Database administration security and integrity
TechvantoAcademy
8 views
50 slides
Oct 25, 2025
Slide 1 of 50
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
About This Presentation
Database administration security and integrity
Slide Content
IS 257 - Fall 2006 2006.10.24- SLIDE 1
Database Administration: Security
and Integrity
University of California, Berkeley
School of Information
IS 257: Database Management
Database Administration: Security
and Integrity
University of California, Berkeley
School of Information
IS 257: Database Management
IS 257 - Fall 2006 2006.10.24- SLIDE 2
Security and Integrity Functions in Database
Administration
•Review
–MySQL Intro
•Data Integrity
•Security Management
•Backup and Recovery
Security and Integrity Functions in Database
Administration
•Review
–MySQL Intro
•Data Integrity
•Security Management
•Backup and Recovery
IS 257 - Fall 2006 2006.10.24- SLIDE 3
Security and Integrity Functions in Database
Administration
•Review
–MySQL Intro
•Data Integrity
•Security Management
•Backup and Recovery
Security and Integrity Functions in Database
Administration
•Review
–MySQL Intro
•Data Integrity
•Security Management
•Backup and Recovery
IS 257 - Fall 2006 2006.10.24- SLIDE 4
MySQL
•The tag-line at http://www.mysql.com is
–The world's most popular open source database
•It is true, it is the most widely used open source
database system with users and uses that range from
individuals to major corporations and includes…
–Evite
–Friend Finder Network
–Friendster
–Google (not for search though )
–PriceGrabber.com
–Ticketmaster
– Yahoo!
–The US Census bureau
–and many, many others
MySQL
•The tag-line at http://www.mysql.com is
–The world's most popular open source database
•It is true, it is the most widely used open source
database system with users and uses that range from
individuals to major corporations and includes…
–Evite
–Friend Finder Network
–Friendster
–Google (not for search though )
–PriceGrabber.com
–Ticketmaster
– Yahoo!
–The US Census bureau
–and many, many others
IS 257 - Fall 2006 2006.10.24- SLIDE 5
MySQL myths
•The MySQL.com web site contains a list of
common myths and misconceptions about
MySQL and refutes them:
–MYTH: MySQL is a new, untested database
management system
–MYTH: MySQL doesn’t support transactions like other
proprietary database engines (it is supposed to be in
the version we use here)
–MYTH: MySQL is only for small, departmental, or
web-based applications
–MYTH: MySQL doesn’t offer enterprise-class features
–MYTH: MySQL doesn’t have the type of support large
corporations need
–MYTH: MySQL isn’t open source any more
MySQL myths
•The MySQL.com web site contains a list of
common myths and misconceptions about
MySQL and refutes them:
–MYTH: MySQL is a new, untested database
management system
–MYTH: MySQL doesn’t support transactions like other
proprietary database engines (it is supposed to be in
the version we use here)
–MYTH: MySQL is only for small, departmental, or
web-based applications
–MYTH: MySQL doesn’t offer enterprise-class features
–MYTH: MySQL doesn’t have the type of support large
corporations need
–MYTH: MySQL isn’t open source any more
IS 257 - Fall 2006 2006.10.24- SLIDE 6
MySQL documentation
•MySQL is available for download from
MySQL.com
•In addition that site has complete online
documentation for the MySQL system and
for the mysql client program in their
‘Developer Zone’
–The online manuals are quite readable and
have lot of examples to help you
MySQL documentation
