Presentation is loading. Please wait.

Presentation is loading. Please wait.

The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2.

Published byJeremy Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2."— Presentation transcript:

1 The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2 Details of Pfleeger’s overview in Part 1

2 The granting of a right or privilege, which enables a subject to have legitimate access to a system or a system’s object. Many “object types”: table, view, application procedure, or any other object that can be created within the system. Ownership of objects gives the owner all appropriate privileges on the objects owned. The DBMS needs to keep track (in the DD) of all privileges granted to users, and by whom, in order to maintain the correct set of privileges Authentication refers to a mechanism that determines whether a user is who he or she claims to be. Authorization

3 Security officer –enrolls users, controls and monitors user access to the database, and maintains system security. Application developer – designs and implements database applications. Application administrator – responsible for the administration needs of a particular application. Database users – interact with the database via applications or utilities. Network administrators – responsible for administering Oracle networking products, such as Net8 for: web, internet Type of Oracle Users

4 A predefined role, named "DBA", is automatically created with every Oracle database. This role contains all database system privileges. Therefore, it is very powerful and should be granted only to competent + trusted DBAs. Two user accounts are automatically created with the database and granted the DBA role: SYS – CHANGE_ON_INSTALL and SYSTEM – MANAGER. The database administrator usernames need a more secure authentication scheme. Network administrators – responsible for administering Oracle networking products, such as Net8. Database Administrator

5 Database Administrator Authentication Methods

6 Tablespaces – logical storage units that group related logical structures together. Schema objects – the logical structures that directly refer to the database's data such as tables, views, sequences, stored procedures, synonyms, indexes, clusters, and database links. Extent –a specific number of contiguous data blocks, obtained in a single allocation from OS, and used to store a specific type of information. Segment –a set of extents allocated for a physical object Segment data is Oracle-specific binary format, not OS format Logical Database Structure

7 Databases, Tablespaces, and Datafiles

8 Datafiles and Tablespaces

9 The Relationships Among Segments, Extents, and Data Blocks

10 Data files – Every Oracle database has one or more physical datafiles. One or more datafiles form a logical unit of database storage called a tablespace. Redo log files – Every Oracle database has a set of two or more redo log files. The set of redo log files for a database is collectively known as the database's redo log. Control files – Every Oracle database has a control file. A control file contains entries that specify the physical structure of the database such as database name, names and locations of the data files and redo log files, time stamp of database creation, etc. Used by Oracle at DB instance creation, to control the layout of elements in this instance Physical Database Structure

11 Database user and schema – each user has a “security domain” that determines the privileges and roles, the tablespace quota, and the system resource limits for the user. Privilege – a right to execute a particular type of SQL statement. Roles – named groups of related privileges that are granted to: - users or - other roles Storage settings and quotas – Oracle provides means for directing and limiting the use of disk space allocated to the database on a per user basis. Resource limits – Each user is assigned a profile that specifies limitations on several system resources available to the user Oracle Security Mechanism

12 Oracle Security Features

13 A view SELECT query result = the dynamic result of one or more relational operations operating on the base relations to produce another relation Views hide irrelevant attributes and/or rows from those users who don’t need to know them. A user can be granted privilege to use a view that is generated from several base tables but not privilege to access the base tables. Views (Subschemas)

14 The process of periodically taking a copy of the database and log file (and possibly programs) onto offline storage media. A DBMS should provide logging facilities referred to as journaling, which keep track of the current state of transactions and database changes, to provide support for recovery procedures. A DBMS should provide a checkpoint facility, which enables updates to the database which are in progress to be made permanent. When a checkpoint is taken, the DBMS ensures that all the data in main memory is written out to disk and a special checkpoint record is written to the journal. Backup

15 A backup is a copy of data. You can make physical backups using either the Oracle8i Recovery Manager utility (http://technet.oracle.com/doc/oracle8i_816/server.816/a76990/toc.htm) or operating system utilities (http://technet.oracle.com/doc/oracle8i_816/server.816/a76993/osbackup.htm #7605). A physical backup is a copy of a data file, tablespace, or database made at a specific time. Backup in Oracle

16 Online Redo Log File Use in ARCHIVELOG Mode

17 Some operational Rules/Restrictions for this DB mode You can only restore the database to the point of the most recent full database backup. You can only perform an operating system backup of the database when it is shut down cleanly. You can only restore a whole database backup and then open the database when the backup was taken while the database was closed cleanly. You cannot perform online tablespace backups. NONARCHIVELOG Mode

