A single database can have multiple views.
The internal level defines how the data is physically stored.
The conceptual level is the communication medium between internal and external levels.
It provides a unique view of the database regardless of how it is stored or viewed. There are
several types of databases such as Analytical database, Data warehouses and Distributed
databases. Databases (more correctly, relational databases) are made up of tables and they contain
rows and columns, much like spreadsheets in Excel. Each column corresponds to an attribute
while each row represents a single record. For example, in a database, which stores employee
information of a company, the columns could contain employee name, employee Id and salary,
while a single row represents a single employee.
DBMS
DBMS, sometimes just called a database manager, is a collection of computer programs that is
dedicated for the management (i.e. organization, storage and retrieval) of all databases that are
installed in a system (i.e. hard drive or network). There are different types of Database
Management Systems existing in the world, and some of them are designed for the proper
management of databases configured for specific purposes. Most popular commercial Database
Management Systems are Oracle, DB2 and Microsoft Access. All these products provide means of
allocation of different levels of privileges for different users, making it possible for a DBMS to be
controlled centrally by a single administrator or to be allocated to several different people. There
are four important elements in any Database Management System. They are the modeling
language, data structures, query language and mechanism for transactions. The modeling language
defines the language of each database hosted in the DBMS. Currently several popular approaches

Database Management Study Pack2 by Prince Asade Mojeed Adeniyi

like hierarchal, network, relational and object are in practice. Data structures help organize the
data such as individual records, files, fields and their definitions and objects such as visual media.
Data query language maintains the security of the database by monitoring login data, access rights
to different users, and protocols to add data to the system. SQL is a popular query language which
is used in Relational Database Management Systems. Finally, the mechanism that allows for
transactions help concurrency and multiplicity. That mechanism will make sure same record will
not be modified by multiple users at the same time, thus keeping the data integrity intact.
Additionally, DBMSs provide backup and other facilities as well.
Difference between DBMS and Database
• A database is a collection of organized data and the system that manages a collection of
databases is called a Database Management System.
• The database holds the records, fields and cells of data. The DBMS is the tool used to
manipulate the data inside the database. However, the term database is increasingly used as
shorthand for Database Management System. To make the distinction simple, consider and
operating system and the individual files stored in the system.
• Just like you need an operating system to access and modify files in the system, you need a
DBMS to manipulate databases stored in the database system.
The Role of Databases for Strategic Planning
Large databases, traditionally the domain of the financial departments, are increasingly entering
the world of strategic planners. Under the label “business intelligence”, database software and data
mining tools are marketed to strategic planners, and their acceptance is quite obviously on the rise.
Contributing factors could be a change of generations among planners, more user-friendly tools
available, increasing technological experience among those contributing data (who often have a
background in marketing rather than technology) and a narrowing cultural gap between strategic
management and the technology people necessarily involved in setting up and running such
databases.
The main driver behind the spread of strategic management information systems, decision support
systems and strategic planning cockpits, however, is the decision makers’ insatiable hunger for
definitive answers, clear recommendations and solid data. Where traditional strategic concepts like
portfolios or SWOT analyses are highly aggregated and deliberately vague in their conclusions, a
strategic database can assign aggregated discounted cashflow numbers to a selection of potential
future products, based on data from product and region experts across the company. We have to be
aware, however, that the origins of such information about the future remain essentially the same:
extrapolation, projection, estimates and, more often than not, educated guesses.
Working with databases in strategic planning offers some obvious advantages:
▪ Databases help to avoid the chaos of versions and formats that often occurs when strategic
information is traded within the company using standard office tools like tables or
presentations. The data can be located on a central server or even an external cloud under
the control of the corporate IT experts and governed by corporate IT security guidelines.
Adequate access rights for the different users can be set individually or by standard rules.

Database Management Study Pack3 by Prince Asade Mojeed Adeniyi

 ▪ Database user interfaces and data mining programs provide convenient tools to aggregate
and visualize the gathered data, speeding up the process of generating bite-size information
for decision makers and potentially reducing the workload in planning departments
typically short of resources.
▪ The standardization of data going into the database and the tools employed to fill it force
contributors to address a certain minimum of questions in their planning process, adhere to
common conventions and summarize their results in a predefined form.
▪ Everybody discussing a decision can argue based on one agreed set of data, representing
the best available, up-to-date information from experts across the company’s network,
which may include external sales partners, market researchers and consultants.
These advantages, however, come at a price:
▪ The clarity of versions and formats is not so much the result of the database itself, but of
the strictly implemented strategic planning process that necessarily comes with it. If the
thoughts behind a changed estimate in the database or a quick summary for an executive
still end up being communicated in spreadsheets sent by e-mail, the advantage is eroded
and the database becomes just one more data format users have to deal with.
▪ The reduced workload resulting from the use of business intelligence tools has to be
compared to the additional resources needed to set up and run the systems. The needed
expertise will often not be available within the company, and even for the most user-
friendly tools, the actual planning cockpits will in many cases be programmed by external
consultants.
▪ While standardized data structures to be filled define a minimum of questions to be
addressed in generating the data, they also discourage any planning going beyond that,
which may not fit into the database. Such standardization is particularly detrimental to any
qualitative, critical or out-of the-box thinking that could be priceless as an indicator of
possible yet unknown threats or as a source of ideas for future growth not included in
current planning.
▪ The uniform view of the future defined by a planning database tends to reduce the
awareness that the actual future will always be uncertain. The fact that the one future (or, at
best, the generic base/best/worst case structure) defined in the database has been built from
the input of many contributors and has been agreed upon between different departments
makes it particularly difficult to argue against the results and ask the necessary “what ifs”.
Some of these challenges can be addressed early in the process of setting up the database. Looking
for synergies with database solutions already in use in the company, for example in controlling,
can reduce the workload and accelerate the learning curve in the introduction phase. However, it
also may introduce a bias towards processes and structures that are not ideal for information that
contains estimates for an uncertain future rather than numbers from a well-accounted past.
Leaving space for unstructured information within the database costs technical efficiency, but it
may end up containing the one piece of information that avoids the need for parallel data exchange
by e-mail or the decisive warning about an external threat that might otherwise have been unheard.

