Database Management Systems Chapter 10 Database Administration Jerry
Database Management Systems Chapter 10 Database Administration Jerry Post Copyright © 1998 1
Data Administration Tactical Management DS Tr S a Pr Pro nsa oc c ct es es ion s C sin on g tro l ² There are many databases and applications in an organization. ² Someone has to be responsible for organizing, controlling, and sharing data. Strategic Management ES ª Operations and transactions. ª Tactical management. ª Strategic management. S ² Data and information are valuable assets. ² Data is used at many business levels EI D A T A B A S E Business Operations ª Data Administrator (DA) 2
D A T A B A S E Data Administrator (DA) ² Provide centralized control over the data. ª Data definition. © Format © Naming convention ª Data integration. ª Selection of DBMS. ² Act as data and database advocate. ª Application ideas. ª Decision support. ª Strategic uses. ² Coordinate data integrity, security, and control. 3
D A T A B A S E Database Administrator (DBA) ² Install and upgrade DBMS. ² Create user accounts and monitor security. ² In charge of backup and recovery of the database. ² Monitor and tune the database performance. ² Coordinate with DBMS vendor and plan for changes. ² Maintain DBMS-specific information for developers. 4
D A T A B A S E DBA Tools: Visual Tools 5
D A T A B A S E Microsoft Access 6
D A T A B A S E DBA Tools: Performance Monitors 7
D A T A B A S E Microsoft Access: Analyze Performance Tools Analyze Performance 8
D A T A B A S E Database Administration ² Planning ª Determine hardware and software needs. ² Design ª Estimate space requirements, estimate performance. ² Implementation ª Install software, create databases, transfer data. ² Operation ª Monitor performance, backup and recovery. ² Growth and Change ª Monitor and forecast storage needs. ² Security ª Create user accounts, monitor changes. 9
D A T A B A S E Database Planning ² Estimation ª Data storage requirements ª Time to develop ª Cost to develop ª Operations costs 10
D A T A B A S E Managing Database Design ² Teamwork ª Data standards ª Data repository ª Reusable objects ª CASE tools ª Networks / communication ² Subdividing projects ª Delivering in stages © User needs / priorities © Version upgrades ª Normalization by user views © Distribute individual sections © Combine sections ª Assign forms and reports 11
D A T A B A S E Database Implementation ² Standards for application programming. ª User interface. ª Programming standards. © Layout and techniques. © Variable & object definition. ª Test procedures. ² Data access and ownership. ² Loading databases. ² Backup and recovery plans. ² User and operator training. 12
D A T A B A S E Database Operation and Maintenance ² Monitoring usage ª Size and growth ª Performance / delays ª Security logs ª User problems ² Backup and recovery ² User support ª Help desk ª Training classes 13
D A T A B A S E Database Growth and Change ² Detect need for change ª Size and speed ª Structures / design © Requests for additional data. © Difficulties with queries. ª Usage patterns ª Forecasts ² Delays in implementing changes ª Time to recognize needs. ª Time to get agreement and approval. ª Time to install new hardware. ª Time to create / modify software. 14
D A T A B A S E Backup and Recovery ² Backups are crucial! ² Offsite storage! ² Scheduled backup. ª Regular intervals. ª Record time. ª Track backups. Snapshot ² Journals / logs ² Checkpoint ² Rollback / Roll forward Journal/Log Changes Ord. ID Odate Amount. . . 192 2/2/98 252. 35 … 193 2/2/98 998. 34 … Ord. ID 192 193 194 Odate Amount. . . 2/2/98 252. 35 … 2/2/98 998. 34 … 2/2/98 77. 23. . . Ord. ID 192 193 194 195 Odate Amount. . . 2/2/98 252. 35 … 2/2/98 998. 34 … 2/2/98 77. 23 … 2/2/98 101. 52 … 15
D A T A B A S E Database Security and Privacy ² Physical security ª Protecting hardware ª Protecting software and data. ² Logical security ª Unauthorized disclosure ª Unauthorized modification ª Unauthorized withholding ² Security Threats ª Employees / Insiders © Disgruntled employees © “Terminated” employees © Dial-up / home access ª Programmers © Time bombs © Trap doors ª Visitors ª Consultants ª Business partnerships © Strategic sharing © EDI ª Hackers--Internet 16
D A T A B A S E Data Privacy Who owns data? Customer rights. International complications. Do not release data to others. Do not read data unnecessarily. Report all infractions and problems. 17
D A T A B A S E ² Hardware Physical Security ª Preventing problems © Fire prevention © Site considerations © Building design ª Hardware backup facilities © Continuous backup (mirror sites) © Hot sites © Shell sites © “Sister” agreements ª Telecommunication systems ª Personal computers ² Data and software ª Backups ª Off-site backups ª Personal computers © Policies and procedures © Network backup ² Disaster planning ª Write it down ª Train all new employees ª Test it once a year ª Telecommunications ² Allowable time between disaster and business survival limits. 18
D A T A B A S E Physical Security Provisions ² ² Backup data. Backup hardware. Disaster planning and testing. Prevention. ª Location. ª Fire monitoring and control. ª Control physical access. 19
