1

DDAATTAABBAASSEE

Data Administration

Data and information are valuable assets.

Data is used at many business levels Operations and transactions. Tactical management. Strategic management.

There are many databases and applications in an organization.

Someone has to be responsible for organizing, controlling, and sharing data. Data Administrator (DA)

Business Operations

TacticalManagement

StrategicManagement

EIS

ESD

SSTr

ansa

ctio

n

Proc

essi

ng

Proc

ess

Con

trol

2

DDAATTAABBAASSEE

Data Administrator (DA)

Provide centralized control over the data. Data definition.

Format Naming convention

Data integration. Selection of DBMS.

Act as data and database advocate. Application ideas. Decision support. Strategic uses.

Coordinate data integrity, security, and control.

3

DDAATTAABBAASSEE

Database Administrator (DBA)

Install and upgrade DBMS. Create user accounts and

monitor security. In charge of backup and

recovery of the database. Monitor and tune the

database performance. Coordinate with DBMS

vendor and plan for changes.

Maintain DBMS-specific information for developers.

4

DDAATTAABBAASSEE

DBA Tools: Oracle Schema Manager

5

DDAATTAABBAASSEE

DBA Tools: SQL Server Enterprise Mgr.

6

DDAATTAABBAASSEE

Microsoft Access

7

DDAATTAABBAASSEE

DBA Tools: Performance Monitors

8

DDAATTAABBAASSEE

Microsoft Access: Analyze PerformanceTools

AnalyzePerformance

9

DDAATTAABBAASSEE

SQL Server Query Analyzer

10

DDAATTAABBAASSEE

SQL Query Analyzer Detail

11

DDAATTAABBAASSEE

Oracle Query Analysis

ALTER SYSTEM SET TIMED_STATISTICS=true;ALTER SYSTEM SET USER_DUMP_DEST= ‘newdir’;ALTER SESSION SET SQL_TRACE = true;

Run your queryALTER SESSION SET SQL_TRACE = false;

EXPLAIN PLAN SET STATEMENT_ID = ‘Your title’ INTO output FOR

Your query

Requires output table be setup first.

12

DDAATTAABBAASSEE

Oracle SQL Trace

call count cpu elapsed disk query current rows----- ------ ----- ------- ----- ----- ------- ----Parse 1 0.02 0.04 0 0 0 0Execute 1 0.00 0.00 0 0 0 0Fetch 12 0.00 0.00 0 823 4 164----- ------ ----- ------- ----- ----- ------- ----total 14 0.02 0.04 0 823 4 164

Misses in library cache during parse: 1Optimizer goal: CHOOSEParsing user id: 26

Rows Row Source Operation------- --------------------------------------------- 164 NESTED LOOPS 303 NESTED LOOPS 197 TABLE ACCESS FULL SALE 498 INDEX RANGE SCAN (object id 3398) 164 TABLE ACCESS BY INDEX ROWID MERCHANDISE 604 INDEX UNIQUE SCAN (object id 3388)

13

DDAATTAABBAASSEE

Database Administration Planning

Determine hardware and software needs.

DesignEstimate space requirements, estimate performance.

Implementation Install software, create databases, transfer data.

OperationMonitor performance, backup and recovery.

Growth and ChangeMonitor and forecast storage needs.

SecurityCreate user accounts, monitor changes.

14

DDAATTAABBAASSEE

Database Planning

EstimationData storage requirementsTime to developCost to developOperations costs

15

DDAATTAABBAASSEE

Managing Database Design Teamwork

Data standardsData repositoryReusable objectsCASE toolsNetworks / communication

Subdividing projectsDelivering in stages

User needs / prioritiesVersion upgrades

Normalization by user viewsDistribute individual sectionsCombine sections

Assign forms and reports

16

DDAATTAABBAASSEE

Database Implementation

Standards for application programming.User interface.Programming standards.

Layout and techniques.Variable & object definition.

Test procedures.

Data access and ownership. Loading databases. Backup and recovery plans. User and operator training.

