+ All Categories
Home > Documents > Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

Date post: 01-Jan-2016
Category:
Upload: dulcie-daniels
View: 223 times
Download: 0 times
Share this document with a friend
32
1 Jerry Post Copyright © 1998 Database Management Database Management Systems Systems Chapter 10 Database Administration
Transcript
Page 1: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

1

Jerry PostCopyright © 1998

Database Management Database Management SystemsSystems

Chapter 10

Database Administration

Page 2: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

2

DDAATTAABBAASSEE

Data Administration

Data and information are valuable assets.

Data is used at many business levels Operations and transactions. Tactical management. Strategic management.

There are many databases and applications in an organization.

Someone has to be responsible for organizing, controlling, and sharing data. Data Administrator (DA)

Business Operations

TacticalManagement

StrategicManagement

EIS

ESD

SSTr

ansa

ctio

n

Proc

essi

ng

Proc

ess

Con

trol

Page 3: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

3

DDAATTAABBAASSEE

Data Administrator (DA)

Provide centralized control over the data. Data definition.

Format Naming convention

Data integration. Selection of DBMS.

Act as data and database advocate. Application ideas. Decision support. Strategic uses.

Coordinate data integrity, security, and control.

Page 4: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

4

DDAATTAABBAASSEE

Database Administrator (DBA)

Install and upgrade DBMS. Create user accounts and

monitor security. In charge of backup and

recovery of the database. Monitor and tune the

database performance. Coordinate with DBMS

vendor and plan for changes.

Maintain DBMS-specific information for developers.

Page 5: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

5

DDAATTAABBAASSEE

DBA Tools:Visual Tools

Page 6: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

6

DDAATTAABBAASSEE

Microsoft Access

Page 7: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

7

DDAATTAABBAASSEE

DBA Tools: Performance Monitors

Page 8: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

8

DDAATTAABBAASSEE

Microsoft Access: Analyze PerformanceTools

AnalyzePerformance

Page 9: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

9

DDAATTAABBAASSEE

Database Administration Planning

Determine hardware and software needs.

DesignEstimate space requirements, estimate performance.

Implementation Install software, create databases, transfer data.

OperationMonitor performance, backup and recovery.

Growth and ChangeMonitor and forecast storage needs.

SecurityCreate user accounts, monitor changes.

Page 10: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

10

DDAATTAABBAASSEE

Database Planning

EstimationData storage requirementsTime to developCost to developOperations costs

Page 11: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

11

DDAATTAABBAASSEE

Managing Database Design Teamwork

Data standardsData repositoryReusable objectsCASE toolsNetworks / communication

Subdividing projectsDelivering in stages

User needs / prioritiesVersion upgrades

Normalization by user viewsDistribute individual sectionsCombine sections

Assign forms and reports

Page 12: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

12

DDAATTAABBAASSEE

Database Implementation

Standards for application programming.User interface.Programming standards.

Layout and techniques.Variable & object definition.

Test procedures.

Data access and ownership. Loading databases. Backup and recovery plans. User and operator training.

Page 13: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

13

DDAATTAABBAASSEE

Database Operation and Maintenance Monitoring usage

Size and growthPerformance / delaysSecurity logsUser problems

Backup and recovery User support

Help deskTraining classes

Page 14: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

14

DDAATTAABBAASSEE

Database Growth and Change Detect need for change

Size and speedStructures / design

Requests for additional data.Difficulties with queries.

Usage patternsForecasts

Delays in implementing changesTime to recognize needs.Time to get agreement and approval.Time to install new hardware.Time to create / modify software.

Page 15: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

15

DDAATTAABBAASSEE

Backup and Recovery

Backups are crucial! Offsite storage! Scheduled backup.

Regular intervals.Record time.Track backups.

Journals / logs Checkpoint Rollback / Roll forward

OrdID Odate Amount ...192 2/2/98 252.35 …193 2/2/98 998.34 …

OrdID Odate Amount ...192 2/2/98 252.35 …193 2/2/98 998.34 …194 2/2/98 77.23 ...

