Database Database AdministrationAdministration

Part 2Part 2

Chapter SixChapter Six

CSCI260 Database Applications

22

Chapter ObjectivesChapter Objectives

• Understand the need for and importance of Understand the need for and importance of database administrationdatabase administration

• Learn different ways of processing a databaseLearn different ways of processing a database

• Understand the need for concurrency control, Understand the need for concurrency control, security, and backup and recoverysecurity, and backup and recovery

• Learn typical problems that can occur when Learn typical problems that can occur when multiple users process a database multiple users process a database concurrentlyconcurrently

• Understand the use of locking and the Understand the use of locking and the problem of deadlock Understand the use of problem of deadlock Understand the use of locking and the problem of deadlocklocking and the problem of deadlock

33

Chapter Objectives Chapter Objectives (continued)(continued)• Learn the difference between optimistic and Learn the difference between optimistic and

pessimistic lockingpessimistic locking• Know the meaning of ACID transactionKnow the meaning of ACID transaction• Learn the four 1992 ANSI standard isolation Learn the four 1992 ANSI standard isolation

levelslevels• Understand the need for security and learn a Understand the need for security and learn a

generalized model of database securitygeneralized model of database security• Know the difference between DBMS and Know the difference between DBMS and

application securityapplication security• Know the difference between recovery via Know the difference between recovery via

reprocessing and recovery via reprocessing and recovery via rollback/rollforwardrollback/rollforward

44

Chapter Objectives Chapter Objectives (continued)(continued)• Understand the nature of the tasks required Understand the nature of the tasks required

for recovery using rollback/rollforwardfor recovery using rollback/rollforward• Know basic administrative and managerial Know basic administrative and managerial

DBA functionsDBA functions

55

Database SecurityDatabase Security

• Database Security strives to ensure:Database Security strives to ensure:– Only authorized users Only authorized users – Perform authorized activities Perform authorized activities – At authorized timesAt authorized times

66

Admin Asst: Read, Insert and change data in all tables.

ONLY delete from SEMINAR-CUSTOMER (un-enroll customer from seminar) and LINE-ITEM (take item off order).

Management: Take all actions except delete customers.

Never want to delete a customer.

Sys Admin: Only define permissions. No other rights. Not a user, no need to change data.

77

Database Security GuidelinesDatabase Security Guidelines

• Run the DBMS behind a firewallRun the DBMS behind a firewall– No access outside of organizationNo access outside of organization– Problem with e-commerce applicationsProblem with e-commerce applications– Still protect all non-e-commerce activitiesStill protect all non-e-commerce activities

• Apply the latest operating system and Apply the latest operating system and DBMS service packs and patchesDBMS service packs and patches– Spring 2003 Slammer worm exploited security Spring 2003 Slammer worm exploited security

hole in SQL Serverhole in SQL Server– MS published patch eliminating hole, for those MS published patch eliminating hole, for those

who applied itwho applied it

88

Database Security GuidelinesDatabase Security Guidelines

• Limit DBMS functionality to needed Limit DBMS functionality to needed featuresfeatures– Remove extra communication protocolsRemove extra communication protocols– Remove pre-packaged stored proceduresRemove pre-packaged stored procedures

• Protect the computer that runs the Protect the computer that runs the DBMSDBMS– No one should use or access this computerNo one should use or access this computer– Keep behind locked and logged doorsKeep behind locked and logged doors

• Manage accounts and passwordsManage accounts and passwords

99

Processing Rights and Processing Rights and ResponsibilitiesResponsibilities

• Processing rights define who is Processing rights define who is permitted to do what, whenpermitted to do what, when

• The individuals performing these The individuals performing these activities have full responsibility for activities have full responsibility for the implications of their actionsthe implications of their actions

• Individuals are identified by a Individuals are identified by a username and a passwordusername and a password

1010

DBMS SecurityDBMS Security(Granting Permissions)(Granting Permissions)• Database users are known as an individual Database users are known as an individual

and as a member of one or more roleand as a member of one or more role

• Granting access and processing Granting access and processing rights/privileges may be granted to an rights/privileges may be granted to an individual and/or a roleindividual and/or a role

• Users possess the compilation of rights Users possess the compilation of rights granted to the individual and all the roles granted to the individual and all the roles for which they are membersfor which they are members

1111

Application SecurityApplication Security

• Beyond providing generic access Beyond providing generic access limitations to users, an limitations to users, an application may introduce application may introduce specific access rights for specific access rights for particular users.particular users.

1212

A Model of DBMS SecurityA Model of DBMS Security

1313

Database Backup and Database Backup and RecoveryRecovery• Common causes of database failures…Common causes of database failures…

– Hardware failuresHardware failures– Programming bugsProgramming bugs– Human errors/mistakesHuman errors/mistakes

– Malicious actionsMalicious actions

• Since these issues are impossible to Since these issues are impossible to completely avoid, recovery procedures completely avoid, recovery procedures are essentialare essential

1414

Database Backup and Database Backup and RecoveryRecovery• First – business functions must continue. First – business functions must continue.

– Customer orders, financial transactions, Customer orders, financial transactions, packing lists – all completed manuallypacking lists – all completed manually

• Second – system must be restored to Second – system must be restored to usable stage ASAP and as close as usable stage ASAP and as close as possible to what it was when it crashedpossible to what it was when it crashed

• Third – users must be notified when Third – users must be notified when system back onlinesystem back online– Some data may need to be re-enteredSome data may need to be re-entered

1515

Recovery via ReprocessingRecovery via Reprocessing

• In In reprocessingreprocessing, all activities since the , all activities since the backup was performed are redonebackup was performed are redone

• This is a brut-force technique This is a brut-force technique • This procedure is costly in the effort This procedure is costly in the effort

involved in re-entering the datainvolved in re-entering the data• This procedure is risky in that human This procedure is risky in that human

error is likely and in that paper record-error is likely and in that paper record-keeping may not be accuratekeeping may not be accurate

1616

Recovery viaRecovery viaRollback and RollforwardRollback and Rollforward

• Most database management Most database management systems provide a mechanism to systems provide a mechanism to record activities into a log filerecord activities into a log file

1717

RollforwardRollforward

• Activities recorded in the log files may Activities recorded in the log files may be replayed. In doing so, all activities be replayed. In doing so, all activities are re-applied to the database are re-applied to the database

• This procedure is used to resynchronize This procedure is used to resynchronize restored database datarestored database data

• This procedure is termed a This procedure is termed a RollforwardRollforward

1818

RollbackRollback

• Since log files save activities in Since log files save activities in sequence order, it is possible to undo sequence order, it is possible to undo activities in reverse order that they activities in reverse order that they were originally executedwere originally executed

• This is performed to correct/undo This is performed to correct/undo erroneous or malicious transaction(s)erroneous or malicious transaction(s)

• This procedure is known as a This procedure is known as a RollbackRollback

Database Database AdministrationAdministration

End of Presentation on Chapter End of Presentation on Chapter SixSix

Due Monday December Due Monday December 1111

9am, in the classroom9am, in the classroomBe ready to demo your Be ready to demo your

entire database!entire database!

Final Project for CSCI260Final Project for CSCI260