LEARNING GUIDE # 09

Module Title: -Monitor and Administer Database

LO

At the end of the module the learner will be able to:

1. Start up a database
2. Manage database
3. Manage database access

Monitoring and Administering Database

Planning to Install SQL Server

To install SQL Server, follow these steps:

 Review installation requirements, system configuration checks, and security considerations for a SQL Server installation.
 Run SQL Server Setup to install or upgrade to a later version.
 Use SQL Server utilities to configure SQL Server.

Regardless of the installation method, you are required to confirm acceptance of the software license terms as an individual or on behalf of an entity, unless
your use of the software is governed by a separate agreement such as a Microsoft volume licensing agreement or a third-party agreement with an ISV or
OEM.

The license terms are displayed for review and acceptance in the Setup user interface. Unattended installations (using the /Q or /QS parameters) must include
the /I Accept SQL Server License Terms parameter. You can review the license terms separately at Microsoft Software License Terms.

Database Monitoring

What is Database Monitoring?

Database monitoring allows database administrators to track potential database performance problems. At a minimum, database monitoring should track
the server on which the database resides to ensure that the server is up and running. Database monitoring further entails tracking the performance of the
particular database on a server and measuring its availability and responsiveness over time, including under peak demand conditions.

Why do I need to monitor my database?

Know that everything is running appropriately and save yourself embarrassing calls from customers or angry clients telling you that critical services are
unavailable. They expect you to know that things are in good working order; now, you can reassure them that you do

Tools for monitoring database

What are Database Monitoring Tools?

Database Monitoring Tools ensure that a database is reachable and responding properly at all times, providing alerts through email, SMS, and RSS
when response times fall outside of acceptable levels. Database monitoring tools help identify potential data integrity issues, protecting valuable data
from corruption that can result from mechanical failures such as a disk error. Database monitoring tools identify potential causes of database
downtime, tracking errors as they occur.

Database tuning

Performance Monitoring and Tuning

Database Performance Monitoring

What is Database Performance Management?

Prepared By: Aliyan A(2016)

 Database performance management tools help DBAs maintain databases in optimal condition. Database performance management requires a DBA to
look at a variety of data points, such as the number of users connected to the databases at any single point in time, in order to analyze usage
trends. With comprehensive information from database performance management software, DBAs can take action before serious database outages or
slowdowns occur.

Ensuring consistent service levels across multiple database platform environments isn't easy when you’re using a diverse set of native or third-party tools.
In addition, these database monitoring tools ensure deep and complete integration across database platforms to help you improve service levels and reduce
costs.

 Experience consistent coverage across diverse platforms including Oracle, SQL Server, DB2 and Sybase
 Improve triage across teams with one global view
 View both resource and transaction monitoring perspectives for a more complete picture
 Reduce licensing and training costs with one complete monitor from a single vendor
 Extend database monitoring capabilities as your needs grow, including monitoring for applications, networks and end users

Database tuning

Database tuning describes a group of activities used to optimize and homogenize the performance of a database . It usually overlaps with query tuning,
but refers to design of the database files, selection of the database management system (DBMS), operating system and CPU the DBMS runs on.

The goal is to maximize use of system resources to perform work as efficiently and rapidly as possible. Most systems are designed to manage work
efficiently, but it is possible to greatly improve performance by customizing settings and the configuration for the database and the DBMS being tuned.

I/O tuning

Hardware and software configuration of disk subsystems are examined: RAID levels and configuration, block and stripe size allocation, and the configuration
of disks, controller cards, storage cabinets, and external storage systems such as SANs. Transaction logs and temporary spaces are heavy consumers of I/O,
and affect performance for all users of the database. Placing them appropriately is crucial.

Frequently joined tables and indexes are placed so that as they are requested from file storage, they can be retrieved in parallel from separate disks
simultaneously. Frequently accessed tables and indexes are placed on separate disks to balance I/O and prevent read queuing.

DBMS tuning

DBMS tuning refers to tuning of the DBMS and the configuration of the memory and processing resources of the computer running the DBMS . This
is typically done through configuring the DBMS, but the resources involved are shared with the host system.

Tuning the DBMS can involve setting the recovery interval (time needed to restore the state of data to a particular point in time), assigning parallelism (the
breaking up of work from a single query into tasks assigned to different processing resources), and network protocols used to communicate with database
consumers.

Memory is allocated for data, execution plans, procedure cache, and work space. It is much faster to access data in memory than data on storage, so
maintaining a sizable cache of data makes activities perform faster. The same consideration is given to work space. Caching execution plans and procedures
means that they are reused instead of recompiled when needed. It is important to take as much memory as possible, while leaving enough for other processes
and the OS to use without excessive paging of memory to storage.

Processing resources are sometimes assigned to specific activities to improve concurrency. On a server with eight processors, six could be reserved for the
DBMS to maximize available processing resources for the database.

Database maintenance

Database maintenance includes backups, column statistics updates, and defragmentation of data inside the database files.

On a heavily used database, the transaction log grows rapidly. Transaction log entries must be removed from the log to make room for future entries.
Frequent transaction log backups are smaller, so they interrupt database activity for shorter periods of time.

DBMS use statistic histograms to find data in a range against a table or index. Statistics updates should be scheduled frequently and sample as much of the
underlying data as possible. Accurate and updated statistics allow query engines to make good decisions about execution plans, as well as efficiently locate
data.