17

DDAATTAABBAASSEE

Database Operation and Maintenance Monitoring usage

Size and growthPerformance / delaysSecurity logsUser problems

Backup and recovery User support

Help deskTraining classes

18

DDAATTAABBAASSEE

Database Growth and Change Detect need for change

Size and speedStructures / design

Requests for additional data.Difficulties with queries.

Usage patternsForecasts

Delays in implementing changesTime to recognize needs.Time to get agreement and approval.Time to install new hardware.Time to create / modify software.

19

DDAATTAABBAASSEE

Backup and Recovery

Backups are crucial! Offsite storage! Scheduled backup.

Regular intervals.Record time.Track backups.

Journals / logs Checkpoint Rollback / Roll forward

OrdID Odate Amount ...192 2/2/01 252.35 …193 2/2/01 998.34 …

OrdID Odate Amount ...192 2/2/01 252.35 …193 2/2/01 998.34 …194 2/2/01 77.23 ...

OrdID Odate Amount ...192 2/2/01 252.35 …193 2/2/01 998.34 …194 2/2/01 77.23 …195 2/2/01 101.52 …

Snapshot

Changes

Journal/Log

20

DDAATTAABBAASSEE

Database Security and Privacy

Physical security Protecting hardware Protecting software and

data.

Logical security Unauthorized disclosure Unauthorized modification Unauthorized withholding

Security Threats Employees / Insiders

Disgruntled employees “Terminated” employees Dial-up / home access

Programmers Time bombs Trap doors

Visitors Consultants Business partnerships

Strategic sharing EDI

Hackers--Internet

21

DDAATTAABBAASSEE

Data Privacy

Who owns data?Customer rights.International complications.

Do not release data to others.Do not read data unnecessarily.Report all infractions and problems.

22

DDAATTAABBAASSEE

Physical Security Hardware

Preventing problemsFire preventionSite considerationsBuilding design

Hardware backup facilities

Continuous backup (mirror sites)

Hot sitesShell sites “Sister” agreements

Telecommunication systems

Personal computers

Data and softwareBackupsOff-site backupsPersonal computers

Policies and proceduresNetwork backup

Disaster planningWrite it downTrain all new employeesTest it once a yearTelecommunications

Allowable time between disaster and business survival limits.

23

DDAATTAABBAASSEE

Physical Security Provisions

Backup data. Backup hardware. Disaster planning and testing. Prevention.

Location. Fire monitoring and control. Control physical access.

24

DDAATTAABBAASSEE

Managerial Controls

“Insiders” Hiring Termination Monitoring Job segmentation Physical access limitations

LocksGuards and video monitoringBadges and tracking

Consultants and Business alliances Limited data access Limited physical access Paired with employees

25

DDAATTAABBAASSEE

Logical Security

Unauthorized disclosure. Unauthorized modification. Unauthorized withholding.

Disclosure example Letting a competitor see the

strategic marketing plans.

Modification example Letting employees change

their salary numbers.

Withholding example Preventing a finance officer

from retrieving data needed to get a bank loan.

26

DDAATTAABBAASSEE

User Identification

User identification Accounts

Individual Groups

Passwords Do not use “real” words. Do not use personal (or pet)

names. Include non-alphabetic

characters. Use at least 6 (8)

characters. Change it often. Too many passwords!

Alternative identification Finger / hand print readers Voice Retina (blood vessel) scans DNA typing

Hardware passwords The one-minute password. Card matched to computer. Best method for open

networks / Internet.

27

DDAATTAABBAASSEE

Basic Security Ideas

Limit access to hardware Physical locks. Video monitoring. Fire and environment

monitors. Employee logs / cards. Dial-back modems

Monitor usage Hardware logs. Access from network nodes. Software and data usage.

Background checks Employees Consultants

phonecompany

phonecompany

14

5

2

3

Jones 1111Smith 2222Olsen 3333Araha 4444

Dialback modem User calls modem Modem gets name, password Modem hangs up phone Modem calls back user Machine gets final password

28

DDAATTAABBAASSEE

Access Controls Operating system

Access to directoriesReadView / File scanWriteCreateDelete

Access to filesReadWriteEditDelete

DBMS usually needs most of these

Assign by user or group.