•MySQL is available for download from
MySQL.com
•In addition that site has complete online
documentation for the MySQL system and
for the mysql client program in their
‘Developer Zone’
–The online manuals are quite readable and
have lot of examples to help you
IS 257 - Fall 2006 2006.10.24- SLIDE 7
MySQL Data Types
•MySQL supports all of the standard SQL numeric data
types. These types include the exact numeric data types
(INTEGER, SMALLINT, DECIMAL, and NUMERIC), as
well as the approximate numeric data types (FLOAT,
REAL, and DOUBLE PRECISION). The keyword INT is
a synonym for INTEGER, and the keyword DEC is a
synonym for DECIMAL
•Numeric (can also be declared as UNSIGNED)
–TINYINT (1 byte)
–SMALLINT (2 bytes)
–MEDIUMINT (3 bytes)
–INT (4 bytes)
–BIGINT (8 bytes)
–NUMERIC or DECIMAL
–FLOAT
–DOUBLE (or DOUBLE PRECISION)
MySQL Data Types
•MySQL supports all of the standard SQL numeric data
types. These types include the exact numeric data types
(INTEGER, SMALLINT, DECIMAL, and NUMERIC), as
well as the approximate numeric data types (FLOAT,
REAL, and DOUBLE PRECISION). The keyword INT is
a synonym for INTEGER, and the keyword DEC is a
synonym for DECIMAL
•Numeric (can also be declared as UNSIGNED)
–TINYINT (1 byte)
–SMALLINT (2 bytes)
–MEDIUMINT (3 bytes)
–INT (4 bytes)
–BIGINT (8 bytes)
–NUMERIC or DECIMAL
–FLOAT
–DOUBLE (or DOUBLE PRECISION)
IS 257 - Fall 2006 2006.10.24- SLIDE 8
MySQL Data Types
•The date and time types for representing
temporal values are DATETIME, DATE,
TIMESTAMP, TIME, and YEAR. Each temporal
type has a range of legal values, as well as a
“zero” value that is used when you specify an
illegal value that MySQL cannot represent
–DATETIME '0000-00-00 00:00:00'
–DATE '0000-00-00'
–TIMESTAMP (4.1 and up) '0000-00-00 00:00:00'
–TIMESTAMP (before 4.1) 00000000000000
–TIME '00:00:00'
–YEAR 0000
MySQL Data Types
•The date and time types for representing
temporal values are DATETIME, DATE,
TIMESTAMP, TIME, and YEAR. Each temporal
type has a range of legal values, as well as a
“zero” value that is used when you specify an
illegal value that MySQL cannot represent
–DATETIME '0000-00-00 00:00:00'
–DATE '0000-00-00'
–TIMESTAMP (4.1 and up) '0000-00-00 00:00:00'
–TIMESTAMP (before 4.1) 00000000000000
–TIME '00:00:00'
–YEAR 0000
IS 257 - Fall 2006 2006.10.24- SLIDE 9
MySQL Data Types
•The string types are CHAR, VARCHAR,
BINARY, VARBINARY, BLOB, TEXT, ENUM,
and SET
•Maximum length for CHAR and VARCHAR is
255
•For longer things there is BLOB and TEXT
Value CHAR(4)StorageVARCHAR(4)Storage
"" " " 4"" 1
"ab" "ab " 4"ab" 3
"abcd""abcd" 4"abcd" 5
"abcdefg""abcd" 4"abcd" 5
MySQL Data Types
•The string types are CHAR, VARCHAR,
BINARY, VARBINARY, BLOB, TEXT, ENUM,
and SET
•Maximum length for CHAR and VARCHAR is
255
•For longer things there is BLOB and TEXT
Value CHAR(4)StorageVARCHAR(4)Storage
"" " " 4"" 1
"ab" "ab " 4"ab" 3
"abcd""abcd" 4"abcd" 5
"abcdefg""abcd" 4"abcd" 5
IS 257 - Fall 2006 2006.10.24- SLIDE 10
MySQL Data Types
•A BLOB is a binary large object that can hold a
variable amount of data.
•The four BLOB types are TINYBLOB, BLOB,
MEDIUMBLOB, and LONGBLOB. These differ
only in the maximum length of the values they
can hold
•The four TEXT types are TINYTEXT, TEXT,
MEDIUMTEXT, and LONGTEXT. These
correspond to the four BLOB types and have the
same maximum lengths and storage
requirements
•TINY=1byte, BLOB and TEXT=2bytes,
MEDIUM=3bytes, LONG=4bytes
MySQL Data Types
•A BLOB is a binary large object that can hold a
variable amount of data.