Defragmentation of table and index data increases efficiency in accessing data. The amount of fragmentation depends on the nature of the data, how it is
changed over time, and the amount of free space in database pages to accept inserts of data without creating additional pages.

SQL Server 2008 Editions

SQL Server 2008 comes in many different editions. The edition you choose will depend on your requirements. If you are looking for a free database
management system, you will need to choose one of the Express editions or the Compact edition.

The Editions

Here are the different editions available for SQL Server 2008.

 Enterprise Edition

Data management and business intelligence platform providing enterprise class scalability, high availability, and security for running business-critical
applications

 Standard Edition

Data management and business intelligence platform providing ease of use and manageability for running departmental applications

 Workgroup Edition

Data management and reporting platform providing secure, remote synchronization, and management capabilities for running branch applications

 DeveloperEdition

May be installed and used by one user to design, develop, test, and demonstrate your programs on as many systems as needed

 WebEdition

A low-TCO, scalable and manageable database option for web hosters and end customers looking to deploy publicly facing web applications and services

 Express Edition

A free edition of SQL Server ideal for learning and building desktop and small server applications and for redistribution by ISVs

 Compact Edition

A free, SQL Server embedded database ideal for building stand-alone and occasionally connected applications for mobile devices, desktops, and web clients

 Evaluation Edition

This edition may be installed for demonstration and evaluation purposes until an expiration period of 180 days.

SQL Server installation methods

There are three SQL Server Installation methods:

1. Local/Standard Installation
2. Unattended Installation
3. Remote Installation
1. Local/Standard Installation

Before you begin installing SQL Server you must first log onto that machine with an account that belongs to the local administrators group.

When performing a standard installation you have three type of install to choose from, these are minimum, typical and custom. SQL Server selects the
typical installation as a default if you want to amend your installation, add or remove component etc. then you will need to perform a custom installation.

Types of Installation:

The minimum installation option installs the following components:

 Database Server
 Replication Support
 Client Connectivity
 Collation Settings

As part of the typical installation the following components are installed:

 Database Server
 Upgrade Tools
 Replication Support
  Full-Test Search
 Client Management Tools
 Client Connectivity
 SQL Server Books Online
 Development tools (debugger only)
 Collation Settings

When using a custom install you can choose what components to install you can choose from:

 Database Server
 Upgrade Tools
 Replication Support
 Full-Test Search
 Client Management Tools
 SQL Server Books Online
 Development tools (choice)
 Collation Settings
 Code Samples (choice)
 Client Connectivity – Not an Option
2. Unattended Installation

Microsoft defines an unattended installation as “installs several SQL Servers with identical configurations without using the interactive SQL Server setup.”
This type of install executes a command file that makes a call to a setup file. The command file is able to determine the platform of the Server and runs the
appropriate version of SQL Server setup; it specifies the setup parameters and calls a setup.ini file that specifies all the options a user may have chosen
during and interactive setup.

3. Remote Installation

The SQL Server installation methods process allows you to install SQL Server on a remote computer.

How a Remote Installation is performed

Microsoft describes the remote installation process as follows:

 SQL Server saves the information that you specify in the series of SQL Server dialog boxes to a setup file.
 SQL Server then starts remote setup process, which does the following:
o Starts a remote service
o Copies the files to the Admin$ folder
o Then runs an unattended installation on the remote computer by using the options specified in the setup file

Remote Installation Requirements

In order to install SQL Server on a remote computer a user account must be specied that under which SQL Server Setup starts the setup process on the remote
computer. This account must have the following attributes:

 Have administrative rights on the remote computer

 Have read access to the setup source files folder.

Conclusion

In conclusion there are several options available to you when installing SQL Server on your machine, this article has discussed all the options available to
you with regards to various SQL Server installation methods. I would think that in 99 out 100 installs you would use the standard install, although in some
cases, perhaps when installing SQL Server on a cluster some of the other options will be useful.

Configuring SQL Server Enterprise Manager

After you have installed SQL Server, you can further configure SQL Server by using graphical and command-prompt utilities. The following table describes
support for tools that are used to manage an instance of SQL Server:

Install, upgrade to, or change components in an instance of SQL Server.

Tool or utility Description

SQL Server Management Studio SQL Server Management Studio is used to edit and execute queries, and to start standard
wizard tasks.
SQL Server Profiler SQL Server Profiler provides a graphical user interface to monitor an instance of the SQL
Server Database Engine or an instance of Analysis Services.
 Database Engine Tuning Advisor The Database Engine Tuning Advisor helps you to create optimal sets of indexes, indexed
views, and partitions.
Business Intelligence Business Intelligence Development Studio is an integrated development environment for
Development Studio Analysis Services and Integration Services solutions.
Command Prompt Utilities You can manage SQL Server objects from the command prompt. For more information, see
Command Prompt Utilities.
SQL Server Configuration You can manage server and client network configuration settings
Manager
Import and Export Data Integration Services provides graphical tools and programmable objects to move, copy, and
transform data.
SQL Server Setup Install, upgrade to, or change components in an instance of SQL Server.
Configure Server Startup Options (SQL Server Configuration Manager)

This topic describes how to configure startup options that will be used every time the Database Engine starts in SQL Server 2012 by using SQL Server
Configuration Manager. For a list of startup options, see Database Engine Service Startup Options.