Database Management Study Pack4 by Prince Asade Mojeed Adeniyi

Asking in time if an external support is to work as a consultant or merely as a programmer can
save time and effort later and can avoid implementing potentially inefficient structures.
It is important to be aware that databases, data mining tools and even strategic planning cockpits
can be an interesting source of information to be taken into account in a decision, but they are not
decision tools. Asking the many “what ifs”, evaluating alternative strategies, testing for different
external scenarios or analyzing potential competitors’ strategies can be done including
information from such a database, but these, the actually decisive steps of strategic planning, are
not done by the database. In most cases, the user interfaces employed are optimized for visualizing
what’s in the database and are not even very well suited for interactively calculating the effects of
assumptions that go beyond the scope of the underlying data structures.
It is, however, possible to develop tools to interactively calculate the impact of many different
“what ifs” on the agreed planning basis, draw all the necessary information from the database and
even write results for different scenarios back to the database, usually in separate but linked
structures. The implementation will depend on the framework used, which will usually be either
relational databases or multidimensional cubes. Furthermore, it depends on whether a separate
data mining interface is used to access and visualize the data and if it should also provide the
interface to the simulation and calculation tool.
In the upcoming weeks, we will look at two case studies on such interactive planning tools linked
to pre-existing databases, both allowing the same scenario and strategic alternative evaluations on
the same data, but in different database environments. One will be a relational database accessed
through a data mining tool, the other a multidimensional cube providing its own user interface. We
will look at similarities and differences of the two implementations and suggest ways to work
around their respective limitations.

Importance of using Database as tool for managing an organization

• Data Sharing is Improved in the Organization. ...
• Improvement in Data Security. ...
• Effective Data Integration. ...
• Database Management Systems Minimize Data Inconsistency. ...
• Better Access to Data.
• Increase In Productivity Of The End User
•Structured vs. Unstructured Data
–Flat file = unstructured data
–Database = structured data
•The Problem with Unstructured Data
–High maintenance costs

Database Management Study Pack5 by Prince Asade Mojeed Adeniyi

–Data Redundancy: the same data will be represented multiple times in the file
–Data dependence: if you change things about the file format then, there will be expensive
changes to programs that use it
–Ensuring data consistency and controlling access to the data is difficult (i.e. you cannot finely
control multi-user access to the file)

•Why Databases?
Purpose of Database Systems
Database management systems were developed to handle the following difficulties of typical file-
processing systems supported by conventional operating systems.
• Reduction of redundancy
• Avoidance of inconsistency
• Sharability
• Standards
• Improved security
• Concurrent access by multiple users
• Data integrity
• Difficulty in accessing data
• Atomicity of updates
• Programmer productivity: More data independence
• Flat files should be used for data exchange between databases.
Characteristics of DBMS
Traditionally, data was organized in file formats. DBMS was a new concept then, and all the
research was done to make it overcome the deficiencies in traditional style of data management. A
modern DBMS has the following characteristics:
Real-world entity: A modern DBMS is more realistic and uses real-world entities to design its
architecture. It uses the behavior and attributes too. For example, a school database may use
students as an entity and their age as an attribute.
Relation-based tables: DBMS allows entities and relations among them to form tables. A user
can understand the architecture of a database just by looking at the table names.
Isolation of data and application: A database system is entirely different than its data. A
database is an active entity, whereas data is said to be passive, on which the database works and
organizes. DBMS also stores metadata, which is data about data, to ease its own process.
Less redundancy: DBMS follows the rules of normalization, which splits a relation when any
of its attributes is having redundancy in values. Normalization is a mathematically rich and
scientific process that reduces data redundancy.

Database Management Study Pack6 by Prince Asade Mojeed Adeniyi

Consistency: Consistency is a state where every relation in a database remains consistent. There
exist methods and techniques, which can detect attempt of leaving database in inconsistent state. A
DBMS can provide greater consistency as compared to earlier forms of data storing applications
like file-processing systems.
Query Language: DBMS is equipped with query language, which makes it more efficient to
retrieve and manipulate data. A user can apply as many and as different filtering options as
required to retrieve a set of data. Traditionally it was not possible where file-processing system
was used.
ACID Properties: DBMS follows the concepts of Atomicity, Consistency, Isolation, and
Durability (normally shortened as ACID). These concepts are applied on transactions, which
manipulate data in a database. ACID properties help the database stay healthy in multi-
transactional environments and in case of failure.
Multiuser and Concurrent Access: DBMS supports multi-user environment and allows them
to access and manipulate data in parallel. Though there are restrictions on transactions when users
attempt to handle the same data item, but users are always unaware of them.
Multiple views: DBMS offers multiple views for different users. A user who is in the Sales
department will have a different view of database than a person working in the Production
department. This feature enables the users to have a concentrate view of the database according to
their requirements.
Security: Features like multiple views offer security to some extent where users are unable to
access data of other users and departments. DBMS offers methods to impose constraints while
entering data into the database and retrieving the same at a later stage. DBMS offers many
different levels of security features, which enables multiple users to have different views with
different features. For example, a user in the Sales department cannot see the data that belongs to
the Purchase department. Additionally, it can also be managed how much data of the Sales
department should be displayed to the user.

Primary Key
Every table must have a primary key. The primary key is a column or set of columns that
identifies a particular row. For example, in the customer table you might use customer name to
find a particular entry. But that column does not make a good key. What if eight customers are
named John Smith? In many cases you will create new key columns to ensure they are unique. For
example, a customer identification number is often created to ensure that all customers are
correctly separated. The relationship between the primary key and the rest of the data is one-to-
one. That is, each entry for a key points to exactly one customer row. To highlight the primary
key, the names of the columns that make up the key will be underlined. The DB Design system
uses a star in front of primary key column names because it is easier to see. You can use either
approach (or both) if you draw class diagrams by hand. As long as everyone on your development
team uses the same notation, it does not matter what notation you choose.

Database Management Study Pack7 by Prince Asade Mojeed Adeniyi

In some cases, there will be several choices to use as a primary key. In the customer example you
could choose name or phone number, or create a unique CustomerID. If you have a choice, the
primary key should be the smallest set of columns needed to form a unique identifier.
Database Administrators :
Administrators maintain the DBMS and are responsible for administrating the database. One of
the main reasons for using DBMSs is to have central control of both the data and the programs
that access those data. A person who has such central control over the system is called a database
administrator (DBA). The functions of a DBA include:
Schema definition. The DBA creates the original database schema by executing a set of data
definition statements in the DDL.
Storage structure and access-method definition.
Schema and physical-organization modification. The DBA carries out changes to the schema
and physical organization to reflect the changing needs of the organization, or to alter the physical
organization to improve performance.
Granting of authorization for data access. By granting different types of authorization, the
database administrator can regulate which parts of the database various users can access. The
authorization information is kept in a special system structure that the database system consults
whenever someone attempts to access the data in the system.
Routine maintenance. Examples of the database administrator’s routine maintenance activities
are:
Periodically backing up the database, either onto tapes or onto remote servers, to prevent loss of
data in case of disasters such as flooding.
Ensuring that enough free disk space is available for normal operations, and upgrading disk space
as required.
Monitoring jobs running on the database and ensuring that performance is not degraded by very
expensive tasks submitted by some users.
They are responsible to look after its usage and by whom it should be used.
They create access profiles for users and apply limitations to maintain isolation and force security.
Administrators also look after DBMS resources like system license, required tools, and other
software and hardware related maintenance.
– Schema definition
– Storage structure and access method definition
– Schema and physical organization modification
– Granting user authority to access the database
– Specifying integrity constraints