•The four BLOB types are TINYBLOB, BLOB,
MEDIUMBLOB, and LONGBLOB. These differ
only in the maximum length of the values they
can hold
•The four TEXT types are TINYTEXT, TEXT,
MEDIUMTEXT, and LONGTEXT. These
correspond to the four BLOB types and have the
same maximum lengths and storage
requirements
•TINY=1byte, BLOB and TEXT=2bytes,
MEDIUM=3bytes, LONG=4bytes
IS 257 - Fall 2006 2006.10.24- SLIDE 11
MySQL Data Types
•BINARY and VARBINARY are like CHAR and
VARCHAR but are intended for binary data of 255 bytes
or less
•ENUM is a list of values that are stored as their
addresses in the list
–For example, a column specified as ENUM('one', 'two', 'three')
can have any of the values shown here. The index of each value
is also shown:
•Value = Index
•NULL = NULL
•‘’ = 0
•'one’ = 1
•‘two’ = 2
•‘three’ = 3
–An enumeration can have a maximum of 65,535 elements.
MySQL Data Types
•BINARY and VARBINARY are like CHAR and
VARCHAR but are intended for binary data of 255 bytes
or less
•ENUM is a list of values that are stored as their
addresses in the list
–For example, a column specified as ENUM('one', 'two', 'three')
can have any of the values shown here. The index of each value
is also shown:
•Value = Index
•NULL = NULL
•‘’ = 0
•'one’ = 1
•‘two’ = 2
•‘three’ = 3
–An enumeration can have a maximum of 65,535 elements.
IS 257 - Fall 2006 2006.10.24- SLIDE 12
MySQL Data Types
•The final string type (for this version) is a SET
•A SET is a string object that can have zero or more
values, each of which must be chosen from a list of
allowed values specified when the table is created.
•SET column values that consist of multiple set members
are specified with members separated by commas (‘,’)
•For example, a column specified as SET('one', 'two')
NOT NULL can have any of these values:
–''
–'one'
–'two'
–'one,two‘
•A set can have up to 64 member values and is stored as
an 8byte number
MySQL Data Types
•The final string type (for this version) is a SET
•A SET is a string object that can have zero or more
values, each of which must be chosen from a list of
allowed values specified when the table is created.
•SET column values that consist of multiple set members
are specified with members separated by commas (‘,’)
•For example, a column specified as SET('one', 'two')
NOT NULL can have any of these values:
–''
–'one'
–'two'
–'one,two‘
•A set can have up to 64 member values and is stored as
an 8byte number
IS 257 - Fall 2006 2006.10.24- SLIDE 13
MySQL Demo
•MySQL is on Dream, like ORACLE
•Setup via My.SIMS
•Unix command for interactive use is
‘mysql’ which needs to include ‘-p’ to be
prompted for the password, and optionally
includes your database name, e.g.:
–mysql ray –p
•Note that the version on Dream is not the
latest – it is currently V. 3.23.58, latest is
5.1
MySQL Demo
•MySQL is on Dream, like ORACLE
•Setup via My.SIMS
•Unix command for interactive use is
‘mysql’ which needs to include ‘-p’ to be
prompted for the password, and optionally
includes your database name, e.g.:
–mysql ray –p
•Note that the version on Dream is not the
latest – it is currently V. 3.23.58, latest is
5.1
IS 257 - Fall 2006 2006.10.24- SLIDE 14
MySQL Demo
•Since we ran out of time last week we will
look at MySQL online today
MySQL Demo
•Since we ran out of time last week we will
look at MySQL online today
IS 257 - Fall 2006 2006.10.24- SLIDE 15
Security and Integrity Functions in Database
Administration
•Data Integrity (review)
•Security Management
•Backup and Recovery
Security and Integrity Functions in Database
Administration
•Data Integrity (review)
•Security Management
•Backup and Recovery
IS 257 - Fall 2006 2006.10.24- SLIDE 16
Data Integrity
•Intrarecord integrity (enforcing constraints
on contents of fields, etc.)
•Referential Integrity (enforcing the validity
of references between records in the
database)
•Concurrency control (ensuring the validity
of database updates in a shared multiuser
environment)
Data Integrity
•Intrarecord integrity (enforcing constraints
on contents of fields, etc.)
•Referential Integrity (enforcing the validity
of references between records in the
database)
•Concurrency control (ensuring the validity
of database updates in a shared multiuser
environment)
IS 257 - Fall 2006 2006.10.24- SLIDE 17
Integrity Constraints (review)
•The constraints we wish to impose in order
to protect the database from becoming
inconsistent.
•Five types
–Required data
–attribute domain constraints
–entity integrity
–referential integrity
–enterprise constraints
Integrity Constraints (review)
•The constraints we wish to impose in order
to protect the database from becoming
inconsistent.
