Professional Documents
Culture Documents
DBNote 09
DBNote 09
Chapter 9
Database
Administration
Jerry Post
Copyright © 2003
1
D Data Administration
A
T
A
B
A Data and information are valuable
assets.
There are many databases and
S applications in an organization.
Someone has to be responsible for
2
D Data Administrator (DA)
A Provide centralized control over the data.
T Data definition.
Format
A Naming convention
Data integration.
B
Selection of DBMS.
Act as data and database advocate.
Application ideas.
A Decision support.
Strategic uses.
S Coordinate data integrity, security, privacy, and control.
E
3
D Database Administrator (DBA)
A Install and upgrade DBMS.
T
Create user accounts and monitor security.
In charge of backup and recovery of the database.
A
Monitor and tune the database performance.
Coordinate with DBMS vendor and plan for changes.
B Maintain DBMS-specific information for developers.
A
S
E
4
D Database Structure
A Database
The schema is a
Users and Permissions
T Catalog: (very rare)
namespace often
assigned to users
so that table names
A Table
Schema do not have to be
unique across the
B Columns
Data types
entire database.
The catalog is a
Constraints container with the
A Views
Triggers
goal of making it
easier to find
schema, but is
S Routines and Modules
… probably not
supported by any
E DBMS yet.
5
D Metadata
A Data about data
T Example: a system table
that contains a list of user
Information_Schema Examples
(61 total views)
A tables.
SQL standard uses the
Schemata
Tables
information_schema views
B
Domains
that retrieve data from the Views
definition_schema Table_Privileges
E
Routines
6
D Database Administration
A Planning
Determine hardware and software needs.
T Design
Estimate space requirements, estimate performance.
A Implementation
7
D Database Planning
A
Estimation
T Data storage requirements
Time to develop
A Cost to develop
Operations costs
B
A
S
E
8
D Managing Database Design
A Teamwork
Data standards
T Data repository
Reusable objects
A CASE tools
Networks / communication
B Subdividing projects
Delivering in stages
A User needs / priorities
Version upgrades
E
Combine sections
Assign forms and reports
9
D Database Implementation
A
Standards for application
T programming.
User interface.
A Programming standards.
Layout and techniques.
B Variable & object definition.
Test procedures.
A Data access and ownership.
Loading databases.
S Backup and recovery plans.
E User and operator training.
10
D Database Operation and Maintenance
A Monitoring usage
Size and growth
T Performance / delays
Security logs
A User problems
Backup and recovery
B User support
Help desk
A Training classes
S
E
11
D Database Growth and Change
A Detect need for change
Size and speed
T Structures / design
Requests for additional data.
B Forecasts
Delays in implementing changes
A Time to recognize needs.
Time to get agreement and approval.
S Time to install new hardware.
Time to create / modify software.
E
12
D Backup and Recovery Changes
A OrdID Odate Amount ...
Backups are crucial! 192 2/2/01 252.35 …
T Offsite storage! 193 2/2/01 998.34 …
A Scheduled backup.
Regular intervals. OrdID Odate Amount ...
B Record time.
Track backups. Snapshot
192
193
2/2/01 252.35 …
2/2/01 998.34 …
194 2/2/01 77.23 ...
A Journals / logs
Checkpoint OrdID Odate Amount ...
S Rollback / Roll forward 192
193
2/2/01 252.35 …
2/2/01 998.34 …
E Journal/Log
194
195
2/2/01 77.23 …
2/2/01 101.52 …
13
D Database Security and Privacy
A Physical security Security Threats
T Protecting hardware
Protecting software and
Employees / Insiders
Disgruntled employees
A data.
Logical security
“Terminated” employees
Dial-up / home access
Programmers
B Unauthorized disclosure
Unauthorized modification
Time bombs
Trap doors
Unauthorized withholding
A Visitors
Consultants
S Business partnerships
Strategic sharing
EDI
E Hackers--Internet
14
D Data Privacy
Who owns data?
A Customer rights.
International complications.
T Do not release data to others. Marketing needs
A Do not read data unnecessarily.
Report all infractions and problems.
B Privacy tradeoffs
A
S Government requests
E Employee management
15
D Physical Security
Hardware Data and software
A Preventing problems Backups
T Fire prevention
Site considerations
Off-site backups
Personal computers
Building design Policies and procedures
A Hardware backup Network backup
facilities Disaster planning
B Continuous backup
(mirror sites)
Write it down
Train all new employees
A Hot sites
Shell sites Test it once a year
Telecommunications
S “Sister” agreements
Telecommunication Allowable time between
systems disaster and business
E Personal computers survival limits.
16
D Physical Security Provisions
A Backup data.
T
Backup hardware.
Disaster planning and testing.
A Prevention.
Location.
A
S
E
17
D Managerial Controls
A “Insiders”
T
Hiring
Termination
A
Monitoring
Job segmentation
A
Guards and video monitoring
Badges and tracking
Consultants and Business alliances
S Limited data access
Limited physical access
E Paired with employees
18
D Logical Security
A Unauthorized disclosure. Disclosure example
T Unauthorized modification.
