m_06_1.00 data protection with demos and labs.pdf
TRANSCRIPT
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
1/10
Module 6: Data Protection
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
2/10
Overview
What does Data Protection include?Using locking modes to achieve concurrency andconsistency
Protecting data from unauthorized users and authorized
users who are trying to update the same datasimultaneously
Implementing database security features to protect thedatabase, database objects and data
Using auditing features to monitor database activity
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
3/10
Concurrency and Consistency
Isolation Levels and Concurrency Issues
Concurrency and consistency are mutually opposing goals
Oracle supports Read Committed and Serializable isolation levels
Achieves other levels through Row Versioning
SQL Server Removes Writers Blocking Readers ReadersBlocking Writers with Snapshot Isolation
SQL Server Supports all Four Isolation levels
Isolation Table Dirty ReadNon-Repeatable
ReadPhantom Read
Read Uncommitted Possible Possible Possible
Read Committed Not Possible Possible Possible
Repeatable Read Not Possible Not Possible Possible
Serializable Not Possible Not Possible Not Possible
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
4/10
Locking
Locking granularity
SQL Server supports lock escalation
Explicit locking can be achieved by using lock hints inBoth DBMS
OracleLocking
SQL ServerLocking
Table Level
Row level (default)
Table
Partition
Page
Row (default)
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
5/10
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
6/10
Database Security
Security is implemented in both DBMSs using logins andprivileges
Users can be classified as:
Schema owners (SQL Server database object owners)
Application users
Administrative users
User authentication can be achieved through theoperating system login or database login or contained
databaseSQL Server security depends on Windows security forfeatures such as password expiration
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
7/10
Privileges and Roles
Oracle and SQL Server both contain: System-level privileges to perform actions against any object in the
database
Object-level privileges to perform actions against specific schemaobjects
Roles Group
System-level and object-level privileges
SQL Server fixed and user-defined roles : Server andDatabase
Application roles in SQL Server
Implemented using application logic
Password protected
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
8/10
Demonstration: SQL Server Instance Security
Demonstration:
SQL Server Instance Security
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
9/10
Auditing
Auditing facilitates database activity monitoringMonitoring
statements, privileges, or objects
Oracle audit key DDL and DML statements.
SQL Server all actions (DDL and DML) are auditable.SQL Server Profiler offers various events that can beused for auditing. DDL triggers and even notificationscan aid in auditing
SQL Server server-level auditing is available in alleditions, provides T-SQL stack frame info, and moreresilient.
SQL Server supports user-defined audit group and auditfiltering
-
7/27/2019 M_06_1.00 Data Protection with Demos and Labs.pdf
10/10
Review
We defined concurrency and consistency and saw thechallenges they offer
We learned how concurrency and consistency can bebalanced by use of isolation levels implemented using
lock modesWe learned about login and authentication at thedatabase system level and database level, the varioussystem and object level privileges and privilegemanagement using roles
We learned the basics of auditing functionality in SQLServer as compared to Oracle