18 Tablespace Backups in NOARCHIVELOG Mode

19 To restore a physical backup is to reconstruct it and make it available to the Oracle database server. To recover a restored datafile is to update it using redo records, that is, records of changes made to the database after the backup was taken. Oracle performs crash recovery and instance recovery automatically after an instance failure. Instance recovery is an automatic procedure that involves two distinct operations: rolling forward the backup to a more current time by applying online redo records and rolling back all changes made in uncommitted transactions to their original state. Media recovery requires you to issue recovery commands. Recovery in Oracle

20 Restoring and Recovering a Database

21 Static Data Dictionary Views - Change only when a change is made to the DD, for example, when a new table is created or a user is granted new privileges. (http://technet.oracle.com/doc/oracle8i_816/server.816/a76961/ch2.htm)http://technet.oracle.com/doc/oracle8i_816/server.816/a76961/ch2.htm Oracle contains a set of underlying views that are maintained by the server and accessible to the database administrator user SYS. These views are called dynamic performance views because they are continuously updated while a database is open and in use, and their contents relate primarily to performance. (http://technet.oracle.com/doc/oracle8i_816/server.816/a76961/ch3.htm) Information for DBA

Download ppt "The protection of the DB against intentional or unintentional threats using computer-based or non- computer-based controls. Database Security – Part 2."

Similar presentations

ITEC474 INTRODUCTION.

ITEC474 INTRODUCTION.
The Architecture of Oracle

The Architecture of Oracle
Introduction to Oracle

Introduction to Oracle
INTRODUCTION TO ORACLE Lynnwood Brown System Managers LLC Backup and Recovery Copyright System Managers LLC 2008 all rights reserved.

INTRODUCTION TO ORACLE Lynnwood Brown System Managers LLC Backup and Recovery Copyright System Managers LLC 2008 all rights reserved.
5 Copyright © 2005, Oracle. All rights reserved. Managing Database Storage Structures.

5 Copyright © 2005, Oracle. All rights reserved. Managing Database Storage Structures.
Acknowledgments Byron Bush, Scott S. Hilpert and Lee, JeongKyu

Acknowledgments Byron Bush, Scott S. Hilpert and Lee, JeongKyu
Oracle9i Database Administrator: Implementation and Administration 1 Chapter 2 Overview of Database Administrator (DBA) Tools.

Oracle9i Database Administrator: Implementation and Administration 1 Chapter 2 Overview of Database Administrator (DBA) Tools.
Oracle Architecture. Instances and Databases (1/2)

Oracle Architecture. Instances and Databases (1/2)
Database Administration and Security Transparencies 1.

Database Administration and Security Transparencies 1.
Page Footer Keed Education Oracle Database Administration Basic Copyright 2009 Keed Education BV Version 0.0.1. Concept.

Page Footer Keed Education Oracle Database Administration Basic Copyright 2009 Keed Education BV Version Concept.
1 - Oracle Server Architecture Overview

1 - Oracle Server Architecture Overview
Harvard University Oracle Database Administration Session 2 System Level.

Harvard University Oracle Database Administration Session 2 System Level.
Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.

Chapter 8 Security Transparencies © Pearson Education Limited 1995, 2005.
Advanced Databases Basic Database Administration Guide to Oracle 10g 1.

Advanced Databases Basic Database Administration Guide to Oracle 10g 1.
A Guide to Oracle9i1 Introduction to Oracle9i Database Administration Chapter 11.

A Guide to Oracle9i1 Introduction to Oracle9i Database Administration Chapter 11.
Database Backup and Recovery

Database Backup and Recovery
Backup and Recovery Part 1.

Backup and Recovery Part 1.
CHAPTER 16 User-Managed Backup and Recovery. Introduction to User Managed Backup and Recovery Backup and recover is one of the most critical skills a.

CHAPTER 16 User-Managed Backup and Recovery. Introduction to User Managed Backup and Recovery Backup and recover is one of the most critical skills a.
Oracle Architecture Client Computer Application Server Oracle Database Lan Or Internet Lan Or Internet Client Server Environment Application By Java or.Net.

Oracle Architecture Client Computer Application Server Oracle Database Lan Or Internet Lan Or Internet Client Server Environment Application By Java or.Net.
Backup Concepts. Introduction Backup and recovery procedures protect your database against data loss and reconstruct the data, should loss occur. The.

Backup Concepts. Introduction Backup and recovery procedures protect your database against data loss and reconstruct the data, should loss occur. The.

Similar presentations

Ads by Google