database administration part 2 chapter six csci260 database applications
Post on 21-Dec-2015
229 views
TRANSCRIPT
Database Database AdministrationAdministration
Part 2Part 2
Chapter SixChapter Six
CSCI260 Database Applications
22
Chapter ObjectivesChapter Objectives
• Understand the need for and importance of Understand the need for and importance of database administrationdatabase administration
• Learn different ways of processing a databaseLearn different ways of processing a database
• Understand the need for concurrency control, Understand the need for concurrency control, security, and backup and recoverysecurity, and backup and recovery
• Learn typical problems that can occur when Learn typical problems that can occur when multiple users process a database multiple users process a database concurrentlyconcurrently
• Understand the use of locking and the Understand the use of locking and the problem of deadlock Understand the use of problem of deadlock Understand the use of locking and the problem of deadlocklocking and the problem of deadlock
33
Chapter Objectives Chapter Objectives (continued)(continued)• Learn the difference between optimistic and Learn the difference between optimistic and
pessimistic lockingpessimistic locking• Know the meaning of ACID transactionKnow the meaning of ACID transaction• Learn the four 1992 ANSI standard isolation Learn the four 1992 ANSI standard isolation
levelslevels• Understand the need for security and learn a Understand the need for security and learn a
generalized model of database securitygeneralized model of database security• Know the difference between DBMS and Know the difference between DBMS and
application securityapplication security• Know the difference between recovery via Know the difference between recovery via
reprocessing and recovery via reprocessing and recovery via rollback/rollforwardrollback/rollforward
44
Chapter Objectives Chapter Objectives (continued)(continued)• Understand the nature of the tasks required Understand the nature of the tasks required
for recovery using rollback/rollforwardfor recovery using rollback/rollforward• Know basic administrative and managerial Know basic administrative and managerial
DBA functionsDBA functions
55
Database SecurityDatabase Security
• Database Security strives to ensure:Database Security strives to ensure:– Only authorized users Only authorized users – Perform authorized activities Perform authorized activities – At authorized timesAt authorized times
66
Admin Asst: Read, Insert and change data in all tables.
ONLY delete from SEMINAR-CUSTOMER (un-enroll customer from seminar) and LINE-ITEM (take item off order).
Management: Take all actions except delete customers.
Never want to delete a customer.
Sys Admin: Only define permissions. No other rights. Not a user, no need to change data.
77
Database Security GuidelinesDatabase Security Guidelines
• Run the DBMS behind a firewallRun the DBMS behind a firewall– No access outside of organizationNo access outside of organization– Problem with e-commerce applicationsProblem with e-commerce applications– Still protect all non-e-commerce activitiesStill protect all non-e-commerce activities
• Apply the latest operating system and Apply the latest operating system and DBMS service packs and patchesDBMS service packs and patches– Spring 2003 Slammer worm exploited security Spring 2003 Slammer worm exploited security
hole in SQL Serverhole in SQL Server– MS published patch eliminating hole, for those MS published patch eliminating hole, for those
who applied itwho applied it
88
Database Security GuidelinesDatabase Security Guidelines
• Limit DBMS functionality to needed Limit DBMS functionality to needed featuresfeatures– Remove extra communication protocolsRemove extra communication protocols– Remove pre-packaged stored proceduresRemove pre-packaged stored procedures
• Protect the computer that runs the Protect the computer that runs the DBMSDBMS– No one should use or access this computerNo one should use or access this computer– Keep behind locked and logged doorsKeep behind locked and logged doors
• Manage accounts and passwordsManage accounts and passwords
99
Processing Rights and Processing Rights and ResponsibilitiesResponsibilities
• Processing rights define who is Processing rights define who is permitted to do what, whenpermitted to do what, when
• The individuals performing these The individuals performing these activities have full responsibility for activities have full responsibility for the implications of their actionsthe implications of their actions
• Individuals are identified by a Individuals are identified by a username and a passwordusername and a password
1010
DBMS SecurityDBMS Security(Granting Permissions)(Granting Permissions)• Database users are known as an individual Database users are known as an individual
and as a member of one or more roleand as a member of one or more role
• Granting access and processing Granting access and processing rights/privileges may be granted to an rights/privileges may be granted to an individual and/or a roleindividual and/or a role
• Users possess the compilation of rights Users possess the compilation of rights granted to the individual and all the roles granted to the individual and all the roles for which they are membersfor which they are members
1111
Application SecurityApplication Security
• Beyond providing generic access Beyond providing generic access limitations to users, an limitations to users, an application may introduce application may introduce specific access rights for specific access rights for particular users.particular users.
1212
A Model of DBMS SecurityA Model of DBMS Security
1313
Database Backup and Database Backup and RecoveryRecovery• Common causes of database failures…Common causes of database failures…
– Hardware failuresHardware failures– Programming bugsProgramming bugs– Human errors/mistakesHuman errors/mistakes
– Malicious actionsMalicious actions
• Since these issues are impossible to Since these issues are impossible to completely avoid, recovery procedures completely avoid, recovery procedures are essentialare essential
1414
Database Backup and Database Backup and RecoveryRecovery• First – business functions must continue. First – business functions must continue.
– Customer orders, financial transactions, Customer orders, financial transactions, packing lists – all completed manuallypacking lists – all completed manually
• Second – system must be restored to Second – system must be restored to usable stage ASAP and as close as usable stage ASAP and as close as possible to what it was when it crashedpossible to what it was when it crashed
• Third – users must be notified when Third – users must be notified when system back onlinesystem back online– Some data may need to be re-enteredSome data may need to be re-entered
1515
Recovery via ReprocessingRecovery via Reprocessing
• In In reprocessingreprocessing, all activities since the , all activities since the backup was performed are redonebackup was performed are redone
• This is a brut-force technique This is a brut-force technique • This procedure is costly in the effort This procedure is costly in the effort
involved in re-entering the datainvolved in re-entering the data• This procedure is risky in that human This procedure is risky in that human
error is likely and in that paper record-error is likely and in that paper record-keeping may not be accuratekeeping may not be accurate
1616
Recovery viaRecovery viaRollback and RollforwardRollback and Rollforward
• Most database management Most database management systems provide a mechanism to systems provide a mechanism to record activities into a log filerecord activities into a log file
1717
RollforwardRollforward
• Activities recorded in the log files may Activities recorded in the log files may be replayed. In doing so, all activities be replayed. In doing so, all activities are re-applied to the database are re-applied to the database
• This procedure is used to resynchronize This procedure is used to resynchronize restored database datarestored database data
• This procedure is termed a This procedure is termed a RollforwardRollforward
1818
RollbackRollback
• Since log files save activities in Since log files save activities in sequence order, it is possible to undo sequence order, it is possible to undo activities in reverse order that they activities in reverse order that they were originally executedwere originally executed
• This is performed to correct/undo This is performed to correct/undo erroneous or malicious transaction(s)erroneous or malicious transaction(s)
• This procedure is known as a This procedure is known as a RollbackRollback
Database Database AdministrationAdministration
End of Presentation on Chapter End of Presentation on Chapter SixSix
Due Monday December Due Monday December 1111
9am, in the classroom9am, in the classroomBe ready to demo your Be ready to demo your
entire database!entire database!
Final Project for CSCI260Final Project for CSCI260