Database Management Study Pack8 by Prince Asade Mojeed Adeniyi

– Acting as liaison with users
– Monitoring performance and responding to changes in
requirements
Advantages and Disadvantages of a DBMS
Using a DBMS to manage data has many advantages:
Data independence: Application programs should be as independent as possible from details of
data representation and storage. The DBMS can provide an abstract view of the data to insulate
application code from such details.
Efficient data access: A DBMS utilizes a variety of sophisticated techniques to store and retrieve
data efficiently. This feature is especially important if the data is stored on external storage
devices.
Data integrity and security: If data is always accessed through the DBMS, the DBMS can
enforce integrity constraints on the data. For example, before inserting salary information for an
employee, the DBMS can check that the department budget is not exceeded. Also, the DBMS can
enforce access controls that govern what data is visible to different classes of users.
Data administration: When several users share the data, centralizing the administration of data
can offer significant improvements. Experienced professionals who understand the nature of the
data being managed, and how different groups of users use it, can be responsible for organizing
the data representation to minimize redundancy and fine-tuning the storage of the data to make
retrieval efficient.
Concurrent access and crash recovery: A DBMS schedules concurrent accesses to the data in
such a manner that users can think of the data as being accessed by only one user at a time.
Furthermore, the DBMS protects users from the effects of system failures.
Reduced application development time: Clearly, the DBMS supports many important functions
that are common to many applications accessing data stored in the DBMS. This, in conjunction
with the high-level interface to the data, facilitates quick development of applications. Such
applications are also likely to be more robust than applications developed from scratch because
many important tasks are handled by the DBMS instead of being implemented by the application.
Given all these advantages, is there ever a reason not to use a DBMS? A DBMS is a complex
piece of software, optimized for certain kinds of workloads (e.g., answering complex queries or
handling many concurrent requests), and its performance may not be adequate for certain
specialized applications. Examples include applications with tight real-time constraints or
applications with just a few well-designed critical operations for which efficient custom code must
be written. Another reason for not using a DBMS is that an application may need to manipulate
the data in ways not supported by the query language. In such a situation, the abstract view of the
data presented by the DBMS does not match the application's needs, and actually gets in the way.
As an example, relational databases do not support flexible analysis of text data (although vendors
are now extending their products in this direction). If specialized performance or data
manipulation requirements are central to an application, the application may choose not to use a
DBMS, especially if the added benefits of a DBMS (e.g., flexible querying, security, concurrent

Database Management Study Pack9 by Prince Asade Mojeed Adeniyi

access, and crash recovery) are not required. In most situations calling for large-scale data
management, however, DBMSs have become an indispensable tool.
Disadvantages of a DBMS
Danger of a Overkill: For small and simple applications for single users a database system is
often not advisable.
Complexity: A database system creates additional complexity and requirements. The supply and
operation of a database management system with several users and databases is quite costly and
demanding.
Qualified Personnel: The professional operation of a database system requires appropriately
trained staff. Without a qualified database administrator nothing will work for long.
Costs: Through the use of a database system new costs are generated for the system itself but also
for additional hardware and the more complex handling of the system.
Lower Efficiency: A database system is a multi-use software which is often less efficient than
specialized software which is produced and optimized exactly for one problem.
Data Security: Data security is the protection of the database from unauthorized users. Only the
authorized persons are allowed to access the database. Some of the users may be allowed to access
only a part of database i.e., the data that is related to them or related to their department. Mostly,
the DBA or head of a department can access all the data in the database. Some users may be
permitted only to retrieve data, whereas others are allowed to retrieve as well as to update data.
The database access is controlled by the DBA. He creates the accounts of users and gives rights to
access the database. Typically, users or group of users are given usernames protected by
passwords.
Most of the DBMSs provide the security sub-system, which the DBA uses to create accounts of
users and to specify account restrictions. The user enters his/her account number (or username)
and password to access the data from database. For example, if you have an account of e-mail in
the "hotmail.com" (a popular website), then you have to give your correct username and password
to access your account of e-mail. Similarly, when you insert your ATM card into the Auto Teller
Machine (ATM) in a bank, the machine reads your ID number printed on the card and then asks
you to enter your pin code (or password). In this way, you can access your account.

Backup and Recovery Procedures: In a computer file-based system, the user creates the backup
of data regularly to protect the valuable data from damaging due to failures to the computer system
or application program. It is a time-consuming method, if volume of data is large. Most of the
DBMSs provide the 'backup and recovery' sub-systems that automatically create the backup of
data and restore data if required. For example, if the computer system fails in the middle (or end)
of an update operation of the program, the recovery sub-system is responsible for making sure that
the database is restored to the state it was in before the program started executing.

Database Users

Database Management Study Pack10 by Prince Asade Mojeed Adeniyi

There are four different types of database-system users, differentiated by the way they expect to
interact with the system. Different types of user interfaces have been designed for the different
types of users. Users are differentiated by the way they expect to interact with the system.
Naive users are unsophisticated users who interact with the system by invoking one of the
application programs that have been written previously. For example, a bank teller who needs to
transfer ₦5000 from account A to account B invokes a program called transfer. This program asks
the teller for the amount of money to be transferred, the account from which the money is to be
transferred, and the account to which the money is to be transferred.
As another example, consider a user who wishes to find her account balance over the World Wide
Web. Such a user may access a form, where she enters her account number. An application
program at the Web server then retrieves the account balance, using the given account number,
and passes this information back to the user. The typical user interface for naive users is a forms
interface, where the user can fill in appropriate fields of the form. Naive users may also simply
read reports generated from the database.
Application programmers are computer professionals who write application programs.
Application programmers can choose from many tools to develop user interfaces. Rapid
application development (RAD) tools are tools that enable an application programmer to
construct forms and reports without writing a program. There are also special types of
programming languages that combine imperative control structures (for example, for loops, while
loops and if-then-else statements) with statements of the data manipulation language. These
languages, sometimes called fourth-generation languages, often include special features to
facilitate the generation of forms and the display of data on the screen. Most major commercial
database systems include a fourth-generation language.
Sophisticated users interact with the system without writing programs. Instead, they form their
requests in a database query language. They submit each such query to a query processor; whose
function is to break down DML (Data Manipulation Language) statements into instructions that
the storage manager understands. Analysts who submit queries to explore data in the database fall
in this category.
Online analytical processing (OLAP) tools simplify analysts’ tasks by letting them view
summaries of data in different ways. For instance, an analyst can see total sales by region (for
example, North, South, East, and West), or by product, or by a combination of region and product
(that is, total sales of each product in each region). The tools also permit the analyst to select
specific regions, look at data in more detail (for example, sales by city within a region) or look at
the data in less detail (for example, aggregate products together by category).
Another class of tools for analysts is data mining tools, which help them find certain kinds of
patterns in data.
Specialized users are sophisticated users who write specialized database applications that do not
fit into the traditional data-processing framework.
Among these applications are computer-aided design systems, knowledge base and expert
systems, systems that store data with complex data types (for example, graphics data and audio
data), and environment- modeling systems.