OrdID Odate Amount ...192 2/2/98 252.35 …193 2/2/98 998.34 …194 2/2/98 77.23 …195 2/2/98 101.52 …

Snapshot

Changes

Journal/Log

Page 16: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

16

DDAATTAABBAASSEE

Database Security and Privacy

Physical security Protecting hardware Protecting software and

data.

Logical security Unauthorized disclosure Unauthorized modification Unauthorized withholding

Security Threats Employees / Insiders

Disgruntled employees “Terminated” employees Dial-up / home access

Programmers Time bombs Trap doors

Visitors Consultants Business partnerships

Strategic sharing EDI

Hackers--Internet

Page 17: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

17

DDAATTAABBAASSEE

Data Privacy

Who owns data?Customer rights.International complications.

Do not release data to others.Do not read data unnecessarily.Report all infractions and problems.

Page 18: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

18

DDAATTAABBAASSEE

Physical Security Hardware

Preventing problemsFire preventionSite considerationsBuilding design

Hardware backup facilities

Continuous backup (mirror sites)

Hot sitesShell sites “Sister” agreements

Telecommunication systems

Personal computers

Data and softwareBackupsOff-site backupsPersonal computers

Policies and proceduresNetwork backup

Disaster planningWrite it downTrain all new employeesTest it once a yearTelecommunications

Allowable time between disaster and business survival limits.

Page 19: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

19

DDAATTAABBAASSEE

Physical Security Provisions

Backup data. Backup hardware. Disaster planning and testing. Prevention.

Location. Fire monitoring and control. Control physical access.

Page 20: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

20

DDAATTAABBAASSEE

Managerial Controls

“Insiders” Hiring Termination Monitoring Job segmentation Physical access limitations

LocksGuards and video monitoringBadges and tracking

Consultants and Business alliances Limited data access Limited physical access Paired with employees

Page 21: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

21

DDAATTAABBAASSEE

Logical Security

Unauthorized disclosure. Unauthorized modification. Unauthorized withholding.

Disclosure example Letting a competitor see the

strategic marketing plans.

Modification example Letting employees change

their salary numbers.

Withholding example Preventing a finance officer

from retrieving data needed to get a bank loan.

Page 22: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

22

DDAATTAABBAASSEE

User Identification

User identification Accounts

Individual Groups

Passwords Do not use “real” words. Do not use personal (or pet)

names. Include non-alphabetic

characters. Use at least 6 (8)

characters. Change it often. Too many passwords!

Alternative identification Finger / hand print readers Voice Retina (blood vessel) scans DNA typing

Hardware passwords The one-minute password. Card matched to computer. Best method for open

networks / Internet.

Page 23: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

23

DDAATTAABBAASSEE

Basic Security Ideas

Limit access to hardware Physical locks. Video monitoring. Fire and environment

monitors. Employee logs / cards. Dial-back modems

Monitor usage Hardware logs. Access from network nodes. Software and data usage.

Background checks Employees Consultants

phonecompany

phonecompany

14

5

2

3

Jones 1111Smith 2222Olsen 3333Araha 4444

Dialback modem User calls modem Modem gets name, password Modem hangs up phone Modem calls back user Machine gets final password

Page 24: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

24

DDAATTAABBAASSEE

Access Controls Operating system

Access to directoriesReadView / File scanWriteCreateDelete

Access to filesReadWriteEditDelete

DBMS usually needs most of these

Assign by user or group.

DBMS access controls Read Data Update Data Insert Data Delete Data Open / Run Read Design Modify Design Administer

Owners and administrator Need separate user

identification / login to DBMS.