Before You Begin

Limitations and Restrictions

SQL Server Configuration Manager writes startup parameters to the registry. They take effect upon the next startup of the Database Engine.

On a cluster, changes must be made on the active server when SQL Server is online, and will take effect when the Database Engine is restarted. The registry
update of the startup options on the other node will occur upon the next failover.

Security

Permissions

Configuring server startup options is restricted to users who can change the related entries in the registry. This includes the following users.

 Members of the local administrators group.

 The domain account that is used by SQL Server, if the Database Engine is configured to run under a domain account.

Using SQL Server Configuration Manager

To configure startup options

 In SQL Server Configuration Manager, click SQL Server Services.

 In the right pane, right-click SQL Server (<instance_name>), and then click Properties.
 On the Startup Parameters tab, in the Specify a startup parameter box, type the parameter, and then click Add.
 For example, to start in single-user mode, type -m in the Specify a startup parameter box and then click Add. (When you restart SQL Server in
single-user mode, stop the SQL Server Agent. Otherwise, SQL Server Agent might connect first and prevent you from connecting as a second
user.)
 Click OK.
 Restart the Database Engine.

Database Engine Service Startup Options

Startup options designate certain file locations needed during startup, and specify some server wide conditions. Most users do not need to specify startup
options unless you are troubleshooting the Database Engine or you have an unusual problem and are directed to use a startup option by SQL Server Customer
Support. Caution

Improper use of startup options can affect server performance and can prevent SQL Server from starting.

About Startup Options

When you install SQL Server, Setup writes a set of default startup options in the Microsoft Windows registry. You can use these startup options to specify an
alternate master database file, master database log file, or error log file. If the Database Engine cannot locate the necessary files, SQL Server will not start.

Startup options can be set by using SQL Server Configuration Manager. For information, see Configure Server Startup Options (SQL Server Configuration
Manager).

Using Startup Options during Normal Operations

You may want to use some startup options every time you start SQL Server. These options, such as –g or starting with a trace flag, are most easily done by
configuring the startup parameters by using SQL Server Configuration Manager. These tool saves the startup options as registry keys, enabling SQL Server
to always start with the startup options.
Compatibility Support

The -h parameter is not supported in SQL Server 2012. This parameter was used in earlier versions of 32-bit instances of SQL Server to reserve virtual
memory address space for Hot Add memory metadata when AWE is enabled. For more information, see Discontinued SQL Server Features in SQL Server
2012.

It’s not uncommon to experience the occasional slowdown of a database running the Microsoft SQL Server database software. The reasons can range from a
poorly designed database to a system that is improperly configured for the workload. As an administrator, you want to proactively prevent or minimize
problems; if they occur, you want to diagnose the cause and take corrective actions to fix the problem whenever possible. This white paper provides step-by-
step guidelines for diagnosing and troubleshooting common performance problems by using publicly available tools such as:

Troubleshooting Performance Problems in SQL Server 2008

It’s not uncommon to experience the occasional slowdown of a database running the Microsoft SQL Server database software. The reasons can range from a
poorly designed database to a system that is improperly configured for the workload. As an administrator, you want to proactively prevent or minimize
problems; if they occur, you want to diagnose the cause and take corrective actions to fix the problem whenever possible. This white paper provides step-by-
step guidelines for diagnosing and troubleshooting common performance problems by using publicly available tools such as:

 SQL Server Profiler

 System Monitor (in the Windows Server 2003 operating system) or Performance Monitor (in the Windows Vista operating system and Windows
Server 2008), also known as Perfmon
 Dynamic management views (sometimes referred to as DMVs)
 SQL Server Extended Events (Extended Events) and the data collector, which are new in SQL Server 2008.

We have limited the scope of this white paper to the problems commonly seen by Microsoft Customer Service and Support (CSS), because an exhaustive
analysis of all possible problems is not feasible.

System and Database Administrator Programs

A database administrator

A database administrator (short form DBA) is a person responsible for the installation, configuration, upgrade, administration, monitoring and maintenance
of databases in an organization.

The role includes the development and design of database strategies, system monitoring and improving database performance and capacity, and planning for
future expansion requirements. They may also plan, co-ordinate and implement security measures to safeguard the database.

Skills

List of skills required to become database administrators are:

 Communication skills
 Knowledge of database theory
 Knowledge of database design
 Knowledge about the RDBMS itself, e.g. Oracle Database, IBM DB2, Microsoft SQL Server, Adaptive Server Enterprise, MaxDB, PostgreSQL
 Knowledge of Structured Query Language (SQL) and procedural extension language, e.g. PL/SQL, SQL/PSM, Transact-SQL
 General understanding of distributed computing architectures, e.g. Client/Server, Internet/Intranet, Enterprise
 General understanding of the underlying operating system, e.g. Windows, Unix, Linux
 General understanding of storage technologies, memory management, disk arrays, NAS/SAN, networking

Database-server Utility

The database-server utility is used to manage database server entries in Plesk through CLI. By using this utility, you can perform the following tasks:

 Creating database server entries in Plesk

 Setting and editing database server connection parameters in the entries

Syntax

database-server<command> [

<option_1> [<param>]
 [<option_2> [<param>]]

…[<option_N> [<param>]]

Database Server Monitoring

Database server monitoring focuses on the servers that underlie database applications. Database server monitoring tools gather and report data on the server's
CPU load, memory usage, and disk usage, presenting the data in dashboard views so that administrators can quickly see potential problem areas. Database
server monitoring solutions can notify administrators when problems are about to arise so that they can be proactive in addressing the problems.

