Scribd
Upload
57 views65 pages

Database Administration: (Lesson 9)

Uploaded by

AbdulSamad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
57 views65 pages

Database Administration: (Lesson 9)

Uploaded by

AbdulSamad
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 65

DATABASE ADMINISTRATION

Copyright © 2020, Victorian Institute of Technology.


The contents contained in this document may not be reproduced in any form or by any means, without the written permission of VIT,
Total Slides: 58
other than for the purpose for which it has been supplied. VIT and its logo are trademarks of Victorian Institute of Technology.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 1


Topics

• Data Security and Control


• SQL for Security and Control
• GRANT
• DENY
• REVOKE
• Data Integrity, Sharing & Recovery
• Using EM for Administering Databases
• Using Server Management Studio to Create New Login
• Levels of Security
• Objects’ Permission in Databases
• Administering Users’ Rights
MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 2
Data Security and Control

• Data is an important asset to the company.


– There are many cases where a company’s down fall is resulted from a loss
of data
• All Enterprise databases requires some form of security.
– Security ensures that unauthorized users should not have access to data
– This will reduce the probability of misuse of data and improve data integrity.
• However, there are many users that requires access to the database.
– Users requires different parts of the database for different functional
reasons. (For example the Accounting department requires the sales figures
to generate Revenue report while the Operational department requires the
operational cost figures to generate Expenditure Reports.)
– These users’ access to the databases in the SQL Server system should
therefore differ among each other so that users’ access privileges does not
exceed their needs to the data available.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 3


Data Security and Control (Cont…)

• Database Administration is therefore required to enforce


data security and maintain data usability.
– Administration allows the balance between maintaining user needs
versus enforcing tight security over company’s data.
– Administration involves creating users with rights or permissions to
various database objects.
• SQL can be used in Administering Databases:
– SQL can be used to restrict a user's ability to retrieve, add, modify
and delete data, hence protecting data from unauthorized access.
• Using DCL (Data control language) commands such as GRANT,
DENY and REVOKE to user privileges on database objects.
• Using system stored procedures in MS SQL Server such as
sp_addrolememeber.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 4


SQL for Security and Control

• Security and Access Control :


– Commands used by SQL Server:
• GRANT
• REVOKE
• DENY

– Based on three central objects:


• Users
• Database objects
• Privileges

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 5


GRANT

• Function of the GRANT command:


– Specify privileges for users on database objects
– Example

Privileges

GRANT SELECT, INSERT


ON Student Database object
TO Karen
User

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 6


DENY

• Function of the DENY command :


– Deny privileges for users on database objects
– Example

Privileges

DENY SELECT, INSERT


ON Student Database object
TO Karen
User

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 7


REVOKE

• Function of the REVOKE command :


– Remove Grant or Deny statements on users for database objects
– Example
REVOKE SELECT, INSERT
ON Student
TO Karen

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 8


Data Integrity, Sharing & Recovery

• All Enterprise databases are utilized by many users across the


organization.
– There are times when databases are used by two or users concurrently.
– This may led to many data integrity problems resulting from concurrent
users.
• SQL enforces Data integrity and maintaining sharing and recovery
– DDL defines integrity constraints in the database, protecting it from
corruption due to inconsistent updates or systems failure.
– DCL is used to coordinate data sharing by concurrent users, ensuring that
they do not interfere with one another.
• DCL used for enforcing Data integrity in MS SQL Server includes:
– BEGIN TRAN, SAVE TRAN
– ROLLBACK / COMMIT

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 9


Using EM for Administering Databases

• Apart from using SQL command, MS SQL Server Studio


can be used for administering databases.
– In fact, it is used for administering MS SQL Server instead of using
SQL commands.

• Logins are first created followed by users and Roles.