•Five types
–Required data
–attribute domain constraints
–entity integrity
–referential integrity
–enterprise constraints
IS 257 - Fall 2006 2006.10.24- SLIDE 18
Required Data
•Some attributes must always contain a
value -- they cannot have a NULL value
•For example:
–Every employee must have a job title.
–Every diveshop diveitem must have an order
number and an item number
Required Data
•Some attributes must always contain a
value -- they cannot have a NULL value
•For example:
–Every employee must have a job title.
–Every diveshop diveitem must have an order
number and an item number
IS 257 - Fall 2006 2006.10.24- SLIDE 19
Attribute Domain Constraints
•Every attribute has a domain, that is a set
of values that are legal for it to use
•For example:
–The domain of sex in the employee relation is
“M” or “F”
•Domain ranges can be used to validate
input to the database
Attribute Domain Constraints
•Every attribute has a domain, that is a set
of values that are legal for it to use
•For example:
–The domain of sex in the employee relation is
“M” or “F”
•Domain ranges can be used to validate
input to the database
IS 257 - Fall 2006 2006.10.24- SLIDE 20
Entity Integrity
•The primary key of any entity:
–Must be Unique
–Cannot be NULL
Entity Integrity
•The primary key of any entity:
–Must be Unique
–Cannot be NULL
IS 257 - Fall 2006 2006.10.24- SLIDE 21
Referential Integrity
•A “foreign key” links each occurrence in a
relation representing a child entity to the
occurrence of the parent entity containing the
matching candidate (usually primary) key
•Referential Integrity means that if the foreign key
contains a value, that value must refer to an
existing occurrence in the parent entity
•For example:
–Since the Order ID in the diveitem relation refers to a
particular diveords item, that item must exist for
referential integrity to be satisfied.
Referential Integrity
•A “foreign key” links each occurrence in a
relation representing a child entity to the
occurrence of the parent entity containing the
matching candidate (usually primary) key
•Referential Integrity means that if the foreign key
contains a value, that value must refer to an
existing occurrence in the parent entity
•For example:
–Since the Order ID in the diveitem relation refers to a
particular diveords item, that item must exist for
referential integrity to be satisfied.
IS 257 - Fall 2006 2006.10.24- SLIDE 22
Referential Integrity
•Referential integrity options are declared
when tables are defined (in most systems)
•There are many issues having to do with
how particular referential integrity
constraints are to be implemented to deal
with insertions and deletions of data from
the parent and child tables.
Referential Integrity
•Referential integrity options are declared
when tables are defined (in most systems)
•There are many issues having to do with
how particular referential integrity
constraints are to be implemented to deal
with insertions and deletions of data from
the parent and child tables.
IS 257 - Fall 2006 2006.10.24- SLIDE 23
Insertion rules
•A row should not be inserted in the
referencing (child) table unless there
already exists a matching entry in the
referenced table
•Inserting into the parent table should not
cause referential integrity problems
•Sometimes a special NULL value may be
used to create child entries without a
parent or with a “dummy” parent
Insertion rules
•A row should not be inserted in the
referencing (child) table unless there
already exists a matching entry in the
referenced table
•Inserting into the parent table should not
cause referential integrity problems
•Sometimes a special NULL value may be
used to create child entries without a
parent or with a “dummy” parent
IS 257 - Fall 2006 2006.10.24- SLIDE 24
Deletion rules
•A row should not be deleted from the
referenced table (parent) if there are
matching rows in the referencing table
(child)
•Three ways to handle this
–Restrict -- disallow the delete
–Nullify -- reset the foreign keys in the child to
some NULL or dummy value
–Cascade -- Delete all rows in the child where
there is a foreign key matching the key in the
parent row being deleted
Deletion rules
•A row should not be deleted from the
referenced table (parent) if there are
matching rows in the referencing table
(child)
•Three ways to handle this
–Restrict -- disallow the delete
–Nullify -- reset the foreign keys in the child to
some NULL or dummy value
–Cascade -- Delete all rows in the child where
there is a foreign key matching the key in the
parent row being deleted
IS 257 - Fall 2006 2006.10.24- SLIDE 25
Referential Integrity
•This can be implemented using external
programs that access the database
•newer databases implement executable
rules or built-in integrity constraints (e.g.