Database access management

Managing Database User Accounts

When you work with a database in Panel, the latter accesses the database on behalf of a user account associated with it. Therefore, every database should
have at least one associated user account; otherwise, you will be unable to access it.

Any database user can be set as default for a certain database. Panel will always access the database using this default user even if there are other users
associated with it. If a database has several associated user accounts, none of which are default, the first account from the list will be used.

Types of Database Users

There are two types of database user accounts in Panel:

 User accounts which have access to only one particular database.

If you collaborate with other people on managing a website and wish to give them access to the database, you should create separate user accounts for them.
Each of these accounts is used to access only one database. In this case, you first create a database and then user accounts.

 Universal user accounts which have access to all databases.

Universal users have access not only to all existing databases, but to all newly created databases as well.

If you plan to install a number of web apps on your site, it may be convenient to create one universal user account, so that all the apps can access their
databases using this account. In this case, you first create a user account and then specify it when installing apps.

Operations with Database Users

You can create, update or remove a database user by going to Websites & Domains > Databases, and selecting the Users tab of the required subscription.

When creating a database user, you will be prompted to provide the user credentials for accessing the database and the name of the database which the
specified user will access. A universal database user can be created by selecting Any for a Database name.

Managing Users and Security

Users access Oracle Database Express Edition through database user accounts. Some of these accounts are automatically created administrative accounts—
accounts with database administration privileges. You log in to these administrative accounts to create and manage other user accounts, maintain database
security, and perform other database administration tasks.

About User Accounts

A user account is identified by a user name and defines the user's attributes, including the following:

 Password for database authentication

 Privileges and roles
 Default tablespace for database objects
 Default temporary tablespace for query processing work space

When you create a user, you are also implicitly creating a schema for that user. A schema is a logical container for the database objects (such as tables, views,
triggers, and so on) that the user creates. The schema name is the same as the user name, and can be used to unambiguously refer to objects owned by the
user. For example, HR.EMPLOYEES refers to the table named EMPLOYEES in the HR schema. (The EMPLOYEES table is owned by HR.) The terms
database object and schema object are used interchangeably.
When you drop (delete) a user, you must either first drop all the user's schema objects, or use the cascade feature of the drop operation, which simultaneously
drops a user and all of his schema objects.

User Privileges and Roles

When creating a user, you grant privileges to enable the user to connect to the database, to run queries and make updates, and to create schema objects. There
are two main types of user privileges:

System privileges—A system privilege is the right to perform a particular action, or to perform an action on any schema objects of a particular type. For
example, the privileges to create tables and to delete the rows of any table in a database are system privileges.

Object privileges—An object privilege is a right to perform a particular action on a specific schema object. Different object privileges are available for
different types of schema objects. The privilege to delete rows from the DEPARTMENTS table is an example of an object privilege.

Managing and controlling privileges is made easier by using roles, which are named groups of related privileges. You create roles, grant system and object
privileges to the roles, and then grant roles to users. Unlike schema objects, roles are not contained in any schema.

Table 1-1 lists three roles that are predefined in Oracle Database XE. You can grant these roles when you create a user with the Oracle Database XE
graphical user interface.

Role Name Description

CONNECT Enables a user to connect to the database. Grant this role to any user or application that needs
database access.
RESOURCE Enables a user to create certain types of schema objects in his own schema. Grant this role only to
developers and to other users that must create schema objects. This role grants a subset of the create
object system privileges. For example, it grants the CREATE TABLE system privilege, but does not
grant the CREATE VIEW system privilege. It grants only the following privileges: CREATE
CLUSTER, CREATE INDEXTYPE, CREATE OPERATOR, CREATE PROCEDURE, CREATE
SEQUENCE, CREATE TABLE, CREATE TRIGGER, CREATE TYPE
DBA Enables a user to perform most administrative functions, including creating users and granting
privileges; creating and granting roles; creating and dropping schema objects in other users' schemas;
and more. It grants all system privileges, but does not include the privileges to start up or shut down
the database. It is by default granted to user SYSTEM.

Internal User Accounts

Certain user accounts are created automatically for database administration. Examples are SYS and SYSTEM. Other accounts are automatically created just
so that individual Oracle Database XE features or products can have their own schemas. An example is the CTXSYS account, which is used by the Oracle
Text product. Oracle Text is used to index the Oracle Database XE online Help. The Help index is stored in the CTXSYS schema in the database.

These automatically created accounts are called internal user accounts, and their schemas are called internal schemas.

The only internal accounts that you may log in with are the SYS and SYSTEM accounts, although it is recommended that you avoid logging in with the SYS
account. Do not attempt to log in with other internal accounts.

About Administrative Accounts and Privileges

Administrative accounts and privileges enable you to perform administrative functions like managing users, managing database memory, and starting up and
shutting down the database.