DBMS access controls Read Data Update Data Insert Data Delete Data Open / Run Read Design Modify Design Administer

Owners and administrator Need separate user

identification / login to DBMS.

29

DDAATTAABBAASSEE

SQL Security Commands GRANT privileges REVOKE privileges Privileges include

SELECT DELETE INSERT UPDATE

Objects include Table Table columns (SQL 92+) Query

Users include Name/Group PUBLIC

GRANT INSERTON BicycleTO OrderClerks

REVOKE DELETEON CustomerFROM Assemblers

30

DDAATTAABBAASSEE

Oracle Security Manager

31

DDAATTAABBAASSEE

SQL Server Security Manager

32

DDAATTAABBAASSEE

Using Queries for Control

Permissions apply to entire table or query.

Use query to grant access to part of a table.

Example Employee table Give all employees read

access to name and phone (phonebook).

Give managers read access to salary.

SQL Grant Revoke

Employee(ID, Name, Phone, Salary)

Query: PhonebookSELECT Name, PhoneFROM Employee

SecurityGrant Read access to Phonebookfor group of Employees.

Grant Read access to Employeefor group of Managers.

Revoke all access to Employeefor everyone else (except Admin).

33

DDAATTAABBAASSEE

Separation of Duties

SupplierID Name…673 Acme Supply772 Basic Tools983 Common X

Supplier

OrderID SupplierID8882 7728893 6738895 009

PurchaseOrder

Referentialintegrity

Clerk must use SupplierID from the Supplier table, and cannot add a new supplier.

Purchasing manager can add new suppliers, but cannot add new orders.

34

DDAATTAABBAASSEE

Securing an Access Database

Set up a secure workgroup Create a new Admin user. Enable security by setting a password Remove the original Admin user.

Run the Security Wizard in the database to be secured. Assign user and group access privileges in the new

database. Encrypt the new database. Save it as an MDE file.

35

DDAATTAABBAASSEE

Encryption Protection for open transmissions

Networks The Internet Weak operating systems

Single key Dual key

Protection Authentication

Trap doors / escrow keys U.S. export limits

64 bit key limit Breakable by brute force

Typical hardware:2 weeksSpecial hardware: minutes

Plain textmessage

Encryptedtext

Key: 9837362

Key: 9837362

DES

Encryptedtext

Plain textmessage

DES

Single key: e.g., DES

36

DDAATTAABBAASSEE

Dual Key Encryption

Using Takao’s private key ensures it came from him. Using Makiko’s public key means only she can read it.

Makiko

TakaoPublic Keys

Makiko 29Takao 17

Private Key13

Private Key37

UseTakao’sPublic key

UseTakao’sPrivate key

Message

Message

Encrypt+T

Encrypt+T+M

Encrypt+M

UseMakiko’s

Public key

UseMakiko’s

Private key

Transmission

37

DDAATTAABBAASSEE

Sally’s Pet Store: Security

ManagementSally/CEO

Sales StaffStore managerSales people

Business AlliancesAccountantAttorneySuppliersCustomers

ProductsSalesPurchasesReceive products

AnimalsSalesPurchasesAnimal Healthcare

EmployeesHiring/ReleaseHoursPay checks

AccountsPaymentsReceiptsManagement Reports

Users

Operations

38

DDAATTAABBAASSEE

Sally’s Pet Store: Purchases

Purchase Query PurchaseItem QueryPurchaseMerchandiseOrder Supplier Employee City

OrderItem Merchandise

Sally/CEO W/A W/A R: ID, Name R W/A W/AStore Mgr. W/A R* R: ID, Name R A RSales people R R* R: ID, Name R R RAccountant R R* R: ID, Name R R RAttorney - - - - - -Suppliers R R* - R R RCustomers - - - - - -

*Basic Supplier data: ID, Name, Address, Phone, ZipCode, CityID

R: ReadW: WriteA: Add