© 2005 by Prentice Hall© 2005 by Prentice Hall 11
Chapter 12:Chapter 12: Data and Database Data and Database
AdministrationAdministration
Modern Database Modern Database ManagementManagement
77thth Edition EditionJeffrey A. Hoffer, Mary B. Prescott, Jeffrey A. Hoffer, Mary B. Prescott,
Fred R. McFaddenFred R. McFadden
22Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
ObjectivesObjectives Definition of termsDefinition of terms List functions and roles of data/database administrationList functions and roles of data/database administration Describe role of data dictionaries and information Describe role of data dictionaries and information
repositoriesrepositories Compare optimistic and pessimistic concurrency controlCompare optimistic and pessimistic concurrency control Describe problems and techniques for data securityDescribe problems and techniques for data security Describe problems and techniques for data recoveryDescribe problems and techniques for data recovery Describe database tuning issues and list areas where Describe database tuning issues and list areas where
changes can be done to tune the databasechanges can be done to tune the database Describe importance and measures of data qualityDescribe importance and measures of data quality Describe importance and measures of data availabilityDescribe importance and measures of data availability
33Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Traditional Administration Traditional Administration DefinitionsDefinitions
Data AdministrationData Administration:: A high-level function A high-level function that is responsible for the overall that is responsible for the overall management of data resources in an management of data resources in an organization, including maintaining organization, including maintaining corporate-wide definitions and standardscorporate-wide definitions and standards
Database AdministrationDatabase Administration:: A technical A technical function that is responsible for physical function that is responsible for physical database design and for dealing with database design and for dealing with technical issues such as security technical issues such as security enforcement, database performance, and enforcement, database performance, and backup and recoverybackup and recovery
44Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Traditional Data Administration Traditional Data Administration FunctionsFunctions
Data policies, procedures, standardsData policies, procedures, standards PlanningPlanning Data conflict (ownership) resolutionData conflict (ownership) resolution Internal marketing of DA conceptsInternal marketing of DA concepts Managing the data repositoryManaging the data repository
55Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Traditional Database Traditional Database Administration FunctionsAdministration Functions
Selection of hardware and softwareSelection of hardware and software Installing/upgrading DBMSInstalling/upgrading DBMS Tuning database performanceTuning database performance Improving query processing Improving query processing
performanceperformance Managing data security, privacy, and Managing data security, privacy, and
integrityintegrity Data backup and recoveryData backup and recovery
66Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Evolving Approaches to Evolving Approaches to Data AdministrationData Administration
Blend data and database administration into one Blend data and database administration into one rolerole
Fast-track development – monitoring development Fast-track development – monitoring development process (analysis, design, implementation, process (analysis, design, implementation, maintenance)maintenance)
Procedural DBAs – managing quality of triggers and Procedural DBAs – managing quality of triggers and stored proceduresstored procedures
eDBA – managing Internet-enabled database eDBA – managing Internet-enabled database applicationsapplications
PDA DBA – data synchronization and personal PDA DBA – data synchronization and personal database managementdatabase management
Data warehouse administrationData warehouse administration
77Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Data Warehouse Data Warehouse AdministrationAdministration
New role, coming with the growth in data New role, coming with the growth in data warehouseswarehouses
Similar to DA/DBA rolesSimilar to DA/DBA roles Emphasis on integration and coordination of Emphasis on integration and coordination of
metadata/data across many data sourcesmetadata/data across many data sources Specific roles:Specific roles:
Support decision–support applicationsSupport decision–support applications Manage data warehouse growthManage data warehouse growth Establish service level agreements regarding Establish service level agreements regarding
data warehouses and data martsdata warehouses and data marts
88Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Open Source DBMSsOpen Source DBMSs
An alternative to proprietary packages An alternative to proprietary packages such as Oracle, Microsoft SQL Server, such as Oracle, Microsoft SQL Server, or Microsoft Accessor Microsoft Access
mySQL is an example of open-source mySQL is an example of open-source DBMSDBMS
Less expensive than proprietary Less expensive than proprietary packagespackages
Source code available, for modificationSource code available, for modification
99Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
1010Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Database SecurityDatabase Security