The SYS and SYSTEM Users

The following administrative user accounts are automatically created when you install Oracle Database Express Edition (Oracle Database XE). They are both
created with the password that you supplied upon installation (Windows operating systems) or configuration (Linux operating systems).

 SYSTEM

This is the user account that you log in with to perform all administrative functions other than starting up and shutting down the database.

 SYS

All base tables and views for the database data dictionary are stored in the SYS schema. These base tables and views are critical for the operation of Oracle
Database XE. To maintain the integrity of the data dictionary, tables in the SYS schema are manipulated only by the database. They should never be
modified by any user or database administrator. You must not create any tables in the SYS schema.

There is typically no reason to log in as user SYS. User SYSTEM is preferred for all administrative tasks except starting up and shutting down.
The SYSDBA System Privilege

SYSDBA is a system privilege that is assigned only to user SYS. It enables SYS to perform high-level administrative tasks such as starting up and shutting
down the database.

Although under typical circumstances it is not necessary to log in to the database as user SYS, if you want to log in as SYS with SQL Command Line
(SQL*Plus), you must connect to the database "AS SYSDBA." Connecting AS SYSDBA invokes the SYSDBA privilege. If you omit the AS SYSDBA
clause when logging in as user SYS, SQL Command Line rejects the login attempt.

The following example illustrates how to connect to the database with the SYSDBA privilege from SQL Command Line:

SQL > connect sys/password as sysdba

Password is the password for the SYS user account.

Operating System Authentication

Operating system authentication (OS authentication) is a way of using operating system login credentials to authenticate database users. One aspect of OS
authentication can be used to authenticate database administrators. If you log in to the Oracle Database XE host computer with a user name that is in a special
operating system user group, you are then permitted to connect to the database with the SYSDBA privilege. An administrator who is authenticated through
OS authentication does not need to know the SYS or SYSTEM account password.

OS authentication is needed because there must be a way to identify administrative users even if the database is shut down. A user authenticated in this way
can then start up the database.

On each platform, if the OS authentication user group does not already exist, it is automatically created when you install Oracle Database XE. In addition,
upon installation on the Linux platform, the user account oracle is automatically created and placed in the dba group. Upon installation on the Windows
platform, the user performing the installation is automatically added to the ORA_DBA group. On both platforms, you can add other host users to the OS
authentication user group to enable them to connect to the database with the SYSDBA privilege.

Logging In as an Administrator

There are three ways to log in to Oracle Database Express Edition (Oracle Database XE) to perform administrative tasks:

 Log in as user SYSTEM

 Log in as a user who has been granted the DBA role
 Log in and connect to the database as SYSDBA

Login Method Permitted In Notes

Log in to the database The Oracle Database XE graphical user interface For routine administrative tasks like
as user SYSTEM and SQL Command Line managing memory and managing
users. You must supply the password
for the SYSTEM user.
Log in to the database The Oracle Database XE graphical user interface For routine administrative tasks like
as a user who has been and SQL Command Line managing users. An administrator
granted the DBA role must first grant the DBA role to the
user.
Log in and connect to SQL Command Line For high-level administrative tasks
the database as like starting up and shutting down
SYSDBA the database, and changing the SYS
password. You can connect as
SYSDBA using the SYS user name
and password, or using operating
system authentication.

Logging In as User SYSTEM

You can log in as user SYSTEM with the Oracle Database XE graphical user interface or with SQL Command Line.

Logging In as User SYSTEM with the Oracle Database XE Graphical User Interface

To log in to the database as user SYSTEM with the Oracle Database XE graphical user interface:

 Access the Database Home Page, providing the user name SYSTEM and the password for the SYSTEM account.

Logging In as User SYSTEM with SQL Command Line

To log in to the database as user SYSTEM with SQL Command Line:

1. Log in to the Oracle Database XE host computer with any user account.
2. Do one of the following:
o On Windows: Click Start, point to Programs (or All Programs), point to Oracle Database 10g Express Edition, and then select Run SQL
Command Line.
o On Linux with Gnome: In the Applications menu, point to Oracle Database 10g Express Edition, and then select Run SQL Command
Line.
o On Linux with KDE: Click the icon for the K Menu, point to Oracle Database 10g Express Edition, and then select Run SQL Command
Line.
3. At the SQL Command Line prompt, enter the following command:

CONNECT SYSTEM/password

Where password is the SYSTEM account password that you set during installation (Windows) or configuration (Linux)

Logging In as a User with the DBA Role

The procedures for logging in as a user who has been granted the DBA role are the same as those for logging in as user SYSTEM, with the following
exceptions:

 When logging in, you must supply the user name and password for this user account.
 An administrator must have previously logged in and granted the DBA role to this user.

Logging In and Connecting to the Database as SYSDBA

You can log in and connect as SYSDBA only with SQL Command Line (SQL*Plus). You can do so either by supplying the SYS user name and password, or
by using operating system (OS) authentication.

Connecting as SYSDBA with the SYS User Name and Password

To connect as SYSDBA supplying the SYS user name and password:

1. Log in to the Oracle Database XE host computer with any user account.
2. Do one of the following:
 On Windows: Click Start, point to Programs (or All Programs), point to Oracle Database 10g Express Edition, and then select Run SQL
Command Line.
 On Linux with Gnome: In the Applications menu, point to Oracle Database 10g Express Edition, and then select Run SQL Command Line.
 On Linux with KDE: Click the icon for the K Menu, point to Oracle Database 10g Express Edition, and then select Run SQL Command Line.
3. At the SQL Command Line prompt, enter the following command:

CONNECT SYS/password AS SYSDBA

Where password is the password for the SYS user account. You set the SYS account password upon installation (Windows) or configuration (Linux).