Database Management Study Pack11 by Prince Asade Mojeed Adeniyi

 MODULE TWO
Using MS-Access for Database Creation
Think about the details of the way your business works. Does each customer order one type of
item at a time, or do your customers order a range of parts or items from you all at the same time?
Do you have just one supplier for each part you stock? Do you order a range of items from each
supplier or does each supplier just provide you with one type of item? Your design will also be
different if you stock items for manufacturing rather than to sell on. Keep the answers to these
questions in mind as we go into the next step.
Plan
It might sound obvious, but one of the most important points when creating your stock control
database is deciding exactly what you need it to do, and what it is for. Getting the design right is
much easier once you understand the purpose of the database. A well-designed database will be
simpler to maintain, and to adapt later on if your requirements alter.
For example, the simple database we are creating needs to be able to:
• Log orders from customers
• Track stock levels
• Warn when parts need to be re-ordered
Define the tables required
Information in a database is held in tables. By this point you should have some idea of the
information the database needs to hold to achieve your goals. You need to categorize this
information into a set of tables. To start with you don’t even need to do this in Access, just make a
list by hand or in another program.
The tables within our example database are: Parts, Customers, Orders, PartTypes,
PurchaseOrders and Suppliers. To keep things simple, we are going to assume that each
customer orders just one part at a time, and that we order just one part from a supplier at a time. Of
course, this might not be true for you; your customers may order a whole selection of items
together, and you will probably buy a range of items in one go. In this case you’ll need a table that
holds all the parts linked to each order, probably called Order Items.
We’ve made a similar sort of assumption about customers, assuming they are all individual people
or small companies; for large business customers with multiple addresses or phone numbers to
store you would perhaps need a more advanced set of tables to hold all the information
consistently. But all this is a more advanced topic really, so we’ll just show you the simple way
for now using tables with more basic goals.
Set up fields within the tables
Within a table, information is held in “fields”. Basically, a field is the specific piece of information
about the thing the table is responsible for. Typical fields in the Parts table for example might be
PartNumber, PartDescription, Supplier and StockLevel. If you picture a table as a tabular grid,
then the fields would be the column headings, with each row representing an entry in the table, or
record.
Database Management Study Pack12 by Prince Asade Mojeed Adeniyi
All tables should have a unique identifying field called the primary key that cannot be the same for
any two records or ever be empty. So, in our parts table, the PartNumber is unique for each part
and every part has one so we can just use that. But for other tables where this may not be the case,
we can invent ID numbers or codes for internal use in the system to make sure it can uniquely
identify any entry in any table. In Access there is something called an auto-number field that you
can use as the primary key if there is no other obvious choice or preference, which just assigns a
new sequential number to each record in the table.
For each field in the table, you need to pick a data type to show the type of data it will hold, such
as Number, Text, Date/Time or Currency. Within each type you can further specify the exact
nature of the data, such as the number of characters for a Text. You might already use part
numbers within your business, and the format you use is likely to help you decide the data type for
the field Part Number. Your part numbers might be something like ACBD2222, in which case you
might choose to use an 8-character text string.
Now we’re going to imagine that our business deals with large numbers of different parts which
we classify into different types. We have a table called PartTypes, which lists the different types of
Parts. We want to make our Parts table have a field that can link to the PartTypes so that each part
can be assigned a type. The field in the parts table needs to the same as the primary key field (the
thing that identifies the record to the system) in the PartTypes table, which we’ve made a 1-
character code. The Parts table would also be related in a similar way to the Suppliers table, so that
you can find out who supplies a particular part.

Making our design on paper

Think about how you will be using the fields, and make sure you define them in the most logical
way for your purposes. For example, it can make sense to store people’s names as First Name and
Surname separately rather than as one field so that you can easily sort and list names in
alphabetical order (of surname). A tip we find useful is to hold postal addresses as one field,
rather than split them into individual elements of the address such as Address Line 1, Address

Database Management Study Pack13 by Prince Asade Mojeed Adeniyi

Line 2, Town, County and Postcode. This makes it much easier to incorporate addresses into
forms and reports, and it eases data entry because Access is happy to store the multiple lines in
one field.
While thinking what fields you need, you should make sure they all have unique names, unless
two fields actually contain the same information. Only in this case should you give them the same
name, like with PartTypeCode earlier. Something to keep in mind with your names is that if you
want to progress to using SQL queries or Visual Basic for Applications (VBA) code with your
database, you will find life easier if you have no spaces in the table names or field names. So that
is why we’ve been writing PartTypes as one word, rather than having the space.
Another tip to keep in mind is that is it bad practice to give a field a name that is already being
used behind the scenes by Access for something else. These so-called ‘Reserved Words’ include
things like ‘name’, ‘date’, ‘level’ and ‘money’, among many others. You can look up a full list of
Access’s reserved words online to make sure none of your fields use one. This can help avoid
confusion in the database engine between predefined words and your field names, which if left
unchecked can sometimes cause serious errors.
Create your Database in Access
When you call up Miccrosoft Access from your system, it prompts whether to open an existing
database or a blank database. If you do not have any existing database, you pick the option of
Blank database and you follow the on-screen instruction to create the database. The screenshot
below shows the creation of database in MS-Access.

The next thing is that it will take you to the screen where you will create the tables as you can’t
just create a blank database. This is illustrated in the screenshot below.