Database Security:Database Security: Protection Protection of the data against accidental or of the data against accidental or intentional loss, destruction, or intentional loss, destruction, or misusemisuse
Increased difficulty due to Increased difficulty due to Internet access and client/server Internet access and client/server technologiestechnologies
1111Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-3: Possible locations of data security threats
1212Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Threats to Data SecurityThreats to Data Security Accidental losses attributable to:Accidental losses attributable to:
Human errorHuman error Software failureSoftware failure Hardware failureHardware failure
Theft and fraudTheft and fraud Improper data access:Improper data access:
Loss of privacy (personal data)Loss of privacy (personal data) Loss of confidentiality (corporate data)Loss of confidentiality (corporate data)
Loss of data integrityLoss of data integrity Loss of availability (through, e.g. sabotage)Loss of availability (through, e.g. sabotage)
1313Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Data Management Data Management Software Security FeaturesSoftware Security Features
• Views or subschemasViews or subschemas• Integrity controlsIntegrity controls• Authorization rulesAuthorization rules• User-defined proceduresUser-defined procedures• EncryptionEncryption• Authentication schemesAuthentication schemes• Backup, journalizing, and Backup, journalizing, and
checkpointingcheckpointing
1414Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Views and Integrity ControlsViews and Integrity Controls
ViewsViews Subset of the database that is presented to one Subset of the database that is presented to one
or more usersor more users User can be given access privilege to view User can be given access privilege to view
without allowing access privilege to underlying without allowing access privilege to underlying tablestables
Integrity ControlsIntegrity Controls Protect data from unauthorized useProtect data from unauthorized use Domains – set allowable valuesDomains – set allowable values Assertions – enforce database conditionsAssertions – enforce database conditions
1515Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Authorization RulesAuthorization Rules Controls incorporated in the data Controls incorporated in the data
management systemmanagement system Restrict: Restrict:
access to dataaccess to data actions that people can take on dataactions that people can take on data
Authorization matrix for:Authorization matrix for: SubjectsSubjects ObjectsObjects ActionsActions ConstraintsConstraints
1616Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-4: Authorization matrix
1717Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Some DBMSs also provide capabilities for user-defined procedures to customize the authorization process
Figure 12-5a: Authorization table for subjects
Figure 12-5b: Authorization table for objects
Figure 12-6: Oracle9i privileges
1818Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Encryption – the coding or scrambling of data so that humans cannot read them
1919Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Authentication SchemesAuthentication Schemes Goal – obtain a Goal – obtain a positivepositive
identification of the useridentification of the user Passwords: First line of defensePasswords: First line of defense
Should be at least 8 characters longShould be at least 8 characters long Should combine alphabetic and Should combine alphabetic and
numeric datanumeric data Should not be complete words or Should not be complete words or
personal informationpersonal information Should be changed frequentlyShould be changed frequently
2020Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Authentication Schemes Authentication Schemes (cont.)(cont.) Strong AuthenticationStrong Authentication
Passwords are flawed:Passwords are flawed: Users share them with each otherUsers share them with each other They get written down, could be copiedThey get written down, could be copied Automatic logon scripts remove need to explicitly type them inAutomatic logon scripts remove need to explicitly type them in Unencrypted passwords travel the InternetUnencrypted passwords travel the Internet
Possible solutions:Possible solutions: Two factor – e.g. smart card plus PINTwo factor – e.g. smart card plus PIN Three factor – e.g. smart card, biometric, PINThree factor – e.g. smart card, biometric, PIN Biometric devices – use of fingerprints, retinal scans, Biometric devices – use of fingerprints, retinal scans,
etc. for positive IDetc. for positive ID Third-party authentication – using secret keys, digital Third-party authentication – using secret keys, digital
certificatescertificates
2121Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Security Policies and Security Policies and ProceduresProcedures
Personnel controlsPersonnel controls Hiring practices, employee monitoring, security Hiring practices, employee monitoring, security
trainingtraining Physical access controlsPhysical access controls
Equipment locking, check-out procedures, screen Equipment locking, check-out procedures, screen placementplacement
Maintenance controlsMaintenance controls Maintenance agreements, access to source code, Maintenance agreements, access to source code,
quality and availability standardsquality and availability standards Data privacy controlsData privacy controls
Adherence to privacy legislation, access rulesAdherence to privacy legislation, access rules
2222Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Database RecoveryDatabase Recovery