Connecting as SYSDBA with OS Authentication

To connect as SYSDBA using OS authentication:

1. Do one of the following:

 On Windows: Log in to the Oracle Database XE host computer as a user who is a member of the ORA_DBA user group. This is typically the
user that installed Oracle Database XE.
 On Linux: Log in to the Oracle Database XE host computer as a user who is a member of the dba user group. This is typically the oracle user.
2. Do one of the following:
 On Windows: Click Start, point to Programs (or All Programs), point to Oracle Database 10g Express Edition, and then select Run SQL
Command Line.
 On Linux with Gnome: In the Applications menu, point to Oracle Database 10g Express Edition, and then select Run SQL Command Line.
 On Linux with KDE: Click the icon for the K Menu, point to Oracle Database 10g Express Edition, and then select Run SQL Command Line.
3. At the SQL Command Line prompt, enter the following command:

CONNECT / AS SYSDBA

The slash (/) indicates that the database should authenticate you with operating system (OS) authentication. Remember that when you connect with OS
authentication, you are effectively logging in to the database as user SYS.

Changing Administrative User Passwords

To change the password for user SYS or SYSTEM:

 1. Using SQL Command Line, connect to the database as SYSDBA.
2. Enter one of the following commands:

ALTER USER SYS IDENTIFIED BY newpassword;

ALTER USER SYSTEM IDENTIFIED BY newpassword;

Where newpassword is the desired new password.

Database Users and Privileges

Every database cluster contains a set of database users. Those users are separate from the users managed by the operating system on which the server runs.
Users own database objects (for example, tables) and can assign privileges on those objects to other users to control who has access to which object.

This chapter describes how to create and manage users and introduces the privilege system. More information about the various types of database objects and
the effects of privileges can be found in the PostgreSQL 7.3.21 User's Guide.

Database Users

Database users are conceptually completely separate from operating system users. In practice it might be convenient to maintain a correspondence, but this is
not required. Database user names are global across a database cluster installation (and not per individual database). To create a user use the CREATE USER
SQL command:

CREATE USER name

name follows the rules for SQL identifiers: either unadorned without special characters, or double-quoted. To remove an existing user, use the analogous
DROP USER command:

DROP USER name

For convenience, the programs createuser and dropuser are provided as wrappers around these SQL commands that can be called from the shell command
line:

createuser name

dropuser name

In order to bootstrap the database system, a freshly initialized system always contains one predefined user. This user will have the fixed ID 1, and by default
(unless altered when running initdb) it will have the same name as the operating system user that initialized the database cluster. Customarily, this user will
be named postgres. In order to create more users you first have to connect as this initial user.

Exactly one user identity is active for a connection to the database server. The user name to use for a particular database connection is indicated by the client
that is initiating the connection request in an application-specific fashion. For example, the psql program uses the -U command line option to indicate the user
to connect as. Many applications assume the name of the current operating system user by default (including createuser and psql). Therefore it is convenient
to maintain a naming correspondence between the two user sets.

The set of database users a given client connection may connect as is determined by the client authentication setup, as explained in Chapter 6. (Thus, a client
is not necessarily limited to connect as the user with the same name as its operating system user, in the same way a person is not constrained in its login name
by her real name.) Since the user identity determines the set of privileges available to a connected client, it is important to carefully configure this when
setting up a multiuser environment.

User Attributes

A database user may have a number of attributes that define its privileges and interact with the client authentication system.

superuser

A database superuser bypasses all permission checks. Also, only a superuser can create new users. To create a database superuser, use CREATE USER name
CREATEUSER.

Database creation

A user must be explicitly given permission to create databases (except for superusers, since those bypass all permission checks). To create such a user, use
CREATE USER name CREATEDB.

Password
A password is only significant if the client authentication method requires the user to supply a password when connecting to the database. The password,
md5, and crypt authentication methods make use of passwords. Database passwords are separate from operating system passwords. Specify a password upon
user creation with CREATE USER name PASSWORD 'string'.

A user's attributes can be modified after creation with ALTER USER. See the reference pages for CREATE USER and ALTER USER for details.

A user can also set personal defaults for many of the run-time configuration settings described in Section 3.4. For example, if for some reason you want to
disable index scans (hint: not a good idea) anytime you connect, you can use

ALTER USER myname SET enable_indexscan TO off;

This will save the setting (but not set it immediately) and in subsequent connections it will appear as though SET enable_indexscan TO off; had been called
right before the session started. You can still alter this setting during the session; it will only be the default. To undo any such setting, use ALTER USER
username RESET varname;.

Groups

As in Unix, groups are a way of logically grouping users to ease management of privileges: privileges can be granted to, or revoked from, a group as a whole.
To create a group, use

CREATE GROUP name

To add users to or remove users from a group, use

ALTER GROUP name ADD USER uname1, ...

ALTER GROUP name DROP USER uname1, ...