Database Management Study Pack14 by Prince Asade Mojeed Adeniyi

Create your tables in Access
To create a Parts table and define its fields:
1. In MS Access 2013/2010/2007 click on the Create tab on the Ribbon, then on Table
Design. This opens a new table in design view. Each row in design view represents a field
in the table. (In Access 2003, click on Tables in the list of Objects then click the New
button which opens a dialog box called New Table. Finally select Design View, and click
OK.)
2. Click in first column, top row.
3. Enter the name of the first field (PartNo)
4. Use the Tab key to go to the next column where we define the data type. Click the drop-
down and select Text.
5. Use the Tab key to go to the next column, and enter a description for the new field.
6. As this will be the primary key for the table, click the primary key button on the toolbar.
7. On the General tab, at the bottom of the window, click in the Field Size row, and enter 10
to define a text string with 10 characters.
8. On the General tab, click in the Caption row, and type the label you want for this field on-
screen (e.g. Part Number).
9. Click in the second row to define the next field in the table, and so on.
10. When you have finished adding fields to the table, close it by clicking on the X in the top
right-hand corner. Access will ask you to name the table. Enter “Parts”.

The Parts table of our example stock control database contains the following fields:

PartNo 10-character text Unique part number to define each part

string
PartName 50-character text Name/description of this part
string
PartUnit 20-character text The unit of measure for this part e.g. Kg, Meters, box of 10
string
SupplierRef 6-character text The supplier of this part
string
StockLevel Integer The number of this part in current stock

Database Management Study Pack15 by Prince Asade Mojeed Adeniyi

MinStockLevel Integer The minimum number of this part in stock before you need
to re-order
CostPrice Currency The cost price of this part
SalePrice Currency The sale price of this part
PartType 1-character text The type of part this is
string
PartNotes 255-character Tip: it is often useful to include a Notes field for any other
text string information that you might want to add later.

The Parts table in Design View (Access 2013)

The Parts table in Design View (Access 2003)

Database Management Study Pack16 by Prince Asade Mojeed Adeniyi

The screenshots above show the Parts table from our stock control database in Design view. Using
Design View enables you to define all the fields in your table, specify their Data Types, describe
them and define their format.
Tip – Do complete the Description of the field. When you use the Form Wizard to create forms
for you later, this description will be displayed in the status bar to help users.
Tip – If your field has an abbreviated name, or has no spaces in it, use the Caption area to write its
name in plain English. This caption will then appear on forms produced by the Form Wizard. For
example, if your field is called POQty, enter Quantity in the caption.
The Customers table is as follows:
8-character text string Unique 8-character reference for this
CustomerRef customer based on first 4 letters of
surname (e.g. SMIT0001). This will
make it easy to find individual
customers. This field is the primary
key.
CustomerFirstName 20-character text string The first name of this customer
CustomerSurname 25-character text string The surname of this customer
CustomerAddress 255-character text The address of this customer
string
CustomerTel 15-character text string The telephone number of this
customer

The Customers table above is designed for a business whose customers are predominantly
individuals as assumed earlier. When your customers are mainly larger businesses, and you may
have several contacts at each business, or each business might have several sites, then you will
need a more complex solution.
Once you've got the hang of it, go through the rest of your planned tables setting them up too.
You’ll see your new tables appearing in the object browser on the left as you make them (press
F11 to bring this browser up if you can't see it).
Relationships
Relationships are set up within the database, to show the way in which one table relates to
another. A one-to-many relationship is the most common kind of relationship. In this
relationship, a record in one table can have more than one matching record in a second table, but
each record in the second table can have only one matching record in the first table. For example,
each Part can have only one Part Type, but for each PartType there are likely to be many parts of
that type.
If each part has only one supplier as in our example, then this is another straightforward one-to-
many relationship. If each part can be supplied by several different suppliers, then you will need a
different design.
In our example database, the following relationships between tables are required.
Suppliers - Parts, to specify the supplier of each part.

Database Management Study Pack17 by Prince Asade Mojeed Adeniyi

Parts - PurchaseOrders, showing the part ordered on a purchase order.
Parts - Orders, showing the part ordered by a customer.
Customers - Orders, showing the customer for each order.
PartTypes - Parts, classifying each part into a particular part type.
As an example, we’ll show you how to set up the relationship between the tables Parts and
PartTypes. Before you start doing relationships it is a good idea to write some sample information
into your tables that features entries which are as long as you think you’ll ever use. This will help
out a little with some settings you’ll need to adjust later.
1. Set up the field PartTypeCode in the Part Types table as a single-character text string
defining the part type.
2. Make this field the primary key
3. Open the Parts table in Design view.
4. Add a field PartTypeCode to the Parts table. Make sure it is also a single-character text
string.
5. Now click in the Data Type column of the Part type field to display a down arrow. Click
this to display a drop-down list, and select Lookup Wizard.
6. Select “I want the lookup column to look up the values in a table or query”. Click Next.
7. From the list of tables displayed, select the PartTypes table. Click Next.
8. Click the fields you want included in your lookup column. In this case, we will select both
fields. Click Next.
9. A sort order can be selected if required. Select Description. Click Next.
10. The next step allows you to define the width of the columns in your lookup column and to
specify whether you wish the key column (the column containing the primary field key) to
be displayed. By default, the key column is not displayed, and in our case, we just want to
view the description, so leave the tick in the box. Now set the width of your lookup column
by dragging the edge to the position you require. If you have already entered some data in
the PartTypes table this will be displayed to help you to adjust the column to the width of
the likely contents. Click Next.
11. Now select the label for your lookup column. The suggested label will usually be
correct. Click Finish to complete the Lookup Wizard. You will be asked if you want to
save the table so that relationships can be created. Click Yes.
12. To complete the relationship, select Tools, Relationships, or click the Relationships button
on the toolbar to display the relationships window. You will see the Parts table and the
PartTypes table with a line linking the PartType field in Parts with the PartTypeCode field
in PartTypes.

Database Management Study Pack18 by Prince Asade Mojeed Adeniyi

13. Right mouse over this line, and choose Edit Relationship (or double click on the
line). Tick the Enforce Referential Integrity box. You should always tick this as otherwise
the relationship has little value. For example, if you have defined three different part
types in the Part Types table: E – Electronics, S – Software, H – Hardware, ticking the
Enforce Referential Integrity box will ensure that you will not be able to define a new part
as any part type other than these. Also, if you try to delete a part type from the PartTypes
table, when parts in the Parts table have this part type, the database will warn you.
14. Tick the Cascade Update Related Fields box. This means that you can change the primary
key in the primary table (e.g. the PartTypes table), and it will be automatically updated in
the related table (Parts).
15. The third box is Cascade Delete Related Fields. Ticking this means that if you delete a
record e.g. Software, from the primary table (e.g. PartTypes), then any records in the
related table (Parts) with that part type will be deleted too. Normally you would not want
this to happen – if you had parts of type Software in the Parts table then you would not
want to delete that part type, so leave the box unticked. There will probably be examples in
your database where you do want to tick the Cascade Delete Related Records box. It
normally applies when one table forms supplementary information for another – for
example if you had Orders and OrderItems tables (listing multiple items on an Order), then
you would want to delete all OrderItems if you deleted an entire Order.