D A T A B A S E Managerial Controls ² “Insiders” ª ª ª Hiring Termination Monitoring Job segmentation Physical access limitations © Locks © Guards and video monitoring © Badges and tracking ² Consultants and Business alliances ª Limited data access ª Limited physical access ª Paired with employees 20
D A T A B A S E Logical Security ² Unauthorized disclosure. ² Unauthorized modification. ² Unauthorized withholding. ² Disclosure example ª Letting a competitor see the strategic marketing plans. ² Modification example ª Letting employees change their salary numbers. ² Withholding example ª Preventing a finance officer from retrieving data needed to get a bank loan. 21
D A T A B A S E User Identification ² User identification ² Accounts ª Individual ª Groups ² Passwords ª Do not use “real” words. ª Do not use personal (or pet) names. ª Include non-alphabetic characters. ª Use at least 6 (8) characters. ª Change it often. ª Too many passwords! ² Alternative identification ª ª Finger / hand print readers Voice Retina (blood vessel) scans DNA typing ² Hardware passwords ª The one-minute password. ª Card matched to computer. ª Best method for open networks / Internet. 22
D A T A B A S E Basic Security Ideas 3 5 ² Limit access to hardware ª Physical locks. ª Video monitoring. ª Fire and environment monitors. ª Employee logs / cards. ª Dial-back modems ² Monitor usage ª Hardware logs. ª Access from network nodes. ª Software and data usage. ² Background checks ª Employees ª Consultants 2 Jones 1111 Smith 2222 Olsen 3333 Araha 4444 phone company ² Dialback modem ª ª ª phone company 4 1 User calls modem Modem gets name, password Modem hangs up phone Modem calls back user Machine gets final password 23
D A T A B A S E Access Controls ² Operating system ª Access to directories © Read © View / File scan © Write © Create © Delete ª Access to files © Read © Write © Edit © Delete ² DBMS access controls ª ª ª ª Read Data Update Data Insert Data Delete Data Open / Run Read Design Modify Design Administer ² Owners and administrator ² Need separate user identification / login to DBMS. ª DBMS usually needs most of these ª Assign by user or group. 24
D A T A B A S E SQL Security Commands ² GRANT privileges ² REVOKE privileges ² Privileges include ª ª SELECT DELETE INSERT UPDATE ² Objects include ª Table columns (SQL 92+) ª Query GRANT INSERT ON Bicycle TO Order. Clerks REVOKE DELETE ON Customer FROM Assemblers ² Users include ª Name/Group ª PUBLIC 25
D A T A B A S E Using Queries for Control ² Permissions apply to entire table or query. ² Use query to grant access to part of a table. ² Example ª Employee table ª Give all employees read access to name and phone (phonebook). ª Give managers read access to salary. ² SQL ª Grant ª Revoke Employee(ID, Name, Phone, Salary) Query: Phonebook SELECT Name, Phone FROM Employee Security Grant Read access to Phonebook for group of Employees. Grant Read access to Employee for group of Managers. Revoke all access to Employee for everyone else (except Admin). 26
D A T A B A S E Separation of Duties Supplier. ID Name… 673 772 983 Acme Supply Basic Tools Common X Purchasing manager can add new suppliers, but cannot add new orders. Referential integrity Purchase. Order. ID Supplier. ID 8882 8893 8895 772 673 009 Clerk must use Supplier. ID from the Supplier table, and cannot add a new supplier. 27
D A T A B A S E Securing an Access Database ² Set up a secure workgroup ª ª Workgroup administrator. New system database. Set unique ID. Be sure Access uses new workgroup. ² In Access, enable security ª Set a password for Admin user in Admins group. ª Add a new administrator and new user. ª Remove the Admin user. ² Open the database to be secured. ª Run the security wizard. ª Builds a new copy that is secure with new owner. ² Log on to new database. ª Assign user and group access privileges. ª Use queries for control. © With Owner Access. © With User Access (default). ² Encrypt the database! ² Save it as an MDE file. 28
D A T A B A S E Encryption ² Protection for open transmissions Plain text message ª Networks ª The Internet ª Weak operating systems ² Single key ² Dual key ª Protection ª Authentication DES Key: 9837362 Single key: e. g. , DES Encrypted text ² Trap doors / escrow keys ² U. S. export limits ª 64 bit key limit ª Breakable by brute force © Typical hardware: 2 weeks © Special hardware: minutes Encrypted text Key: 9837362 DES Plain text message 29
D A T A B A S E Dual Key Encryption Message Transmission Message Encrypt+T+M Makiko Private Key 13 Use Makiko’s Private key Encrypt+M Encrypt+T Public Keys Makiko 29 Use Takao 17 Use Takao’s Makiko’s Public key Takao Private Key 37 Use Takao’s Private key ² Using Takao’s private key ensures it came from him. ² Using Makiko’s public key means only she can read it. 30
D A T A B A S E Sally’s Pet Store: Security Management Sally/CEO Sales Staff Store manager Sales people Business Alliances Accountant Attorney Suppliers Customers Products Sales Purchases Receive products Employees Hiring/Release Hours Pay checks Animals Sales Purchases Animal Healthcare Accounts Payments Receipts Management Reports Operations Users 31
D A T A B A S E Sally’s Pet Store: Purchases *Basic Supplier data: ID, Name, Address, Phone, Zip. Code, City. ID R: Read W: Write A: Add 32
- Slides: 32