Privileges

When a database object is created, it is assigned an owner. The owner is the user that executed the creation statement. To change the owner of a table, index,
sequence, or view, use the ALTER TABLE command. By default, only an owner (or a superuser) can do anything with the object. In order to allow other
users to use it, privileges must be granted.

There are several different privileges: SELECT, INSERT, UPDATE, DELETE, RULE, REFERENCES, TRIGGER, CREATE, TEMPORARY, EXECUTE,
USAGE, and ALL PRIVILEGES. For more information on the different types of privileges support by PostgreSQL, refer to the GRANT page in the
PostgreSQL 7.3.21 Reference Manual. The right to modify or destroy an object is always the privilege of the owner only. To assign privileges, the GRANT
command is used. So, if joe is an existing user, and accounts is an existing table, the privilege to update the table can be granted with

GRANT UPDATE ON accounts TO joe;

The user executing this command must be the owner of the table. To grant a privilege to a group, use

GRANT SELECT ON accounts TO GROUP staff;

The special "user" name PUBLIC can be used to grant a privilege to every user on the system. Writing ALL in place of a specific privilege specifies that all
privileges will be granted.

To revoke a privilege, use the fittingly named REVOKE command:

REVOKE ALL ON accounts FROM PUBLIC;

The special privileges of the table owner (i.e., the right to do DROP, GRANT, REVOKE, etc) are always implicit in being the owner, and cannot be granted
or revoked. But the table owner can choose to revoke his own ordinary privileges, for example to make a table read-only for himself as well as others.

Functions and Triggers

Functions and triggers allow users to insert code into the backend server that other users may execute without knowing it. Hence, both mechanisms permit
users to Trojan horse others with relative impunity. The only real protection is tight control over who can define functions.

Functions written in any language except SQL run inside the backend server process with the operating systems permissions of the database server daemon
process. It is possible to change the server's internal data structures from inside of trusted functions. Hence, among many other things, such functions can
circumvent any system access controls. This is an inherent problem with user-defined C functions.

Authorization, privileges, and objects ownership

Users (identified by an authorization ID) can successfully execute operations only if they have the authority to perform the specified function. To create a
table, a user must be authorized to create tables; to alter a table, a user must be authorized to alter the table; and so forth.
The database manager requires that each user be specifically authorized to use each database function needed to perform a specific task. A user can acquire
the necessary authorization through a grant of that authorization to their user ID or through membership in a role or a group that holds that authorization.

There are three forms of authorization, administrative authority, privileges, and LBAC credentials. In addition, ownership of objects brings with it a degree of
authorization on the objects created. These forms of authorization are discussed below.

Administrative authority

The person or persons holding administrative authority are charged with the task of controlling the database manager and are responsible for the safety and
integrity of the data.

System-level authorization

The system-level authorities provide varying degrees of control over instance-level functions:

 SYSADM (system administrator) authority

The SYSADM (system administrator) authority provides control over all the resources created and maintained by the database manager. The system
administrator possesses all the authorities of SYSCTRL, SYSMAINT, and SYSMON authority. The user who has SYSADM authority is responsible both for
controlling the database manager, and for ensuring the safety and integrity of the data.

 SYSCTRL authority

The SYSCTRL authority provides control over operations that affect system resources. For example, a user with SYSCTRL authority can create, update,
start, stop, or drop a database. This user can also start or stop an instance, but cannot access table data. Users with SYSCTRL authority also have SYSMON
authority.

 SYSMAINT authority

The SYSMAINT authority provides the authority required to perform maintenance operations on all databases associated with an instance. A user with
SYSMAINT authority can update the database configuration, backup a database or table space, restore an existing database, and monitor a database. Like
SYSCTRL, SYSMAINT does not provide access to table data. Users with SYSMAINT authority also have SYSMON authority.

 SYSMON (system monitor) authority

The SYSMON (system monitor) authority provides the authority required to use the database system monitor.

Database-level authorization

The database level authorities provide control within the database:

 DBADM (database administrator)

The DBADM authority level provides administrative authority over a single database. This database administrator possesses the privileges required to create
objects and issue database commands.

The DBADM authority can be granted only by a user with SECADM authority. The DBADM authority cannot be granted to PUBLIC.

 SECADM (security administrator)

The SECADM authority level provides administrative authority for security over a single database. The security administrator authority possesses the ability
to manage database security objects (database roles, audit policies, trusted contexts, security label components, and security labels) and grant and revoke all
database privileges and authorities. A user with SECADM authority can transfer the ownership of objects that they do not own. They can also use the AUDIT
statement to associate an audit policy with a particular database or database object at the server.

The SECADM authority has no inherent privilege to access data stored in tables. It can only be granted by a user with SECADM authority. The SECADM
authority cannot be granted to PUBLIC.

 SQLADM (SQL administrator)

The SQLADM authority level provides administrative authority to monitor and tune SQL statements within a single database. It can be granted by a user
with ACCESSCTRL or SECADM authority.

 WLMADM (workload management administrator)

The WLMADM authority provides administrative authority to manage workload management objects, such as service classes, work action sets, work class
sets, and workloads. It can be granted by a user with ACCESSCTRL or SECADM authority.
  EXPLAIN (explain authority)

The EXPLAIN authority level provides administrative authority to explain query plans without gaining access to data. It can only be granted by a user with
ACCESSCTRL or SECADM authority.