Page 25: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

25

DDAATTAABBAASSEE

SQL Security Commands GRANT privileges REVOKE privileges Privileges include

SELECT DELETE INSERT UPDATE

Objects include Table Table columns (SQL 92+) Query

Users include Name/Group PUBLIC

GRANT INSERTON BicycleTO OrderClerks

REVOKE DELETEON CustomerFROM Assemblers

Page 26: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

26

DDAATTAABBAASSEE

Using Queries for Control

Permissions apply to entire table or query.

Use query to grant access to part of a table.

Example Employee table Give all employees read

access to name and phone (phonebook).

Give managers read access to salary.

SQL Grant Revoke

Employee(ID, Name, Phone, Salary)

Query: PhonebookSELECT Name, PhoneFROM Employee

SecurityGrant Read access to Phonebookfor group of Employees.

Grant Read access to Employeefor group of Managers.

Revoke all access to Employeefor everyone else (except Admin).

Page 27: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

27

DDAATTAABBAASSEE

Separation of Duties

SupplierID Name…673 Acme Supply772 Basic Tools983 Common X

Supplier

OrderID SupplierID8882 7728893 6738895 009

PurchaseOrder

Referentialintegrity

Clerk must use SupplierID from the Supplier table, and cannot add a new supplier.

Purchasing manager can add new suppliers, but cannot add new orders.

Page 28: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

28

DDAATTAABBAASSEE

Securing an Access Database

Set up a secure workgroup Workgroup administrator. New system database. Set unique ID. Be sure Access uses new

workgroup.

In Access, enable security Set a password for Admin

user in Admins group. Add a new administrator

and new user. Remove the Admin user.

Open the database to be secured. Run the security wizard. Builds a new copy that is

secure with new owner.

Log on to new database. Assign user and group

access privileges. Use queries for control.

With Owner Access. With User Access (default).

Encrypt the database! Save it as an MDE file.

Page 29: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

29

DDAATTAABBAASSEE

Encryption Protection for open transmissions

Networks The Internet Weak operating systems

Single key Dual key

Protection Authentication

Trap doors / escrow keys U.S. export limits

64 bit key limit Breakable by brute force

Typical hardware:2 weeksSpecial hardware: minutes

Plain textmessage

Encryptedtext

Key: 9837362

Key: 9837362

DES

Encryptedtext

Plain textmessage

DES

Single key: e.g., DES

Page 30: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

30

DDAATTAABBAASSEE

Dual Key Encryption

Using Takao’s private key ensures it came from him. Using Makiko’s public key means only she can read it.

Makiko

TakaoPublic Keys

Makiko 29Takao 17

Private Key13

Private Key37

UseTakao’sPublic key

UseTakao’sPrivate key

Message

Message

Encrypt+T

Encrypt+T+M

Encrypt+M

UseMakiko’s

Public key

UseMakiko’s

Private key

Transmission

Page 31: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

31

DDAATTAABBAASSEE

Sally’s Pet Store: Security

ManagementSally/CEO

Sales StaffStore managerSales people

Business AlliancesAccountantAttorneySuppliersCustomers

ProductsSalesPurchasesReceive products

AnimalsSalesPurchasesAnimal Healthcare

EmployeesHiring/ReleaseHoursPay checks

AccountsPaymentsReceiptsManagement Reports

Users

Operations

Page 32: Jerry Post Copyright © 1998 1 Database Management Systems Chapter 10 Database Administration.

32

DDAATTAABBAASSEE

Sally’s Pet Store: Purchases

Purchase Query PurchaseItem QueryPurchaseMerchandiseOrder Supplier Employee City

OrderItem Merchandise

Sally/CEO W/A W/A R: ID, Name R W/A W/AStore Mgr. W/A R* R: ID, Name R A RSales people R R* R: ID, Name R R RAccountant R R* R: ID, Name R R RAttorney - - - - - -Suppliers R R* - R R RCustomers - - - - - -

*Basic Supplier data: ID, Name, Address, Phone, ZipCode, CityID

R: ReadW: WriteA: Add


Recommended