Access and Oracle)
Referential Integrity
•This can be implemented using external
programs that access the database
•newer databases implement executable
rules or built-in integrity constraints (e.g.
Access and Oracle)
IS 257 - Fall 2006 2006.10.24- SLIDE 26
Enterprise Constraints
•These are business rule that may affect
the database and the data in it
–for example, if a manager is only permitted to
manage 10 employees then it would violate
an enterprise constraint to manage more
Enterprise Constraints
•These are business rule that may affect
the database and the data in it
–for example, if a manager is only permitted to
manage 10 employees then it would violate
an enterprise constraint to manage more
IS 257 - Fall 2006 2006.10.24- SLIDE 27
Data and Domain Integrity
•This is now increasing handled by the database.
In Oracle, for example, when defining a table
you can specify:
•CREATE TABLE table-name (
attr2 attr-type NOT NULL, forbids NULL values
attrN attr-type CHECK (attrN = UPPER(attrN)
verifies that the data meets certain criteria
attrO attr-type DEFAULT default_value);
Supplies default values
Data and Domain Integrity
•This is now increasing handled by the database.
In Oracle, for example, when defining a table
you can specify:
•CREATE TABLE table-name (
attr2 attr-type NOT NULL, forbids NULL values
attrN attr-type CHECK (attrN = UPPER(attrN)
verifies that the data meets certain criteria
attrO attr-type DEFAULT default_value);
Supplies default values
IS 257 - Fall 2006 2006.10.24- SLIDE 28
Referential Integrity
•Ensures that dependent relationships in
the data are maintained. In Oracle, for
example:
•CREATE TABLE table-name (
attr1 attr-type PRIMARY KEY,
attr2 attr-type NOT NULL,
…, attrM attr-type REFERENCES
owner.tablename(attrname) ON DELETE
CASCADE, …
Referential Integrity
•Ensures that dependent relationships in
the data are maintained. In Oracle, for
example:
•CREATE TABLE table-name (
attr1 attr-type PRIMARY KEY,
attr2 attr-type NOT NULL,
…, attrM attr-type REFERENCES
owner.tablename(attrname) ON DELETE
CASCADE, …
IS 257 - Fall 2006 2006.10.24- SLIDE 29
Concurrency Control
•The goal is to support access by multiple
users to the same data, at the same time
•It must assure that the transactions are
serializable and that they are isolated
•It is intended to handle several problems
in an uncontrolled system
•Specifically:
–Lost updates
–Inconsistent data states during access
–Uncompleted (or committed) changes to data
Concurrency Control
•The goal is to support access by multiple
users to the same data, at the same time
•It must assure that the transactions are
serializable and that they are isolated
•It is intended to handle several problems
in an uncontrolled system
•Specifically:
–Lost updates
–Inconsistent data states during access
–Uncompleted (or committed) changes to data
IS 257 - Fall 2006 2006.10.24- SLIDE 30
No Concurrency Control: Lost updates
•Read account
balance (balance =
$1000)
•Withdraw $200
(balance = $800)
•Write account
balance (balance =
$800)
•Read account balance
(balance = $1000)
•Withdraw $300
(balance = $700)
•Write account balance
(balance = $700)
John Marsha
ERROR!
No Concurrency Control: Lost updates
•Read account
balance (balance =
$1000)
•Withdraw $200
(balance = $800)
•Write account
balance (balance =
$800)
•Read account balance
(balance = $1000)
•Withdraw $300
(balance = $700)
•Write account balance
(balance = $700)
John Marsha
ERROR!
IS 257 - Fall 2006 2006.10.24- SLIDE 31
Concurrency Control: Locking
•Locking levels
–Database
–Table
–Block or page
–Record
–Field
•Types
–Shared (S locks)
–Exclusive (X locks)
Concurrency Control: Locking
•Locking levels
–Database
–Table
–Block or page
–Record
–Field
•Types
–Shared (S locks)
–Exclusive (X locks)
IS 257 - Fall 2006 2006.10.24- SLIDE 32
Concurrency Control: Updates with X locking
•Lock account balance
•Read account balance
(balance = $1000)
•Withdraw $200 (balance
= $800)
•Write account balance
(balance = $800)
•Unlock account balance
•Read account balance
(DENIED)
•Lock account balance
•Read account balance
(balance = $800)
•etc...