 ACCESSCTRL (access control authority)

The ACCESSCTRL authority level provides administrative authority to issue the following GRANT (and REVOKE) statements.

 GRANT (Database Authorities)

ACCESSCTRL authority does not give the holder the ability to grant ACCESSCTRL, DATAACCESS, DBADM, or SECADM authority. Only a user who
has SECADM authority can grant these authorities.

 GRANT (Global Variable Privileges)

 GRANT (Index Privileges)
 GRANT (Module Privileges)
 GRANT (Package Privileges)
 GRANT (Routine Privileges)
 GRANT (Schema Privileges)
 GRANT (Sequence Privileges)
 GRANT (Server Privileges)
 GRANT (Table, View, or Nickname Privileges)
 GRANT (Table Space Privileges)
 GRANT (Workload Privileges)
 GRANT (XSR Object Privileges)

ACCESSCTRL authority can only be granted by a user with SECADM authority. The ACCESSCTRL authority cannot be granted to PUBLIC.

 DATAACCESS (data access authority)

The DATAACCESS authority level provides the following privileges and authorities.

 LOAD authority
 SELECT, INSERT, UPDATE, DELETE privilege on tables, views, nicknames, and materialized query tables
 EXECUTE privilege on packages
 EXECUTE privilege on modules
 EXECUTE privilege on routines

Except on the audit routines: AUDIT_ARCHIVE, AUDIT_LIST_LOGS, AUDIT_DELIM_EXTRACT.

It can be granted only by a user who holds SECADM authority. The DATAACCESS authority cannot be granted to PUBLIC.

 Database authorities (non-administrative)

To perform activities such as creating a table or a routine, or for loading data into a table, specific database authorities are required. For example, the LOAD
database authority is required for use of the load utility to load data into tables (a user must also have INSERT privilege on the table).

Privileges

A privilege is a permission to perform an action or a task. Authorized users can create objects, have access to objects they own, and can pass on privileges on
their own objects to other users by using the GRANT statement.

Privileges may be granted to individual users, to groups, or to PUBLIC. PUBLIC is a special group that consists of all users, including future users. Users
that are members of a group will indirectly take advantage of the privileges granted to the group, where groups are supported.

The CONTROL privilege: Possessing the CONTROL privilege on an object allows a user to access that database object, and to grant and revoke privileges to
or from other users on that object.

Note: The CONTROL privilege only apples to tables, views, nicknames, indexes, and packages.

If a different user requires the CONTROL privilege to that object, a user with SECADM or ACCESSCTRL authority could grant the CONTROL privilege to
that object. The CONTROL privilege cannot be revoked from the object owner, however, the object owner can be changed by using the TRANSFER
OWNERSHIP statement.

Individual privileges: Individual privileges can be granted to allow a user to carry out specific tasks on specific objects. Users with the administrative
authorities ACCESSCTRL or SECADM, or with the CONTROL privilege, can grant and revoke privileges to and from users.
Individual privileges and database authorities allow a specific function, but do not include the right to grant the same privileges or authorities to other users.
The right to grant table, view, schema, package, routine, and sequence privileges to others can be extended to other users through the WITH GRANT
OPTION on the GRANT statement. However, the WITH GRANT OPTION does not allow the person granting the privilege to revoke the privilege once
granted. You must have SECADM authority, ACCESSCTRL authority, or the CONTROL privilege to revoke the privilege.

Privileges on objects in a package or routine: When a user has the privilege to execute a package or routine, they do not necessarily require specific privileges
on the objects used in the package or routine. If the package or routine contains static SQL or XQuery statements, the privileges of the owner of the package
are used for those statements. If the package or routine contains dynamic SQL or XQuery statements, the authorization ID used for privilege checking
depends on the setting of the DYNAMICRULES BIND option of the package issuing the dynamic query statements, and whether those statements are issued
when the package is being used in the context of a routine (except on the audit routines: AUDIT_ARCHIVE, AUDIT_LIST_LOGS,
AUDIT_DELIM_EXTRACT).

A user or group can be authorized for any combination of individual privileges or authorities. When a privilege is associated with an object, that object must
exist. For example, a user cannot be given the SELECT privilege on a table unless that table has previously been created.

Note: Care must be taken when an authorization name representing a user or a group is granted authorities and privileges and there is no user, or group
created with that name. At some later time, a user or a group can be created with that name and automatically receive all of the authorities and privileges
associated with that authorization name.

The REVOKE statement is used to revoke previously granted privileges. The revoking of a privilege from an authorization name revokes the privilege
granted by all authorization names.

Revoking a privilege from an authorization name does not revoke that same privilege from any other authorization names that were granted the privilege by
that authorization name. For example, assume that CLAIRE grants SELECT WITH GRANT OPTION to RICK, then RICK grants SELECT to BOBBY and
CHRIS. If CLAIRE revokes the SELECT privilege from RICK, BOBBY and CHRIS still retain the SELECT privilege.

Self-Check 1

 Answer the questions on the following questionnaire; provide the answer sheet to your trainer.
 Check your answers by looking at the feedback sheets; ask for the assistance of the trainer whenever necessary.

Give short answer for the following questions

1. What is Database Monitoring?

2. Explain User Privileges and Roles?