7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

1/10

Module 6: Data Protection

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

2/10

Overview

What does Data Protection include?Using locking modes to achieve concurrency andconsistency

Protecting data from unauthorized users and authorized

users who are trying to update the same datasimultaneously

Implementing database security features to protect thedatabase, database objects and data

Using auditing features to monitor database activity

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

3/10

Concurrency and Consistency

Isolation Levels and Concurrency Issues

Concurrency and consistency are mutually opposing goals

Oracle supports Read Committed and Serializable isolation levels

Achieves other levels through Row Versioning

SQL Server Removes Writers Blocking Readers ReadersBlocking Writers with Snapshot Isolation

SQL Server Supports all Four Isolation levels

Isolation Table Dirty ReadNon-Repeatable

ReadPhantom Read

Read Uncommitted Possible Possible Possible

Read Committed Not Possible Possible Possible

Repeatable Read Not Possible Not Possible Possible

Serializable Not Possible Not Possible Not Possible

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

4/10

Locking

Locking granularity

SQL Server supports lock escalation

Explicit locking can be achieved by using lock hints inBoth DBMS

OracleLocking

SQL ServerLocking

Table Level

Row level (default)

Table

Partition

Page

Row (default)

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

5/10

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

6/10

Database Security

Security is implemented in both DBMSs using logins andprivileges

Users can be classified as:

Schema owners (SQL Server database object owners)

Application users

Administrative users

User authentication can be achieved through theoperating system login or database login or contained

databaseSQL Server security depends on Windows security forfeatures such as password expiration

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

7/10

Privileges and Roles

Oracle and SQL Server both contain: System-level privileges to perform actions against any object in the

database

Object-level privileges to perform actions against specific schemaobjects

Roles Group

System-level and object-level privileges

SQL Server fixed and user-defined roles : Server andDatabase

Application roles in SQL Server

Implemented using application logic

Password protected

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

8/10

Demonstration: SQL Server Instance Security

Demonstration:

SQL Server Instance Security

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

9/10

Auditing

Auditing facilitates database activity monitoringMonitoring

statements, privileges, or objects

Oracle audit key DDL and DML statements.

SQL Server all actions (DDL and DML) are auditable.SQL Server Profiler offers various events that can beused for auditing. DDL triggers and even notificationscan aid in auditing

SQL Server server-level auditing is available in alleditions, provides T-SQL stack frame info, and moreresilient.

SQL Server supports user-defined audit group and auditfiltering

7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf

10/10

Review

We defined concurrency and consistency and saw thechallenges they offer

We learned how concurrency and consistency can bebalanced by use of isolation levels implemented using

lock modesWe learned about login and authentication at thedatabase system level and database level, the varioussystem and object level privileges and privilegemanagement using roles

We learned the basics of auditing functionality in SQLServer as compared to Oracle