database systems: design, implementation, and management eighth edition chapter 15 database...

Database Systems: Design, Implementation, and

ManagementEighth Edition

Chapter 15Database Administration and Security

Database Systems, 8th Edition 2

Objectives• In this chapter, you will learn:

– Data are a valuable business asset requiring careful management

– How a database plays a critical role in an organization

– Introduction of a DBMS has technological, managerial, and cultural organizational consequences

– Database administrator’s managerial and technical roles

– Data security, database security, and the information security framework

– Several database administration tools and strategies

– Various database administration technical tasks


Data as a Corporate Asset

• Data are a valuable asset that require careful management

• Data are a valuable resource that translate into information

• Accurate, timely information triggers actions that enhance company’s position and generate wealth


The Need for and Role of Databasesin an Organization

• Database’s predominant role is to support managerial decision making at all levels

• DBMS facilitates:– Interpretation and presentation of data– Distribution of data and information– Preservation and monitoring of data– Control over data duplication and use

• DBMS must provide tools that give each level of management different view of data and support required level of decision making


Introduction of a Database: Special Considerations

• Introduction of a DBMS is likely to have a profound impact– Might be positive or negative, depending on how it is

administered

• Three aspects to DBMS introduction:– Technological-DBMS software and hardware

• includes selecting, installing, configuring, and monitoring the DBMS

– Managerial-Administrative functions• planning for proper people to be DBAs, monitoring, controlling.

– Cultural-Corporate resistance to change

• One role of DBA department is to educate end users about system uses and benefits


The Evolution of the Database Administration Function

• Data administration has its roots in the old, decentralized world of the file system

• Advent of DBMS and its shared view of data produced new level of data management sophistication and led DP department to evolve into information systems (IS) department

• Data management became increasingly complex job, thus leading to development of database administration function

The Evolution of the Database Administration Function

Tue 16-7 The Evolution of the Database Administration Function


The Database Environment’s Human Component

• Even most carefully crafted database system cannot operate without human component

• Effective data administration requires both technical and managerial skills

• DA must set data administration goals• DBA is focal point for data/user interaction• Need for diverse mix of skills

The Database Environment’s Human Component


The DBA’s Managerial Role

• DBA responsible for:– Coordinating, monitoring, allocating resources

• Resources include people and data– Defining goals and formulating strategic plans

• Interacts with end user by providing data and information

• Enforces policies, standards, procedures• Manages security, privacy, integrity• Ensures data can be fully recovered• Ensures data distributed appropriately


The DBA’s Technical Role

• Evaluates, selects, and installs DBMS and related utilities

• Designs and implements databases and applications

• Tests and evaluates databases and applications

• Operates DBMS, utilities, and applications• Trains and supports users• Maintains DBMS, utilities, and applications


Security

• Securing data entails securing overall information system architecture

• Confidentiality: data protected against unauthorized access

• Integrity: keep data consistent and free of errors or anomalies

• Availability: accessibility of data by authorized users for authorized purposes


Security Policies

• Database security officer secures the system and the data– Works with the database administrator

• Security policy: collection of standards, policies, procedures to guarantee security– Ensures auditing and compliance

• Security audit process identifies security vulnerabilities– Identifies measures to protect the system

Policies, standards, and procedures• Policies

– All users must have passwords.– Passwords must be changed every six months.

• Standards– A password must have a minimum of five characters.– A password must have a maximum of 12 characters.– Social Security numbers, names, and birth dates cannot be used as

passwords.• Procedures

– To create a password, • (1) the end user sends to the DBA a written request for the creation of an

account; • (2) the DBA approves the request and forwards it to the computer

operator;• (3) the computer operator creates the account, assigns a temporary

password, and sends the account information to the end user; • (4) a copy of the account information is sent to the DBA; and • (5) the user changes the temporary password to a permanent one.


Security Vulnerabilities

• Security vulnerability: weakness in a system component– Could allow unauthorized access or cause service

disruptions

• Security threat: imminent security violation– Could occur at any time due to unchecked security

vulnerability.