– Logins will first be created to gain access to the server system.
– Users and Roles will then be assigned to the LoginID.
– However, In the example that follows, we will only create a Login and
user without assigning any roles or permissions.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 10


Using Server Management Studio to
Create New Login
• A New Login (and User) can be created from the Server
Management Studio as follows:
– Step A: Open your Management Studio

Select Security
lowed by Logins
ode in the 2. Right click
onsole Tree and select New
Login

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 11


Using Server Management Studio to
Create New Login (Cont…)
– Step B: A dialog box for MS SQL Server Login Properties - New
Login appears as follows:
2. Select SQL Server
Authentication and insert
“password” as Password

1. Type
“NorthwindEmployee” in the
Name TextBox

3. Click on the Database


DropDown Combo and
Select northwind
database.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 12


Using Server Management Studio to
Create New Login (Cont…)
– Step C: Click on User Mapping:

1. Click on the User


Mapping

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 13


Using Server Management Studio to
Create New Login (Cont…)
– Step D: The dialog box appears as follows:

1. Check on the
Northwind Database
Access Tab to add a
new user to the Dafesty
database.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 14


Using Server Management Studio to
Create New Login (Cont…)
– Step E: The dialog box should be changed as follows:

Note that you have added a


new user in the Northwind
database.

1. Click on Server
Role Tab

Notice that you are given


“Public” Database Role for the
Northwind Database

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 15


Using Server Management Studio to
Create New Login (Cont…)
– Step F: The dialog box should appear as follows:

DO NOT check any of these


Note You can assign a
roles because normal users
Server Role to this User if
(ie NorthwindEmployee)
required.
should not have such roles.

1. Click on the OK Button

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 16


Using Server Management Studio to
Create New Login (Cont…)
– Last Step: The SQL Server Management is added with a new Login
as follows:
– CLOSE the Server Management Studio.

Notice that the new user


is added in the View
Pane

NOTE: To Edit the User rights, right click on the


user and select Properties from the Pop up menu
(Left)
OR
Double Click on the User (ie
NorthwindEmployee)
MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 17
Levels of Security

• In general, there are various levels of security applied to


users of objects (such as Tables, Views, etc) in databases:
– Referential Integrity access.
– Read access (ie SELECT)
– Execute Store Procedures access (ie EXECUTE…)
– Append access (ie INSERT… INTO…)
– Modify access (ie UPDATE … SET…)
– Remove access (ie DELETE…)
– Complete access

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 18


Objects’ Permission in Databases

• Under MS SQL Server, the various levels of security can be


translated into six independent object permissions.
• These permissions can be granted to users as follows:
– SELECT: Allows users to view the object’s record (i.e data)
– INSERT: Allows users to insert data in the object
– UPDATE: Allows users to update data in the object
– DELETE: Allows users to delete date in the object
– EXECUTE: Allow users to execute stored procedures. (that may
affect one or many objects)
– DRI (Direct Referential Integrity): Allow users to insert records to a
table which has a foreign key constraint referencing another table
(that the users does not have SELECT permission)
• Users can be granted any of the various permissions (from
none to all)
MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 19
Administering Users’ Rights

• To demonstrate various users’ Permission, try the following:


– Step A: Open Management Studio with the login we created
“NorthwindEmployee”:

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 20


Administering Users’ Rights (Cont…)

– Step B: Insert the following command as shown:

1. Type the Following command:


SELECT * FROM Customers

2. The Query Analyzer will throw an Error Message


as follows: “SELECT permission denied …..”

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 21


Administering Users’ Rights (Cont…)

– Step C: In order to allow NorthwindEmployee to query the table, user


permission to the table object must be adjusted. User permission to
a specific Database object can be adjusted in the Management
Studio as follows (Before that you have to login with administration
login):
2. Right Click on the
Customers Table in
and Select
“Properties”
OR
Just Double click on
the Customers Table

1. Select Nothwind
followed by Tables
node in the
Console Tree

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 22


Administering Users’ Rights (Cont…)

– Step D: A dialog box for the Customers’ Table Properties appears as


follows:
1. Click on the
Permissions…Button

1. Click on the
Search…Button

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 23


Administering Users’ Rights (Cont…)

– Step E: A dialog box for Select Users appears as follows:

1. Click on the
Browse…Button

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 24


Administering Users’ Rights (Cont…)

– Step F: A dialog box for Select Users appears as follows:

1. Check
NorthwindEmployee and
click OK.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 25


Administering Users’ Rights (Cont…)

– Step G: A dialog box for the Object Properties on Customer Table


appears as follows. Note DafestyEmployee (as a user) is not granted
or denied any permissions.