John Marsha
Concurrency Control: Updates with X locking
•Lock account balance
•Read account balance
(balance = $1000)
•Withdraw $200 (balance
= $800)
•Write account balance
(balance = $800)
•Unlock account balance
•Read account balance
(DENIED)
•Lock account balance
•Read account balance
(balance = $800)
•etc...
John Marsha
IS 257 - Fall 2006 2006.10.24- SLIDE 33
Concurrency Control: Deadlocks
•Place S lock
•Read account
balance (balance =
$1000)
•Request X lock
(denied)
•wait ...
•Place S lock
•Read account balance
(balance = $1000)
•Request X lock
(denied)
•wait...
John Marsha
Deadlock!
Concurrency Control: Deadlocks
•Place S lock
•Read account
balance (balance =
$1000)
•Request X lock
(denied)
•wait ...
•Place S lock
•Read account balance
(balance = $1000)
•Request X lock
(denied)
•wait...
John Marsha
Deadlock!
IS 257 - Fall 2006 2006.10.24- SLIDE 34
Concurrency Control
•Avoiding deadlocks by maintaining tables of
potential deadlocks and “backing out” one side
of a conflicting transaction
•Normally strict Two-Phase locking (TPL or 2PL)
is used. It has the characteristics that
–Strict 2PL prevents transactions from reading
uncommitted data, overwriting uncommitted data, and
unrepeatable reads
–It prevents cascading rollbacks (i.e. having to roll back
multiple transactions), since eXclusive locks (for write
privileges) must be held until a transaction commits
Concurrency Control
•Avoiding deadlocks by maintaining tables of
potential deadlocks and “backing out” one side
of a conflicting transaction
•Normally strict Two-Phase locking (TPL or 2PL)
is used. It has the characteristics that
–Strict 2PL prevents transactions from reading
uncommitted data, overwriting uncommitted data, and
unrepeatable reads
–It prevents cascading rollbacks (i.e. having to roll back
multiple transactions), since eXclusive locks (for write
privileges) must be held until a transaction commits
IS 257 - Fall 2006 2006.10.24- SLIDE 35
Transaction Control in ORACLE
•Transactions are sequences of SQL statements
that ORACLE treats as a unit
–From the user’s point of view a private copy of the
database is created for the duration of the transaction
•Transactions are started with SET
TRANSACTION, followed by the SQL statements
•Any changes made by the SQL are made
permanent by COMMIT
•Part or all of a transaction can be undone using
ROLLBACK
Transaction Control in ORACLE
•Transactions are sequences of SQL statements
that ORACLE treats as a unit
–From the user’s point of view a private copy of the
database is created for the duration of the transaction
•Transactions are started with SET
TRANSACTION, followed by the SQL statements
•Any changes made by the SQL are made
permanent by COMMIT
•Part or all of a transaction can be undone using
ROLLBACK
IS 257 - Fall 2006 2006.10.24- SLIDE 36
Transactions in ORACLE
•COMMIT; (I.e., confirm previous transaction)
•SET TRANSACTION READ ONLY;
•SELECT NAME, ADDRESS FROM WORKERS;
•SELECT MANAGER, ADDRESS FROM
PLACES;
•COMMIT;
•Freezes the data for the user in both tables before either
select retrieves any rows, so that changes that occur
concurrently will not show up
•Commits before and after ensure any uncompleted
transactions are finish, and then release the frozen data
when done
Transactions in ORACLE
•COMMIT; (I.e., confirm previous transaction)
•SET TRANSACTION READ ONLY;
•SELECT NAME, ADDRESS FROM WORKERS;
•SELECT MANAGER, ADDRESS FROM
PLACES;
•COMMIT;
•Freezes the data for the user in both tables before either
select retrieves any rows, so that changes that occur
concurrently will not show up
•Commits before and after ensure any uncompleted
transactions are finish, and then release the frozen data
when done
IS 257 - Fall 2006 2006.10.24- SLIDE 37
Transactions in ORACLE
•Savepoints are places in a transaction that you