Mechanism for restoring a Mechanism for restoring a database quickly and accurately database quickly and accurately after loss or damageafter loss or damage
Recovery facilities:Recovery facilities:• Backup FacilitiesBackup Facilities• Journalizing FacilitiesJournalizing Facilities• Checkpoint FacilityCheckpoint Facility• Recovery ManagerRecovery Manager
2323Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Backup FacilitiesBackup Facilities Automatic dump facility that produces Automatic dump facility that produces
backup copy of the entire databasebackup copy of the entire database Periodic backup (e.g. nightly, weekly)Periodic backup (e.g. nightly, weekly) Cold backup – database is shut down Cold backup – database is shut down
during backupduring backup Hot backup – selected portion is shut Hot backup – selected portion is shut
down and backed up at a given timedown and backed up at a given time Backups stored in secure, off-site Backups stored in secure, off-site
locationlocation
2424Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Journalizing FacilitiesJournalizing Facilities Audit trail of transactions and Audit trail of transactions and
database updatesdatabase updates Transaction log – record of essential Transaction log – record of essential
data for each transaction processed data for each transaction processed against the databaseagainst the database
Database change log – images of Database change log – images of updated dataupdated data Before-image – copy before modificationBefore-image – copy before modification After-image – copy after modificationAfter-image – copy after modification
Produces an audit trailaudit trail
2525Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-8: Database audit trail
From the backup and logs, databases can be restored in case of damage or loss
2626Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Checkpoint FacilitiesCheckpoint Facilities
DBMS periodically refuses to accept DBMS periodically refuses to accept new transactionsnew transactions
system is in a system is in a quietquiet state state Database and transaction logs are Database and transaction logs are
synchronizedsynchronized
This allows recovery manager to resume processing from short period, instead of repeating entire day
2727Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Recovery and Restart Recovery and Restart ProceduresProcedures
Switch - Mirrored databasesSwitch - Mirrored databases Restore/Rerun - Reprocess transactions Restore/Rerun - Reprocess transactions
against the backupagainst the backup Transaction Integrity - Commit or abort Transaction Integrity - Commit or abort
all transaction changesall transaction changes Backward Recovery (Rollback) - Apply Backward Recovery (Rollback) - Apply
before imagesbefore images Forward Recovery (Roll Forward) - Apply Forward Recovery (Roll Forward) - Apply
after images (preferable to after images (preferable to restore/rerun)restore/rerun)
2828Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-9a: Basic recovery techniques Rollback
2929Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-9b Rollforward
3030Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Database Failure Database Failure ResponsesResponses
Aborted transactionsAborted transactions Preferred recovery: rollbackPreferred recovery: rollback Alternative: Rollforward to state just prior to abortAlternative: Rollforward to state just prior to abort
Incorrect dataIncorrect data Preferred recovery: rollbackPreferred recovery: rollback Alternative 1: rerun transactions not including inaccurate data updatesAlternative 1: rerun transactions not including inaccurate data updates Alternative 2: compensating transactionsAlternative 2: compensating transactions
System failure (database intact)System failure (database intact) Preferred recovery: switch to duplicate databasePreferred recovery: switch to duplicate database Alternative 1: rollbackAlternative 1: rollback Alternative 2: restart from checkpointAlternative 2: restart from checkpoint
Database destructionDatabase destruction Preferred recovery: switch to duplicate databasePreferred recovery: switch to duplicate database Alternative 1: rollforwardAlternative 1: rollforward Alternative 2: reprocess transactionsAlternative 2: reprocess transactions
3131Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Concurrency ControlConcurrency Control ProblemProblem – in a multiuser – in a multiuser
environment, simultaneous access environment, simultaneous access to data can result in interference to data can result in interference and data lossand data loss
SolutionSolution – – Concurrency ControlConcurrency Control The process of managing simultaneous The process of managing simultaneous
operations against a database so that operations against a database so that data integrity is maintained and the data integrity is maintained and the operations do not interfere with each operations do not interfere with each other in a multi-user environmentother in a multi-user environment
3232Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-10: Lost Update
Simultaneous access causes updates to cancel each other
A similar problem is the inconsistent readinconsistent read problem
3333Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Concurrency Control Concurrency Control TechniquesTechniques
SerializabilitySerializability Finish one transaction before starting Finish one transaction before starting
anotheranother Locking MechanismsLocking Mechanisms
The most common way of achieving The most common way of achieving serializationserialization