1. Check on Checkboxes for


NorthwindEmployee under
Select Row.

1. Click Ok.
MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 26
Administering Users’ Rights (Cont…)

– Step H: Disconnect with administration login and connect with


NorthwindEmployee login and execute the SQL Select statement.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 27


Administering Users’ Rights (Cont…)

– Step I: Next, use Update command:

The Query Analyzer will throw an Error Message


as follows: “UPDATE permission denied …..”

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 28


Administering Users’ Rights (Cont…)

– Step J: Do the same step, as it was done for select statement. Give
permission for Update command to NorthwindEmployee user by
login in with administration rights and try to execute it.

Check the update


permission

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 29


Administering Users’ Rights (Cont…)

• Step K: Now execute the same update query by login in


again with NorthwindEmployee user.

Update query will


successfully
executed

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 30


Administering Users’ Rights (Cont…)

• Notice that whenever an object permission (such as


SELECT, INSERT, UPDATE,..etc) was not given (i.e
Granted) to the user, he cannot perform that function on the
database object (i.e SELECT in the Customer Table)
• Effectively, object permissions for each user can be granted
or denied via each Table’s object properties window in the
EM.
– Note that a much finer administration can be performed by restricting
users’ permission on tables columns instead of just the whole table.
– For example, a user can be restricted from getting information from
certain columns (eg. PhoneNumber column) instead of the whole
table (Customers table)
• Apart from granting object permissions for each table, users
can be granted permission to various database objects via
MITS4003
database
[Lesson 9]
user properties.
Copyright © 2020 VIT, All Rights Reserved 31
Administering Users’ Rights (Cont…)

• The user rights FOR ANY DATABASE(instead of just one)


can be adjusted as follows:
– Step A: Select Security followed by Logins in the Console Tree

1. Select northwind
followed by Users
node in the
Console Tree

2. Right Click on
NorthwindEmployee in the
View Pane and Select
“Properties”
OR
Double Click on the
DafestyEmployee

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 32


Administering Users’ Rights (Cont…)

– Step B: A dialog box for the Database Users appears and then select
Securables option. Select Search button:

Select Search button

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 33


Administering Users’ Rights (Cont…)

– Step C: A dialog box appears as follow:

Select All objects of


the types

Click OK

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 34


Administering Users’ Rights (Cont…)

– Step D: A dialog box appears as follow:

Select appropriate
object type (here we
have select tables)

Click OK

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 35


Administering Users’ Rights (Cont…)

– Step E: A dialog box appears as follow:

Check permission for


all tables and press
Ok

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 36


DISK STORAGE, BASIC FILE STRUCTURES
AND INDEXING

Total Slides: 58
Copyright © 2020, Victorian Institute of Technology.
The contents contained in this document may not be reproduced in any form or by any means, without the written permission of VIT,
other than for the purpose for which it has been supplied. VIT and its logo are trademarks of Victorian Institute of Technology.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 37


Topics

• Disk Storage Devices


• Records
• Blocking
• Files of Records
• Unordered Files
• Ordered Files
• Average Access Times
• Indexes as Access Paths
• Types of Single-Level Indexes
• Properties of Index Types
• Multi-Level Indexes
MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 38
Disk Storage Devices

• Preferred secondary storage device for high storage


capacity and low cost.
• Data stored as magnetized areas on magnetic disk
surfaces.
• A disk pack contains several magnetic disks connected to a
rotating spindle.
• Disks are divided into concentric circular tracks on each
disk surface.
– Track capacities vary typically from 4 to 50 Kbytes or more

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 39


Disk Storage Devices (Cont.)