• Security breach yields a database whose integrity is:• Preserved: unauthorized and unnoticed access, does not disrupt the

database, Action is required to avoid the repetition of similar security problems

• Corrupted: access by computer viruses and by hackers whose actions are intended to destroy or alter data

Wed 17-7 Security vulnerability

• technical (such as a flaw in the operating system or Web browser),

• managerial (for example, not educating users about critical security issues),

• cultural (hiding passwords under the keyboard or not shredding confidential reports),

• procedural (not requiring complex passwords or not checking user IDs)


In general, cross-site scripting refers to that hacking technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.


Sun 21-7 Database Security

• Refers to the use of DBMS features and other measures to comply with security requirements

• DBA secures DBMS from installation through operation and maintenance

• Authorization management:– User access management

– View definition

– DBMS access control :restrict query and reports

– DBMS usage monitoring: audit trial logs


Database Administration Tools

• Two main types of data dictionaries:– Integrated: included in DBMS (built in)– Standalone: third party

• Active data dictionary automatically updated by the DBMS with every database access

• Passive data dictionary requires running a batch process

• Main function: store description of all objects that interact with database, and for query optimization.


Database Administration Tools

• Data dictionary that includes data external to DBMS becomes flexible tool– Enables use and allocation of all organization’s

information

• Metadata often the basis for monitoring database use– Also for assigning access rights to users

• DBA uses data dictionary to support data analysis and design

Database Administration Tools• SYSTABLES stores one row for each table or view.• SYSCOLUMNS stores one row for each column of each

table or view.

• Example 1List the names and creation dates of all tables created by the user ALI in the current database.

SELECT NAME, CTIMEFROM SYSTABLESWHERE CREATOR = ‘ALI';

• Example 2List the names of the columns for all tables created by ALI in the current database.

SELECT NAMEFROM SYSCOLUMNSWHERE TBCREATOR = “ALI';


CASE Tools• Computer-aided systems engineering

– Automated framework for SDLC– Structured methodologies and powerful

graphical interfaces• Front-end CASE tools provide support for

planning, analysis, and design phases• Back-end CASE tools provide support for

coding and implementation phases• Typical CASE tool has five components

– Graphics designed to produce structured diagrams (like DFD)– Screen painters and report generators– comprehensive data dictionary.– A program documentation generator– analysis segment: check on system consistency, syntax, and

completeness

Developing a Data Administration Strategy

• Critical step for any organization is to ensure its information system supports strategic plans for each of the company’s business areas

• Several methodologies are available to ensure the compatibility of data administration and information systems plans and to guide the strategic plan development

• Information engineering (IE) translates strategic goals into data and applications. placing the emphasis on data, IE helps decrease the impact on systems when processes change.

• Information systems architecture (ISA) is the output of IE process. serves as the basis for planning, development, and control of future information systems.

Developing a Database Administration Strategy


The DBA at Work: Using Specific DBMS for Database Administration

• Technical tasks handled by the DBA in a specific DBMS:– Creating and expanding database storage structures

– Managing database objects like tables and indexes

– Managing end-user database environment like type of DB access.

– Customizing database initialization parameters

• All DBMS vendors provide programs to perform database administrative tasks


Creating Tablespaces and Datafiles

• Database composed of one or more tablespaces• Tablespace is a logical storage space

– Physically stored in one or more datafiles

• Datafile physically stores the database’s data– Each datafile can reside in a different directory on

the hard disk

• Database has 1:M relationship with tablespaces• Tablespace has 1:M relationship with datafiles


Managing the Database Objects

• Database object: any object created by end users• Schema: logical section of the database that

belongs to a given user– Schema identified by a username

– Within the schema, users create their own tables and other objects

• Normally, users authorized to access only the objects that belong to their own schemas

• Database instance: separate location in memory reserved to run the database

- May have several databases running in memory at the same time


Managing Users and Establishing Security

• User: uniquely identifiable object– Allows a given person to log on to the database

• Role: a named collection of database access privileges– Authorizes a user to connect to the database

and use system resources

• Profile: named collection of settings– Controls how much of a resource a given user

can use


Customizing the Database Initialization Parameters

• Fine-tuning requires modification of database configuration parameters– Some are changed in real time using SQL

– Some affect database instance

– Others affect entire RDBMS and all instances

• Initialization parameters reserve resources used by the database at run time

• After modifying parameters, may need to restart the database

database systems: design, implementation, and management eighth edition chapter 15 database...

Documents

database systems

database security

database administration

crafted database system

data duplication

th edition

security slide

department data management