Database Management Study Pack19 by Prince Asade Mojeed Adeniyi

 The Relationships Window in Access 2013

The Relationships Window in Access 2013

So now you’ve seen how to set up a relationship, you should now go through the tables setting up
the relationships you had planned in your design. Once you’ve done them all, we can move onto
the final part of our database.
Creating a reorder query
In general queries are used to extract data and information from your database. In our example we
want to know whether we have less than the minimum stock level for any parts, so that we know
when you need to order more. You can extract all sorts of other information with queries though.
You might want to know all the parts supplied by a particular supplier, or how often a particular

Database Management Study Pack20 by Prince Asade Mojeed Adeniyi

customer ordered last year. Often you will extract the information using a query and then use an
Access report to present the data in a clear way, but here we’ll just be doing the query.
So now let’s go through how to set up a query to show which parts are below their minimum stock
level, and tell us the suppliers from whom they should be reordered.
To set up a query to show which parts are below their minimum stock level, and the suppliers
from whom they should be ordered:
1. In the Create tab, click Query Design (Access 2013/2010/2007). Or in Queries click New,
then select Design View and click OK (Access 2003).
2. In the Show Table box, select Parts. Click Add. Select Suppliers. Click Add. Click Close.
3. The Query Design grid is now displayed with the chosen tables above. Fields to be
included in the query are added by dragging them from the table to the grid, or double
clicking on them.
4. The fields we require are PartNo and StockLevel from the Parts table, and SupplierName
and Address from the Suppliers table, so select these.
5. We only want to display parts whose stock level is less than the minimum stock level for
this part. This is done by setting a criterion for this field. Enter <= [MinStockLevel] in the
criteria row of the Stock Level field (column).
6. Click the X in the top right-hand corner of the window to close the query. Access will ask
you if you want to save changes to the query, and will ask you for a name for the query
(e.g. LowStockLevels)
7. Now double click on the query you have just created, to view the parts with low stock
levels.

Database Management Study Pack21 by Prince Asade Mojeed Adeniyi

 The query design grid in Access 2010

The query should be visible in the object browser on the left. Double click on the query to view
the parts with low stock levels once you have some working data in the system.
One more thing about the query: the lines between the tables in the query dataset are called Joins.
Joins are automatically created between tables when there are fields that already have a
relationship between them or between a primary key and another field with the same name.
Usually you would want a join here, but there will be cases where you don’t want to join these
fields for various reasons, so keep in mind that you may need to check all the joins once they are
created.
Join Properties in queries are very important when your query uses more than one table. If the
query does not seem to give you the results you expect, check these by right-clicking on the line
joining the two tables in Design view. Here you can choose whether you only want to see parts
that have a supplier, or all parts with low stock regardless of whether they have a supplier (by
picking “Include all records from ‘Parts’ and only those records from ‘Suppliers’ where the joined
fields are equal.”). You might want to use this option in this example. The 3rd option is the reverse
of this, so show all suppliers even if they don’t supply any low stock parts, which in this case
wouldn’t make any sense, so just ignore that one.
Join Properties in queries are very important when your query uses more than one table. If the
query does not seem to give you the results you expect, check these by right-clicking on the line
joining the two tables in Design view. Here you can choose whether you only want to see parts
that have a supplier, or all parts with low stock regardless of whether they have a supplier (by
picking “Include all records from ‘Parts’ and only those records from ‘Suppliers’ where the joined
fields are equal.”). You might want to use this option in this example. The 3rd option is the reverse
of this, so show all suppliers even if they don’t supply any low stock parts, which in this case
wouldn’t make any sense, so just ignore that one.
So now we have completed the database as per our design. We can enter all the data we need and
it will tell us when to reorder products. Of course, the potential uses of a database are many, so
now we’re going to discuss briefly a few ways you might want to expand on this database to make
it more useful and more user-friendly
Forms in MS Access
In MS Access, you use forms to view, enter and edit data, and to control the database. When you
have set up all the tables and relationships in your database, the Form Wizard is very helpful in

Database Management Study Pack22 by Prince Asade Mojeed Adeniyi

setting up forms based on your tables, for data entry, viewing and editing. You can then make
changes to the form produced by the Form Wizard, adding and editing features as required.
Forms in MS Access can also be used to display buttons and links to provide access to all the other
forms and reports. We always set up a form of this type and call it the Front screen. Setting up a
clear top level form like this makes it easy for people to use the system with no database
knowledge.
Reports in MS Access
MS Access reports allow you to display information to the user in a convenient way which can be
viewed on screen and then printed if required. Normally the information for the report will come
from a query. The Report Wizard will help create simple reports. More detailed reports are
beyond the scope of this article.
Security
You might want to make sure that no one who isn’t trusted can tamper with your data. The
simplest way of protecting the database is to set a password.
1. To set or change the password, the database must be opened for exclusive use. To do this,
open MS Access, use File, Open to select the database. Click the Open box to the right of
the Open button, and select Open Exclusive.
2. Select Tools, Security, Set Database Password (Access 2003). Or select the Database Tools
tab in the Ribbon and click on Set Database Password (Access 2007). Or go to the File
menu, select the Info submenu and click on Set Database Password (Access 2010/2013)
3. Enter the password you require, and re-enter to verify. The password is now set.
When creating a large stock control database, or one that holds sensitive information, you may
require more complex security. For example, you might want to restrict access to some of the
information in the database, or you might want to let some users view the information in the
database, but not to change it. MS Access allows you to define types of user, and apply levels of
security, so that you can specify what actions are available to each type of user. This is beyond
the scope of this class but it is called 'user-level security' if you want to research it more.

Database Management Study Pack23 by Prince Asade Mojeed Adeniyi

 MODULE THREE
DATABASE OPERATIONS & SECURITY

Create, Retrieve, Update and Delete (CRUD)

Definition - What does Create, Retrieve, Update and Delete (CRUD) mean?
Create, retrieve, update and delete (CRUD) refers to the four major functions implemented in database
applications.

The CRUD functions are the user interfaces to databases, as they permit users to create, view, modify and
alter data. CRUD works on entities in databases and manipulates these entities. Any simple database table
enforces CRUD constraints.
For instance, a simple student database table adds (creates) new student details, accesses (reads) existing
student, modifies (updates) existing student data such as subjects, and deletes student details when students
leave the school.