• A track is divided into smaller blocks or sectors


– because it usually contains a large amount of information
• The division of a track into sectors is hard-coded on the
disk surface and cannot be changed.
– One type of sector organization calls a portion of a track that subtends a fixed angle
at the center as a sector.

• A track is divided into blocks.


– The block size B is fixed for each system.
• Typical block sizes range from B=512 bytes to B=4096 bytes.
– Whole blocks are transferred between disk and main memory for processing.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 40


Disk Storage Devices (Cont.)

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 41


Disk Storage Devices (Cont.)

• A read-write head moves to the track that contains the


block to be transferred.
– Disk rotation moves the block under the read-write head for reading
or writing.
• A physical disk block (hardware) address consists of:
– a cylinder number (imaginary collection of tracks of same radius
from all recorded surfaces)
– the track number or surface number (within the cylinder)
– and block number (within track).
• Reading or writing a disk block is time consuming because
of the seek time s and rotational delay (latency) rd.
• Double buffering can be used to speed up the transfer of
contiguous disk blocks.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 42


Disk Storage Devices (Cont.)

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 43


Records

• Fixed and variable length records


• Records contain fields which have values of a particular
type
– E.g., amount, date, time, age
• Fields themselves may be fixed length or variable length
• Variable length fields can be mixed into one record:
– Separator characters or length fields are needed so that the record
can be “parsed.”

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 44


Blocking

• Blocking:
– Refers to storing a number of records in one block on the disk.
• Blocking factor (bfr) refers to the number of records per
block.
• There may be empty space in a block if an integral number
of records do not fit in one block.
• Spanned Records:
– Refers to records that exceed the size of one or more blocks and
hence span a number of blocks.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 45


Files of Records

• A file is a sequence of records, where each record is a


collection of data values (or data items).
• A file descriptor (or file header) includes information that
describes the file, such as the field names and their data
types, and the addresses of the file blocks on disk.
• Records are stored on disk blocks.
• The blocking factor bfr for a file is the (average) number of
file records stored in a disk block.
• A file can have fixed-length records or variable-length
records.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 46


Files of Records (Cont.)

• File records can be unspanned or spanned


– Unspanned: no record can span two blocks
– Spanned: a record can be stored in more than one block

• The physical disk blocks that are allocated to hold the


records of a file can be contiguous, linked, or indexed.
• In a file of fixed-length records, all records have the same
format. Usually, unspanned blocking is used with such files.
• Files of variable-length records require additional
information to be stored in each record, such as separator
characters and field types.
– Usually spanned blocking is used with such files.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 47


Unordered Files

• Also called a heap or a pile file.


• New records are inserted at the end of the file.
• A linear search through the file records is necessary to
search for a record.
– This requires reading and searching half the file blocks on the
average, and is hence quite expensive.
• Record insertion is quite efficient.
• Reading the records in order of a particular field requires
sorting the file records.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 48


Ordered Files

• Also called a sequential file.


• File records are kept sorted by the values of an ordering
field.
• Insertion is expensive: records must be inserted in the
correct order.
– It is common to keep a separate unordered overflow (or transaction)
file for new records to improve insertion efficiency; this is periodically
merged with the main ordered file.
• A binary search can be used to search for a record on its
ordering field value.
– This requires reading and searching log2 of the file blocks on the
average, an improvement over linear search.
• Reading the records in order of the ordering field is quite
efficient.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 49


Average Access Times

• The following table shows the average access time to


access a specific record for a given type of file.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 50


Indexes as Access Paths

• A single-level index is an auxiliary file that makes it more


efficient to search for a record in the data file.
• The index is usually specified on one field of the file
(although it could be specified on several fields)
• One form of an index is a file of entries <field value,
pointer to record>, which is ordered by field value
• The index is called an access path on the field.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 51


Indexes as Access Paths (Cont.)