may ROLLBACK to (called checkpoints in other
DBMS)
–SET TRANACTION…;
–SAVEPOINT ALPHA;
–SQL STATEMENTS…
–IF (CONDITION) THEN ROLLBACK TO SAVEPOINT
ALPHA;
–SAVEPOINT BETA;
–SQL STATEMENTS…
–IF …;
–COMMIT;
Transactions in ORACLE
•Savepoints are places in a transaction that you
may ROLLBACK to (called checkpoints in other
DBMS)
–SET TRANACTION…;
–SAVEPOINT ALPHA;
–SQL STATEMENTS…
–IF (CONDITION) THEN ROLLBACK TO SAVEPOINT
ALPHA;
–SAVEPOINT BETA;
–SQL STATEMENTS…
–IF …;
–COMMIT;
IS 257 - Fall 2006 2006.10.24- SLIDE 38
Security and Integrity Functions in Database
Administration
•Data Integrity
•Security Management
•Backup and Recovery
Security and Integrity Functions in Database
Administration
•Data Integrity
•Security Management
•Backup and Recovery
IS 257 - Fall 2006 2006.10.24- SLIDE 39
Database Security
•Views or restricted subschemas
•Authorization rules to identify users and the
actions they can perform
•User-defined procedures (with rule systems or
triggers) to define additional constraints or
limitations in using the database
•Encryption to encode sensitive data
•Authentication schemes to positively identify a
person attempting to gain access to the
database
Database Security
•Views or restricted subschemas
•Authorization rules to identify users and the
actions they can perform
•User-defined procedures (with rule systems or
triggers) to define additional constraints or
limitations in using the database
•Encryption to encode sensitive data
•Authentication schemes to positively identify a
person attempting to gain access to the
database
IS 257 - Fall 2006 2006.10.24- SLIDE 40
Views
•A subset of the database presented to
some set of users
–SQL:
CREATE VIEW viewname AS SELECT
field1, field2, field3,…, FROM table1, table2
WHERE <where clause>;
–Note: “queries” in Access function as views
Views
•A subset of the database presented to
some set of users
–SQL:
CREATE VIEW viewname AS SELECT
field1, field2, field3,…, FROM table1, table2
WHERE <where clause>;
–Note: “queries” in Access function as views
IS 257 - Fall 2006 2006.10.24- SLIDE 41
Restricted Views
•Main relation has the form:
Name
C_name Dept C_deptProf C_profTC
J Smith S Dept1S CryptographyTS TS
M Doe U Dept2S IT Security S S
R Jones U Dept3U Secretary U U
U = unclassified : S = Secret : TS = Top Secret
Restricted Views
•Main relation has the form:
Name
C_name Dept C_deptProf C_profTC
J Smith S Dept1S CryptographyTS TS
M Doe U Dept2S IT Security S S
R Jones U Dept3U Secretary U U
U = unclassified : S = Secret : TS = Top Secret
IS 257 - Fall 2006 2006.10.24- SLIDE 42
Restricted Views
NAME Dept Prof
J Smith Dept1 ---
M Doe Dept2 IT Security
R Jones Dept3 Secretary
NAME Dept Prof
M Doe --- ---
R Jones Dept3 Secretary
S-view of the data
U-view of the data
Restricted Views
NAME Dept Prof
J Smith Dept1 ---
M Doe Dept2 IT Security
R Jones Dept3 Secretary
NAME Dept Prof
M Doe --- ---
R Jones Dept3 Secretary
S-view of the data
U-view of the data
IS 257 - Fall 2006 2006.10.24- SLIDE 43
Authorization Rules
•Most current DBMS permit the DBA to
define “access permissions” on a table by
table basis (at least) using the GRANT
and REVOKE SQL commands
•Some systems permit finer grained
authorization (most use GRANT and
REVOKE on variant views
Authorization Rules
•Most current DBMS permit the DBA to
define “access permissions” on a table by
table basis (at least) using the GRANT
and REVOKE SQL commands
•Some systems permit finer grained
authorization (most use GRANT and
REVOKE on variant views
IS 257 - Fall 2006 2006.10.24- SLIDE 44
Security and Integrity Functions in Database
Administration
•Data Integrity
•Security Management
•Backup and Recovery
Security and Integrity Functions in Database
Administration
•Data Integrity
•Security Management
•Backup and Recovery
