Database Management Systems

Chapter 9
Database
Administration
Jerry Post
Copyright © 2003
1
D Data Administration

A
T
A
B
A  Data and information are valuable
assets.
 There are many databases and
S applications in an organization.
 Someone has to be responsible for

E organizing, controlling, and sharing data.

 Data Administrator (DA)

2
D Data Administrator (DA)
A  Provide centralized control over the data.
T  Data definition.
 Format

A  Naming convention
 Data integration.

B
 Selection of DBMS.
 Act as data and database advocate.
 Application ideas.
A  Decision support.
 Strategic uses.
S  Coordinate data integrity, security, privacy, and control.

E
3
D Database Administrator (DBA)
A  Install and upgrade DBMS.
T 

Create user accounts and monitor security.
In charge of backup and recovery of the database.
A 

Monitor and tune the database performance.
Coordinate with DBMS vendor and plan for changes.
B  Maintain DBMS-specific information for developers.

A
S
E
4
D Database Structure
A Database
 The schema is a
Users and Permissions
T Catalog: (very rare)
namespace often
assigned to users
so that table names
A Table
Schema do not have to be
unique across the

B Columns
Data types
entire database.
 The catalog is a
Constraints container with the
A Views
Triggers
goal of making it
easier to find
schema, but is
S Routines and Modules
… probably not
supported by any
E DBMS yet.

5
D Metadata
A  Data about data
T  Example: a system table
that contains a list of user
Information_Schema Examples
(61 total views)

A tables.
 SQL standard uses the
Schemata
Tables
information_schema views
B
Domains
that retrieve data from the Views
definition_schema Table_Privileges

A SELECT Table_Name, Table_Type

Referential_Constraints
Check_Constraints
Triggers
S FROM Information_Schema.Tables
WHERE table_name LIKE ‘Emp%’
Trigger_Table_Usage
Parameters

E
Routines

6
D Database Administration
A  Planning
 Determine hardware and software needs.
T  Design
 Estimate space requirements, estimate performance.
A  Implementation

B  Install software, create databases, transfer data.

 Operation
A  Monitor performance, backup and recovery.
 Growth and Change
S  Monitor and forecast storage needs.
 Security
E  Create user accounts, monitor changes.

7
D Database Planning
A
 Estimation
T  Data storage requirements
 Time to develop
A  Cost to develop
 Operations costs
B
A
S
E
8
D Managing Database Design
A  Teamwork
 Data standards

T  Data repository
 Reusable objects

A  CASE tools
 Networks / communication

B  Subdividing projects
 Delivering in stages
A  User needs / priorities
 Version upgrades

S  Normalization by user views

 Distribute individual sections

E
 Combine sections
 Assign forms and reports

9
D Database Implementation
A
 Standards for application
T programming.
 User interface.
A  Programming standards.
 Layout and techniques.
B  Variable & object definition.
 Test procedures.
A  Data access and ownership.
 Loading databases.
S  Backup and recovery plans.
E  User and operator training.

10
D Database Operation and Maintenance
A  Monitoring usage
 Size and growth

T  Performance / delays
 Security logs

A  User problems
 Backup and recovery
B  User support
 Help desk
A  Training classes

S
E
11
D Database Growth and Change
A  Detect need for change
 Size and speed
T  Structures / design
 Requests for additional data.

A  Difficulties with queries.

 Usage patterns

B  Forecasts
 Delays in implementing changes
A  Time to recognize needs.
 Time to get agreement and approval.
S  Time to install new hardware.
 Time to create / modify software.
E
12
D Backup and Recovery Changes
A OrdID Odate Amount ...
 Backups are crucial! 192 2/2/01 252.35 …
T  Offsite storage! 193 2/2/01 998.34 …

A  Scheduled backup.
 Regular intervals. OrdID Odate Amount ...