• The index file usually occupies considerably less disk blocks


than the data file because its entries are much smaller
• A binary search on the index yields a pointer to the file
record
• Indexes can also be characterized as dense or sparse
– A dense index has an index entry for every search key value (and hence every
record) in the data file.
– A sparse (or nondense) index, on the other hand, has index entries for only some
of the search values

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 52


Indexes as Access Paths (Cont.)

• Example: Given the following data file EMPLOYEE(NAME,


SSN, ADDRESS, JOB, SAL, ... )
• Suppose that:
– record size R=150 bytes block size B=512 bytes r=30000 records
• Then, we get:
– blocking factor Bfr= B div R= 512 div 150= 3 records/block
– number of file blocks b= (r/Bfr)= (30000/3)= 10000 blocks
• For an index on the SSN field, assume the field size
VSSN=9 bytes, assume the record pointer size PR=7 bytes.
Then:
– index entry size RI=(VSSN+ PR)=(9+7)=16 bytes
– index blocking factor BfrI= B div RI= 512 div 16= 32 entries/block
– number of index blocks b= (r/ BfrI)= (30000/32)= 938 blocks
– binary search needs log2bI= log2938= 10 block accesses
– This is compared to an average linear search cost of: (b/2)= 30000/2= 15000
block accesses
– If the file records are ordered, the binary search cost would be:
– log2b= log230000= 15 block accesses
MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 53
Types of Single-Level Indexes

• Primary Index
– Defined on an ordered data file
– The data file is ordered on a key field
– Includes one index entry for each block in the data file; the index
entry has the key field value for the first record in the block, which is
called the block anchor.
– A similar scheme can use the last record in a block.
– A primary index is a non dense (sparse) index, since it includes an
entry for each disk block of the data file and the keys of its anchor
record rather than for every search value.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 54


Primary Index on the Ordering Key Field

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 55


Types of Single-Level Indexes

• Clustering Index
– Defined on an ordered data file.
– The data file is ordered on a non-key field unlike primary index,
which requires that the ordering field of the data file have a distinct
value for each record.
– Includes one index entry for each distinct value of the field; the index
entry points to the first data block that contains records with that field
value.
– It is another example of non dense index where Insertion and
Deletion is relatively straight forward with a clustering index.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 56


A Clustering Index Example

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 57


Types of Single-Level Indexes

• Secondary Index
– A secondary index provides a secondary means of accessing a file
for which some primary access already exists.
– The secondary index may be on a field which is a candidate key and
has a unique value in every record, or a non-key with duplicate
values.
– The index is an ordered file with two fields.
• The first field is of the same data type as some non-ordering
field of the data file that is an indexing field.
• The second field is either a block pointer or a record pointer.
• There can be many secondary indexes (and hence, indexing
fields) for the same file.
– Includes one entry for each record in the data file; hence, it is a
dense index

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 58


Example of a Dense Secondary Index

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 59


Example of a Secondary Index

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 60


Properties of Index Types

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 61


Multi-Level Indexes

• Because a single-level index is an ordered file, we can


create a primary index to the index itself;
– In this case, the original index file is called the first-level index and the index to the
index is called the second-level index.

• We can repeat the process, creating a third, fourth, ..., top


level until all entries of the top level fit in one disk block.
• A multi-level index can be created for any type of first-level
index (primary, secondary, clustering) as long as the first-
level index consists of more than one disk block.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 62


A Two-Level Primary Index

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 63


Multi-Level Indexes

• Such a multi-level index is a form of search tree


– However, insertion and deletion of new index entries is a severe
problem because every level of the index is an ordered file.

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 64


Summary

• Revision of Key Concepts

• Questions and Answer

MITS4003 [Lesson 9] Copyright © 2020 VIT, All Rights Reserved 65

You might also like