IS 257 - Fall 2006 2006.10.24- SLIDE 45
Database Backup and Recovery
•Backup
•Journaling (audit trail)
•Checkpoint facility
•Recovery manager
Database Backup and Recovery
•Backup
•Journaling (audit trail)
•Checkpoint facility
•Recovery manager
IS 257 - Fall 2006 2006.10.24- SLIDE 46
Disaster Recovery Planning
Testing and
Training
Procedures
Development
Budget &
Implement
Plan
Maintenance
Recovery
Strategies
Risk
Analysis
From Toigo “Disaster Recovery Planning”
Disaster Recovery Planning
Testing and
Training
Procedures
Development
Budget &
Implement
Plan
Maintenance
Recovery
Strategies
Risk
Analysis
From Toigo “Disaster Recovery Planning”
IS 257 - Fall 2006 2006.10.24- SLIDE 47
Threats to Assets and Functions
•Water
•Fire
•Power Failure
•Mechanical breakdown or software failure
•Accidental or deliberate destruction of
hardware or software
–By hackers, disgruntled employees, industrial
saboteurs, terrorists, or others
Threats to Assets and Functions
•Water
•Fire
•Power Failure
•Mechanical breakdown or software failure
•Accidental or deliberate destruction of
hardware or software
–By hackers, disgruntled employees, industrial
saboteurs, terrorists, or others
IS 257 - Fall 2006 2006.10.24- SLIDE 48
Threats
•Between 1967 and 1978 fire and water
damage accounted for 62% of all data
processing disasters in the U.S.
•The water damage was sometimes
caused by fighting fires
•More recently improvements in fire
suppression (e.g., Halon) for DP centers
has meant that water is the primary
danger to DP centers
Threats
•Between 1967 and 1978 fire and water
damage accounted for 62% of all data
processing disasters in the U.S.
•The water damage was sometimes
caused by fighting fires
•More recently improvements in fire
suppression (e.g., Halon) for DP centers
has meant that water is the primary
danger to DP centers
IS 257 - Fall 2006 2006.10.24- SLIDE 49
Kinds of Records
•Class I: VITAL
–Essential, irreplaceable or necessary to recovery
•Class II: IMPORTANT
–Essential or important, but reproducible with difficulty
or at extra expense
•Class III: USEFUL
–Records whose loss would be inconvenient, but which
are replaceable
•Class IV: NONESSENTIAL
–Records which upon examination are found to be no
longer necessary
Kinds of Records
•Class I: VITAL
–Essential, irreplaceable or necessary to recovery
•Class II: IMPORTANT
–Essential or important, but reproducible with difficulty
or at extra expense
•Class III: USEFUL
–Records whose loss would be inconvenient, but which
are replaceable
•Class IV: NONESSENTIAL
–Records which upon examination are found to be no
longer necessary
IS 257 - Fall 2006 2006.10.24- SLIDE 50
Offsite Storage of Data
•Early offsite storage facilities were often
intended to survive atomic explosions
•PRISM International directory
–PRISM = Professional Records and
Information Services Management
–http://www.prismintl.org/
•Mirror sites (Hot sites)
Offsite Storage of Data
•Early offsite storage facilities were often
intended to survive atomic explosions
•PRISM International directory
–PRISM = Professional Records and
Information Services Management
–http://www.prismintl.org/
•Mirror sites (Hot sites)
Tags
Categories
TechnologyDownload
Download Slideshow Get the original presentation fileQuick Actions
Statistics
- Views 8
- Slides 50
- Age 38 days
Related Slideshows
11
8-top-ai-courses-for-customer-support-representatives-in-2025.pptx
JeroenErne2
45 views
10
7-essential-ai-courses-for-call-center-supervisors-in-2025.pptx
JeroenErne2
45 views
13
25-essential-ai-courses-for-user-support-specialists-in-2025.pptx
JeroenErne2
36 views
11
8-essential-ai-courses-for-insurance-customer-service-representatives-in-2025.pptx
JeroenErne2
33 views
21
Know for Certain
DaveSinNM
19 views
17
PPT OPD LES 3ertt4t4tqqqe23e3e3rq2qq232.pptx
novasedanayoga46
24 views