The commands corresponding to these operations in SQL are INSERT, SELECT, UPDATE and DELETE.
INSERT adds new records, SELECT retrieves or selects existing records based on selection conditions,
UPDATE modifies existing records and DELETE removes tables or records.

The most efficient way to accomplish CRUD in SQL is through stored procedures, which are automated
and controlled by the person managing the procedure generation process. The individual SQL commands
INSERT, SELECT, UPDATE and DELETE can be executed by a single statement that calls the stored
procedure.

Queries
A query is a derived item in the database meant to answer specific questions that relate to the
information in the database. Queries are handy during data processing.
To find and retrieve just the data that meets conditions that you specify, including data from
multiple tables, create a query. A query can also update or delete multiple records at the same
time, and perform predefined or custom calculations on your data.
A query requests data from the database. At its simplest, a query merely fetches all data from a
single table. But as you create more complex (and more typical) queries, you can assemble exactly
the data you want (i.e. unique sets of data that you require at any given time).
Queries can also be used to execute mathematical and logical functions to obtain certain
information in the database.
Queries are derived from and linked to tables or other queries. (Due to these linkages, they
tend to largely inflate the size of the database and should thus only be used to execute the intended
functions, and stored only if updated information is to be retrieved)
There are various types of queries for different uses:

Database Management Study Pack24 by Prince Asade Mojeed Adeniyi

o Select queries- used for extracting specific information from a large multi-information table.
They can also be helpful in merging related information from different tables.
o Make-Table queries- used for making sub tables from the main table(s) and queries.
o Update queries- important in adding information in the fields of a Table.
o Append queries- used to copy records from one table/ query to another.
o Delete query- to PERMANENTLY remove unwanted content from the table.
NOTE:
delete query should not be used unless one surely will not require the information to be deleted.
To run a simple, Select query: In the Database window, click Queries under Objects. Click the
query you want to open. Click Open on the Database window toolbar.

DATABASE SECURITY
In this section, we will discuss about database security. What do you think about security in general? Do
you feel safe at home or on the road? What about database security. Do you think that database security is
important? What is the value of the data? What if your personal data or your financial data is being stolen?
Do you think that harm could come to you? I am sure that some of you have watched spy movies where
computer hackers hack the computer system to access the confidential data and what they could do with it.
These are some of the questions that you might need to think and consider.

Well, now let us focus on our Topic. Database security involves protecting a database from unauthorized
access, malicious destruction and even any accidental loss or misuse. Due to the high value of data
incorporate databases, there is strong motivation for unauthorized users to gain access to it, for instance,
competitors or dissatisfied employees. The competitors may have strong motivation to access confidential
information about product development plans, cost-saving initiatives and customer profiles. Some may
want to access information regarding unannounced financial results, business transactions and even
customer’s credit card numbers. They may not only steal the valuable information, in fact, if they have
access to the database, they may even destroy it and great havoc may occur (Mannino 2001). Furthermore,
the database environment has grown more complex where access to data has become more open through
the Internet and mobile computing. Thus, you can imagine the importance of having database security.
Security is a broad subject and involves many issues like legal and ethical issues. And of course, there are
a few approaches that can be applied in order to maintain the database security. But, before talking about
the ways to protect our database, let us first discuss about the various threats to a database in more detail in
the next section.
If your company collects any data about customers, suppliers, or the wider community, then it will have
some sort of database where this is stored. Sometimes this data can be sensitive and private, and can be
subject to strict privacy agreements. For example, your customers may provide you with an email address,
postal address, and phone number when they purchase something from you. You will most likely store this
information somewhere. However, if other people manage to get their hands on it or if hackers gain access,
you could be subject to strict legal action from the people whose privacy has been compromised.

What is database security?

Database Management Study Pack25 by Prince Asade Mojeed Adeniyi

Basically, database security is any form of security used to protect databases and the information
they contain from compromise. It could be made up of all or any of the following:
• Software – software is used to ensure that people can’t gain access to the database through
viruses, hacking, or any similar process.
• Physical controls – an example of a physical component of database security could be the
constant monitoring of the database by company personnel to allow them to identify any
potential weaknesses and/or compromises.
• Administrative controls – this refers to things like the use of passwords, restricting the
access of certain people to certain parts of the database, or blocking the access of some
company personnel altogether.

Why is database security important?

Database security is more than just important: it is an absolutely essential part of any company. It
prevents the compromise or loss of data contained in the database, an event which could have
serious ramifications for any company. Some of the functions of database security include:
• Blocking attacks from unauthorized users or hackers. This prevents the loss of sensitive
information.
• Preventing malware infections and stopping viruses stealing data.
• Ensuring that physical damage to the server doesn’t result in the loss of data.
• Prevents data loss through corruption of files or programming errors.
Basically, database security protects any sensitive information that your company may have stored
in databases. It reduces the risk of this information being stolen, and protects you from the
associated legal problems that would occur if it was to be stolen.
System survivability
The capability to fulfill its mission, in a timely manner, in the presence of attacks, failures and
accidents
Key properties
Resistance to attacks
Recognition of attacks and resulting damages
Recovery of essential services after an attack
Adaptation of system defense mechanisms to mitigate future attacks
Strategies for survivability
➢ Resistance to attack
❖ Strategies for repelling attacks
• Authentication

Database Management Study Pack26 by Prince Asade Mojeed Adeniyi

 • Access controls
• Encryption
• Message filtering
• System diversification
• Functional isolation
➢ Recognition of attacks and damages
❖ Strategies for detecting attacks and evaluating damages
• Intrusion detection
• Integrity checking
➢ Recovery of essential and full services after an attack
❖ Strategies for limiting damages and restoring compromised information or functionality,
maintaining or restoring essential services within mission time constraints, restoring full
services
• Redundant components
• Data replication
• System back up and restoration
• Contingency planning
➢ Adaptation and evolution to reduce effectiveness of future attacks
❖ Strategies for improving system survivability based on knowledge gained from intrusions
• Intrusion recognition patterns
THREATS TO A DATABASE
A threat is any situation or event, either intentional or unintentional that may affect a system and
organisation. Whether the threat is intentional or unintentional, the impact may be the same. The
threats may be caused by a situation or event that involves a person, action or circumstance that is
likely to produce harm to someone or to an organization. The harm may be tangible like loss of
hardware, software or data. The harm may also be intangible like loss of credibility or client
confidence and trust.
Threats to data security may be a direct and intentional threat to the database. For instance, those
who gain unauthorized access to a database like computer hackers may steal or change the data in
the database. And they would have to have special knowledge in order to do so. Table 8.1
illustrates some examples of threats (Connolly and Begg 2005).
However, focusing on database security alone will not ensure a secure database. This is because
all parts of the systems must be secure. This includes the buildings in which the database is stored
physically, the network, the operating system, and the personnel who have authorized access to the
system (Hoffer et. al. 2007).
Some examples of threats are listed below;
1 Using another person’s means of access
2 Unauthorized alteration or copy of data
3 Program alterations
4 Wire tapping
5 Illegal entry by hacker
6 Creating a trapdoor into system