Data that is retrieved for the purpose of Data that is retrieved for the purpose of updating is locked for the updaterupdating is locked for the updater
No other user can perform update until No other user can perform update until unlockedunlocked
3434Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-11: Updates with locking for concurrency control
This prevents the lost update problem
3535Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Locking MechanismsLocking Mechanisms Locking level:Locking level:
Database – used during database updatesDatabase – used during database updates Table – used for bulk updatesTable – used for bulk updates Block or page – very commonly usedBlock or page – very commonly used Record – only requested row; fairly commonly usedRecord – only requested row; fairly commonly used Field – requires significant overhead; impracticalField – requires significant overhead; impractical
Types of locks:Types of locks: Shared lock - Read but no update permitted. Used Shared lock - Read but no update permitted. Used
when just reading to prevent another user from when just reading to prevent another user from placing an exclusive lock on the recordplacing an exclusive lock on the record
Exclusive lock - No access permitted. Used when Exclusive lock - No access permitted. Used when preparing to updatepreparing to update
3636Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
DeadlockDeadlock An impasse that results when two or more An impasse that results when two or more
transactions have locked common resources, and transactions have locked common resources, and each waits for the other to unlock their resourceseach waits for the other to unlock their resources
Figure 12-13A deadlock situation
UserA and UserB will wait UserA and UserB will wait forever for each other to forever for each other to release their locked resources!release their locked resources!
3737Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Managing DeadlockManaging Deadlock Deadlock prevention:Deadlock prevention:
Lock all records required at the beginning of a Lock all records required at the beginning of a transactiontransaction
Two-phase locking protocolTwo-phase locking protocol Growing phaseGrowing phase Shrinking phaseShrinking phase
May be difficult to determine all needed May be difficult to determine all needed resources in advanceresources in advance
Deadlock Resolution:Deadlock Resolution: Allow deadlocks to occurAllow deadlocks to occur Mechanisms for detecting and breaking themMechanisms for detecting and breaking them
Resource usage matrixResource usage matrix
3838Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
VersioningVersioning
Optimistic approach to concurrency Optimistic approach to concurrency controlcontrol
Instead of lockingInstead of locking Assumption is that simultaneous updates Assumption is that simultaneous updates
will be infrequentwill be infrequent Each transaction can attempt an update Each transaction can attempt an update
as it wishesas it wishes The system will reject an update when it The system will reject an update when it
senses a conflictsenses a conflict Use of rollback and commit for thisUse of rollback and commit for this
3939Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-14: The use of versioning
Better performance than locking
4040Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Managing Data QualityManaging Data Quality
Data StewardData Steward - Liaisons between IT and - Liaisons between IT and business unitsbusiness units
Five Data Quality Issues:Five Data Quality Issues: Security policy and disaster recoverySecurity policy and disaster recovery Personnel controlsPersonnel controls Physical access controlsPhysical access controls Maintenance controls (hardware and software)Maintenance controls (hardware and software) Data protection and privacyData protection and privacy
4141Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Data Dictionaries and Data Dictionaries and RepositoriesRepositories
Data dictionaryData dictionary Documents data elements of a databaseDocuments data elements of a database
System catalogSystem catalog System-created database that describes all database System-created database that describes all database
objectsobjects Information RepositoryInformation Repository
Stores metadata describing data and data processing Stores metadata describing data and data processing resourcesresources
Information Repository Dictionary System Information Repository Dictionary System (IRDS)(IRDS) Software tool managing/controlling access to Software tool managing/controlling access to
information repositoryinformation repository
4242Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Figure 12-15: Three components of the repository system architecture
A schema of the repository information
Software that manages the repository objects
Where repository objects are stored
Source: adapted from Bernstein, 1996.
4343Chapter 12 © 2005 by Prentice Hall© 2005 by Prentice Hall
Database Performance Database Performance TuningTuning DBMS InstallationDBMS Installation
Setting installation parametersSetting installation parameters Memory UsageMemory Usage
Set cache levelsSet cache levels Choose background processesChoose background processes
Input/Output ContentionInput/Output Contention Use stripingUse striping Distribution of heavily accessed filesDistribution of heavily accessed files
CPU UsageCPU Usage Monitor CPU loadMonitor CPU load
Application tuningApplication tuning Modification of SQL code in applicationsModification of SQL code in applications