Unauthorized withholding.
Letting a competitor see the
strategic marketing plans.
A Modification example
Letting employees change
B
their salary numbers.
Withholding example
Preventing a finance officer
A from retrieving data needed
to get a bank loan.
S
E
19
D User Identification
A User identification Alternative identification
T Accounts
Individual
Finger / hand print readers
Voice
A Groups
Passwords
Retina (blood vessel) scans
DNA typing
A
names. Card matched to computer.
Include non-alphabetic Best method for open
characters. networks / Internet.
S Use at least 6 (8) characters.
Change it often.
20
D Basic Security Ideas 3
T
company
Physical locks.
Video monitoring.
Jones 1111
E Employees
Consultants
Modem calls back user
Machine gets final password
21
D Access Controls
A Operating system
Access to directories
DBMS access controls
Read Data
T Read
View / File scan
Update Data
Insert Data
Write
A
Delete Data
Create Open / Run
Delete Read Design
B Access to files
Read
Modify Design
Administer
A Write
Edit
Owners and administrator
Need separate user
S Delete
DBMS usually needs most
identification / login to
DBMS.
of these
E Assign by user or group.
22
D SQL Security Commands
A GRANT privileges
REVOKE privileges GRANT INSERT
T Privileges include
SELECT
ON Bicycle
TO OrderClerks
A
DELETE
INSERT
REVOKE DELETE
B
UPDATE
ON Customer
Objects include
Table
FROM Assemblers
A Table columns (SQL 92+)
Query
S Users include
Name/Group
E PUBLIC
23
D WITH GRANT OPTION
A
GRANT SELECT
T ON Bicycle
TO MarketingChair
A WITH GRANT OPTION
T
222 CustomerID
Cat Food LastNam
1.23 82
FirstName Phone
333 Bird Food e 3.75 18
Customers: SELECT,
1111 Wilson Peta 2222
UPDATE
A
SalesID1112
SaleDate CustomerID Jackson
Pollock 3333
111 03-May-
1113 1112
Locke Jennifer 4444
112 04-May- 1112
Sales: SELECT,
UPDATE, INSERT
B 113 05-May- 1113
S
E New hire:
Add role to person
25
D Using Queries for Control
A Permissions apply to entire
T table or query.
Use query to grant access to
Employee(ID, Name, Phone, Salary)
A part of a table.
Example
Query: Phonebook
SELECT Name, Phone
FROM Employee
B Employee table
Give all employees read Security
access to name and phone Grant Read access to Phonebook
A (phonebook).
Give managers read access
for group of Employees.
26
D Separation of Duties
A Supplier
SupplierID Name…
Purchasing
manager can add
T 673
772
983
Acme Supply
Basic Tools
Common X
new suppliers,
but cannot add
new orders.
A Referential
B integrity
A PurchaseOrder
Clerk must use SupplierID
S OrderID SupplierID
8882
8893
772
673
from the Supplier table,
and cannot add a new
27
D Securing an Access Database
A Set up a secure workgroup
A
Remove the original Admin user.
Run the Security Wizard in the database to be secured.
Assign user and group access privileges in the new
B database.
Encrypt the new database.
S
E
28
D Encryption
Plain text
A Protection for open transmissions
Networks
message
T The Internet
Weak operating systems
AES
B
Protection
Single key: e.g., AES
Authentication
Encrypted
Trap doors / escrow keys
A U.S. export limits
text
Plain text
E Special hardware: minutes message
29
D Dual Key Encryption
A Message
Transmission Message
T Encrypt+T+M
Alice
A
Encrypt+M Encrypt+T
Private Key
Bob
B 13 Use
Alice’s
Public Keys
Private Key
37
A Private key
Use
Alice 29
Bob 17 Use
Use
Bob’s
Bob’s Alice’s Private key
S Public key Public key
E
Using Bob’s private key ensures it came from him.
Using Alice’s public key means only she can read it.
30
D Sally’s Pet Store: Security
A Management
Sally/CEO
Products
Sales
Employees
Hiring/Release
T Sales Staff
Purchases
Receive products
Hours
Pay checks
Store manager
A Sales people Animals
Sales
Accounts
Payments
B
Business Alliances Purchases Receipts
Accountant Animal Healthcare Management Reports
Attorney
A Suppliers
Customers
Operations
S Users
E
31
D Sally’s Pet Store: Purchases
A P u rc h a se P u rc h a se Qu e ry
Merch a n dise
P u rc h a se Ite m
Order
Qu e ry
T
Order Su pplier E m ployee Cit y It em Merch a n dise
Sa lly/CEO W/A W/A R: ID, Nam e R W/A W/A
St ore Mgr. W/A R* R: ID, Nam e R A R
Sa les people R R* R: ID, Nam e R R R
A Accou n ta nt
At t or ney
Su ppliers
Cu st om er s
R
-
R
-
R*
-
R*
-
R: ID, Nam e
-
-
-
R
-
R
-
R
-
R
-
R
-
R
-
A R: Read
W: Write
A: Add
S
E
32