B  Record time.
 Track backups. Snapshot
192
193
2/2/01 252.35 …
2/2/01 998.34 …
194 2/2/01 77.23 ...
A  Journals / logs
 Checkpoint OrdID Odate Amount ...
S  Rollback / Roll forward 192
193
2/2/01 252.35 …
2/2/01 998.34 …

E Journal/Log
194
195
2/2/01 77.23 …
2/2/01 101.52 …

13
D Database Security and Privacy
A  Physical security  Security Threats
T  Protecting hardware
 Protecting software and
 Employees / Insiders
 Disgruntled employees

A data.
 Logical security
 “Terminated” employees
 Dial-up / home access
 Programmers
B  Unauthorized disclosure
 Unauthorized modification
 Time bombs
 Trap doors
 Unauthorized withholding
A  Visitors
 Consultants

S  Business partnerships
 Strategic sharing
 EDI
E  Hackers--Internet

14
D Data Privacy
Who owns data?
A Customer rights.
International complications.
T Do not release data to others. Marketing needs
A Do not read data unnecessarily.
Report all infractions and problems.

B Privacy tradeoffs

A
S Government requests

E Employee management

15
D Physical Security
 Hardware  Data and software
A  Preventing problems  Backups

T  Fire prevention
 Site considerations
 Off-site backups
 Personal computers
 Building design  Policies and procedures
A  Hardware backup  Network backup
facilities  Disaster planning
B  Continuous backup
(mirror sites)
 Write it down
 Train all new employees
A  Hot sites
 Shell sites  Test it once a year
 Telecommunications
S  “Sister” agreements
 Telecommunication  Allowable time between
systems disaster and business
E  Personal computers survival limits.

16
D Physical Security Provisions
A  Backup data.
T 

Backup hardware.
Disaster planning and testing.
A  Prevention.
 Location.

B  Fire monitoring and control.

 Control physical access.

A
S
E
17
D Managerial Controls
A  “Insiders”
T 

Hiring
Termination

A 

Monitoring
Job segmentation

B  Physical access limitations

 Locks

A
 Guards and video monitoring
 Badges and tracking
 Consultants and Business alliances
S  Limited data access
 Limited physical access
E  Paired with employees

18
D Logical Security
A  Unauthorized disclosure.  Disclosure example
T  Unauthorized modification.
 Unauthorized withholding.
 Letting a competitor see the
strategic marketing plans.

A  Modification example
 Letting employees change

B
their salary numbers.
 Withholding example
 Preventing a finance officer
A from retrieving data needed
to get a bank loan.

S
E
19
D User Identification
A  User identification  Alternative identification
T  Accounts
 Individual


Finger / hand print readers
Voice

A  Groups
 Passwords


Retina (blood vessel) scans
DNA typing

B  Do not use “real” words.

 Do not use personal (or pet)
 Hardware passwords
 The one-minute password.

A
names.  Card matched to computer.
 Include non-alphabetic  Best method for open
characters. networks / Internet.
S  Use at least 6 (8) characters.
 Change it often.

E  Too many passwords!

20
D Basic Security Ideas 3

A  Limit access to hardware

5
2
phone

T
company
 Physical locks.
 Video monitoring.
Jones 1111

A  Fire and environment

monitors.
Smith 2222
Olsen 3333
Araha 4444 phone
 Employee logs / cards.
B
company
 Dial-back modems
 Monitor usage
A  Hardware logs.
 Access from network nodes.
 Dialback modem
 User calls modem
1
4

S  Software and data usage.

 Background checks


Modem gets name, password
Modem hangs up phone

E  Employees
 Consultants


Modem calls back user
Machine gets final password

21
D Access Controls
A  Operating system
 Access to directories
 DBMS access controls
 Read Data

T  Read
 View / File scan


Update Data
Insert Data
 Write
A
 Delete Data
 Create  Open / Run
 Delete  Read Design
B  Access to files
 Read


Modify Design
Administer
A  Write
 Edit
 Owners and administrator
 Need separate user
S  Delete
 DBMS usually needs most
identification / login to
DBMS.
of these
E  Assign by user or group.