Database Management Study Pack27 by Prince Asade Mojeed Adeniyi

7 Theft of data, program and equipment
8 Viewing and disclosing unauthorized data
9 Data corruption owing to power loss or surge
10 Fire, flood, bomb
11 Physical damage to equipment
12 Breaking or disconnection of cables

Summary of potential threats to computer systems (Connolly and Begg 2005).

Computer-based Controls
I hope that by now you have understood the various types of threats that may attack the database.
And now, it is time to discuss the various ways how we can secure our system. The types of
computer-based controls to threats on computer systems range from physical controls to
administrative policies and procedures
Authorization
“Authorization is the granting of a right or privilege that enables a subject to have legitimate
access to a system or a system’s object” (Connolly and Begg 2005). The process of authorization
involves authentication of the subject or a person requesting access to objects or systems.
“Authentication is a mechanism that determines whether a user is who he or she claims to be”
Database Management Study Pack28 by Prince Asade Mojeed Adeniyi
(Connolly and Begg 2005). Usually, a user or subject can gain access to or a system through
individual user accounts where each user is given a unique identifier, which is used by the
operating system to determine that they have the authorization to do so. The process of creating
the user accounts is usually the responsibility of a system administrator. Associated with each
unique user account is a password, chosen by the user and known to the operating system. A
separate but similar process would be applied to give the authorized user to access a DBMS. This
authorization is the responsibility of a Database Administrator. In this case, an authorized user to a
system may not necessarily have access to a DBMS or any associated application programs
(Connolly and Begg, 2005).
Authorization rules are controls integrated in the data management system that controls the access
to the data and the actions that client or personnel may take when they access the data. Table
below illustrates an example of authorization rule represented as a table. By referring to Table
below, we can see that personnel whose password is “SUMMER” can only read the data while the
personnel with the password “SPRING” can perform read, insert and modify the data. But, notice
that the authorization table that consists of the authorization rules contain highly sensitive data,
they themselves should be protected by stringent security rules.
Usually, one selected person in data administration has the authority to access and modify the
table (Hoffer et.al. 2007).

Access controls
Usually, access controls to a database system is based on the granting and revoking of privileges. A
privilege allows a user to create or access (that is read, write or modify) a database object or to execute a
DBMS utility. The DBMS keeps track of how these privileges are granted to users and possibly revoked,
and ensures that at all times only users with necessary privileges can access an object.
Most commercial DBMS provide an approach to manage privileges that uses SQL Discretionary Access
Control (DAC). The SQL standard support DAC through the GRANT and REVOKE commands. The
GRANT command gives privileges to users while the REVOKE command takes away privileges (Connolly
and Begg 2005).
Views
“A view is the dynamic result of one or more relational operations operating on the base relations to
produce another relation. It is a virtual relation that does not actually exist in the database, but is produced
upon request by a particular user at the end of request‰ (Connolly and Begg 2005). In other words, a view
is created by querying one or more of the base tables, producing a dynamic result table for the user at the
time of the request” (Hoffer et. Al. 2007). The user may be allowed to access the view but not the base
tables which the view is based. The view mechanism hides some parts of the database from certain users
and the user is not aware of the existence of any attributes or rows that are missing from the view. Thus, a
user is allowed to see what they need to see only. Several users may share the same view but only restricted
ones may be given the authority to update the data.
Encryption

Database Management Study Pack29 by Prince Asade Mojeed Adeniyi

“Encryption is the process of encoding of the data using a special algorithm that renders the data
unreadable by any program without the decryption key” (Connolly and Begg 2005). Data encryption can be
used to protect highly sensitive data like customer credit card numbers or user password. Some DBMS
products include encryption routines that would automatically encode the sensitive data when they are
stored or transmitted over communication channels.
For instance, encryption is usually used in electronic funds transfer systems. So, for example, if the original
data or plain text is RM5000 may be encrypted using a special encryption algorithm would be changed to
something like “ XTezzz”.
Any system that provides encryption facility must also provide the decryption facility to decode the data
that has been encrypted. The encrypted data is called cipher text. These decoding schemes must also be
protected otherwise the advantages of encryption are lost. They also usually require significant computing
resources.
There exists two common forms or encryption that are one-key and two-key.
With one-key approach, also known as Data Encryption Standard (DES), both the sender and the receiver
need to know the key that is used to scramble the transmitted or stored data. A two-key approach, also
known as asymmetric encryption, employs a private and a public key. This approach is popular in e-
commerce applications for transmission security and database storage of payment data such as credit card
numbers (Hoffer et.al. 2007).
Firewalls
“A firewall is a system designed to prevent unauthorized access to or from a private network” (Connolly
and Begg 2005). Firewalls could be implemented in hardware, software or a combination of both. All
messages or requests entering or leaving the internet pass through the firewall and it would examine the
messages and requests and would block those that do not meet the specified security characteristics.
➢ Typical tasks
▪ Log activities that access the Internet
▪ Maintain access control based on sender / receiver's IP address / services requested
▪ Hide the internal network from unauthorized users
▪ Verify that virus protection is installed and enforced
▪ Perform authentication based on the source of request from the Internet
Digital Signatures
A digital signature could be used to verify that the data comes from the authorized sender. It consists of two
pieces of information, that are, a string of bits that is computed from the data that is being signed using
signature algorithms and the private key or password of the individual wishing the signature (Connolly and
Begg 2005).
Digital Certificates
A digital certificate is an attachment to an electronic message used to verify that a user sending a message
is who he or she claims to be. It also provides the receiver with the ways to decode a reply. A digital
certificate could be applied from a Certificate Authority (CA). The CA issues an encrypted digital
certificate that consists of the applicant’s public key and various other identification of information. The
receiver of an encrypted message uses the CAÊs public key to decode the digital certificate attached to the
message (Connolly and Begg 2005).

Database Management Study Pack30 by Prince Asade Mojeed Adeniyi

Database Management Study Pack31 by Prince Asade Mojeed Adeniyi