4 data and database administration part1
TRANSCRIPT
© 2009 Pearson Education, Inc. Publishing as Prentice Hall 1
Chapter 13: Data and Database
AdministrationModern Database Management
9th EditionJeffrey A. Hoffer, Mary B. Prescott,
Heikki Topi
Chapter 132
Traditional Administration DefinitionsData Administration: A high-level
function that is responsible for the overall management of data resources in an organization, including maintaining corporate-wide definitions and standards
Database Administration: A technical function that is responsible for physical database design and for dealing with technical issues such as security enforcement, database performance, and backup and recovery
Chapter 133
Traditional Data Administration FunctionsData policies, procedures, standardsPlanningData conflict (ownership) resolutionManaging the information repository
Chapter 134
Traditional Database Administration FunctionsSelection of DBMS and software toolsInstalling/upgrading DBMSTuning database performanceImproving query processing performanceManaging data security, privacy, and integrityData backup and recovery
Chapter 135
Evolving Approaches to Data AdministrationBlend data and database administration into one
roleFast-track development–monitoring development
process (planning, analysis, design, implementation, maintenance)
Procedural DBAs–managing quality of triggers and stored procedures
eDBA–managing Internet-enabled database applications
PDA DBA–data synchronization and personal database management
Data warehouse administration
Chapter 136
Data Warehouse AdministrationNew role, coming with the growth in data
warehousesSimilar to DA/DBA rolesEmphasis on integration and coordination
of metadata/data across many data sourcesSpecific roles:
Support DSS applicationsManage data warehouse growthEstablish service level agreements
regarding data warehouses and data marts
Chapter 137
Figure 13-2 Data modeling responsibilities
Chapter 138
Database SecurityDatabase Security: Protection of the data against accidental or intentional loss, destruction, or misuse
Increased difficulty due to Internet access and client/server technologies
Chapter 139
Figure 13-3 Possible locations of data security threats
Chapter 1310
Threats to Data SecurityAccidental losses attributable to:
Human errorSoftware failureHardware failure
Theft and fraudImproper data access:
Loss of privacy (personal data)Loss of confidentiality (corporate data)
Loss of data integrityLoss of availability (through, e.g. sabotage)
Chapter 1311
Figure 13-4 Establishing Internet Security
Chapter 1312
Web SecurityStatic HTML files are easy to secure
Standard database access controlsPlace Web files in protected directories on
serverDynamic pages are harder
Control of CGI scriptsUser authenticationSession securitySSL for encryptionRestrict number of users and open portsRemove unnecessary programs
Chapter 1313
Database Software Security Features
• Views or subschemas• Integrity controls• Authorization rules• User-defined procedures• Encryption• Authentication schemes• Backup, journalizing, and checkpointing
Chapter 1314
Views and Integrity ControlsViews
Subset of the database that is presented to one or more users
User can be given access privilege to view without allowing access privilege to underlying tables
Integrity ControlsProtect data from unauthorized useDomains–set allowable valuesAssertions–enforce database conditions
Chapter 1315
Authorization RulesControls incorporated in the data
management systemRestrict:
access to dataactions that people can take on data
Authorization matrix for:SubjectsObjectsActionsConstraints
Chapter 1316
Figure 13-5 Authorization matrix
Chapter 1317
Some DBMSs also provide capabilities for user-defined procedures to customize the authorization process
Figure 13-6a Authorization table for subjects (salespeople)
Figure 13-6b Authorization table for objects (orders)
Figure 13-7 Oracle privileges
Implementing authorization rules
Chapter 1318
Encryption – the coding or scrambling of data so that humans cannot read them
Secure Sockets Layer (SSL) is a popular encryption scheme for TCP/IP connections
Figure 13-8 Basic two-key encryption
Chapter 1319
Authentication SchemesGoal – obtain a positive identification of
the userPasswords: First line of defense
Should be at least 8 characters longShould combine alphabetic and numeric
dataShould not be complete words or personal
informationShould be changed frequently
Chapter 1320
Authentication Schemes (cont.)Strong Authentication
Passwords are flawed: Users share them with each other They get written down, could be copied Automatic logon scripts remove need to explicitly type them in Unencrypted passwords travel the Internet
Possible solutions:Two factor–e.g. smart card plus PINThree factor–e.g. smart card, biometric, PINBiometric devices–use of fingerprints, retinal scans,
etc. for positive IDThird-party mediated authentication–using secret
keys, digital certificates
Chapter 1321
Security Policies and ProceduresPersonnel controls
Hiring practices, employee monitoring, security training
Physical access controlsEquipment locking, check-out procedures,
screen placementMaintenance controls
Maintenance agreements, access to source code, quality and availability standards
Data privacy controlsAdherence to privacy legislation, access rules
Chapter 1322
Database Recovery Mechanism for restoring a database
quickly and accurately after loss or damage
Recovery facilities:• Backup Facilities• Journalizing Facilities• Checkpoint Facility• Recovery Manager
Chapter 1323
Back-up FacilitiesAutomatic dump facility that produces
backup copy of the entire databasePeriodic backup (e.g. nightly, weekly)Cold backup–database is shut down during
backupHot backup–selected portion is shut down
and backed up at a given timeBackups stored in secure, off-site location
Chapter 1324
Journalizing FacilitiesAudit trail of transactions and database
updatesTransaction log–record of essential data
for each transaction processed against the database
Database change log–images of updated dataBefore-image–copy before modificationAfter-image–copy after modification
Produces an audit trail
Chapter 1325
Figure 13-9 Database audit trail
From the backup and logs, databases can be restored in case of damage or loss
Chapter 1326
Checkpoint FacilitiesDBMS periodically refuses to accept new
transactions system is in a quiet stateDatabase and transaction logs are
synchronized
This allows recovery manager to resume processing from short period, instead of repeating entire day
Chapter 1327
Recovery and Restart Procedures
Disk Mirroring–switch between identical copies of databases
Restore/Rerun–reprocess transactions against the backup
Transaction Integrity–commit or abort all transaction changes
Backward Recovery (Rollback)–apply before images
Forward Recovery (Roll Forward)–apply after images (preferable to restore/rerun)