22
D SQL Security Commands
A  GRANT privileges
 REVOKE privileges GRANT INSERT
T  Privileges include
 SELECT
ON Bicycle
TO OrderClerks
A 

DELETE
INSERT
REVOKE DELETE
B
 UPDATE
ON Customer
 Objects include
 Table
FROM Assemblers
A  Table columns (SQL 92+)
 Query
S  Users include
 Name/Group
E  PUBLIC

23
D WITH GRANT OPTION
A
GRANT SELECT
T ON Bicycle
TO MarketingChair
A WITH GRANT OPTION

B Enables the recipient to also grant the

A specified privilege to other users. It passes
on part of your authority.
S
E
24
D Roles
A ItemID
111
Description
Dog Food
Price
0.95
QOH
53
Items: SELECT

T
222 CustomerID
Cat Food LastNam
1.23 82
FirstName Phone
333 Bird Food e 3.75 18
Customers: SELECT,
1111 Wilson Peta 2222
UPDATE
A
SalesID1112
SaleDate CustomerID Jackson
Pollock 3333
111 03-May-
1113 1112
Locke Jennifer 4444
112 04-May- 1112
Sales: SELECT,
UPDATE, INSERT
B 113 05-May- 1113

A Role: SalesClerk Assign permissions

to the role.

S
E New hire:
Add role to person

25
D Using Queries for Control
A  Permissions apply to entire
T table or query.
 Use query to grant access to
Employee(ID, Name, Phone, Salary)

A part of a table.
 Example
Query: Phonebook
SELECT Name, Phone
FROM Employee

B  Employee table
 Give all employees read Security
access to name and phone Grant Read access to Phonebook
A (phonebook).
 Give managers read access
for group of Employees.

Grant Read access to Employee

S  SQL
to salary. for group of Managers.

Revoke all access to Employee

E  Grant
 Revoke
for everyone else (except Admin).

26
D Separation of Duties
A Supplier
SupplierID Name…
Purchasing
manager can add

T 673
772
983
Acme Supply
Basic Tools
Common X
new suppliers,
but cannot add
new orders.
A Referential

B integrity

A PurchaseOrder
Clerk must use SupplierID
S OrderID SupplierID
8882
8893
772
673
from the Supplier table,
and cannot add a new

E 8895 009 supplier.

27
D Securing an Access Database
A  Set up a secure workgroup

T  Create a new Admin user.

 Enable security by setting a password

A
 Remove the original Admin user.
 Run the Security Wizard in the database to be secured.
 Assign user and group access privileges in the new
B database.
 Encrypt the new database.

A  Save it as an MDE file.

S
E
28
D Encryption
Plain text
A  Protection for open transmissions
 Networks
message

T  The Internet
 Weak operating systems
AES

A  Single key (AES)

 Dual key
Key: 9837362 Encrypted
text

B
 Protection
Single key: e.g., AES
 Authentication
Encrypted
 Trap doors / escrow keys
A  U.S. export limits
text

 64 bit key limit AES

S  Breakable by brute force
 Typical hardware:2 weeks
Key: 9837362

Plain text
E  Special hardware: minutes message

29
D Dual Key Encryption
A Message
Transmission Message

T Encrypt+T+M

Alice
A
Encrypt+M Encrypt+T
Private Key
Bob
B 13 Use
Alice’s
Public Keys
Private Key
37
A Private key
Use
Alice 29
Bob 17 Use
Use
Bob’s
Bob’s Alice’s Private key
S Public key Public key

E
 Using Bob’s private key ensures it came from him.
 Using Alice’s public key means only she can read it.

30
D Sally’s Pet Store: Security
A Management
Sally/CEO
Products
Sales
Employees
Hiring/Release

T Sales Staff
Purchases
Receive products
Hours
Pay checks
Store manager
A Sales people Animals
Sales
Accounts
Payments

B
Business Alliances Purchases Receipts
Accountant Animal Healthcare Management Reports
Attorney

A Suppliers
Customers
Operations

S Users

E
31
D Sally’s Pet Store: Purchases
A P u rc h a se P u rc h a se Qu e ry
Merch a n dise
P u rc h a se Ite m
Order
Qu e ry

T
Order Su pplier E m ployee Cit y It em Merch a n dise
Sa lly/CEO W/A W/A R: ID, Nam e R W/A W/A
St ore Mgr. W/A R* R: ID, Nam e R A R
Sa les people R R* R: ID, Nam e R R R

A Accou n ta nt
At t or ney
Su ppliers
Cu st om er s
R
-
R
-
R*
-
R*
-
R: ID, Nam e
-
-
-
R
-
R
-
R
-
R
-
R
-
R
-

B *Basic Supplier data: ID, Name, Address, Phone, ZipCode, CityID

A R: Read
W: Write
A: Add
S
E
32