Download cos346day21

COS 346
Day 21
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-1
Agenda
• Questions?
• 2 Quizzes 2 go
– April 20
• DP Chap 9 & 11, SQL Chap 11
– May 4
• DP Chap 12 - 15
• Assignment 8 posted
– Due Today
– 3 more assignments to Go
– Lowest assignment score dropped
• Capstones projects and presentations are due May
12 at 10AM
• Today we will be discussing Managing Multi-user
Databases with SQL server 2000
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-2
Concurrency Control
• Three factors determine the concurrency control
behavior of SQL Server:
– Transaction isolation level
– Cursor concurrency setting
– Locking hints provided in the SELECT clause
• Locking behavior also changes, depending on whether
actions occur in the context of transactions or cursors
independently
– Therefore, SQL Server places locks on behalf of the developer
– Locks may be placed at many levels of granularity and may be
promoted or demoted as work progresses
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-3
SQL Server Concurrency Options
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-4
Examples
SET TRANSCATION LEVEL REPEATABLE
READS;
DECLARE MY_CURSOR DYNAMIC
SCROLL_LOCK
SELECT *
FROM TABLE WITH HOLDLOCK:
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-5
SQL Server 2000 Security
• SQL server provides two modes of
authentication:
– Windows only: the authentication is provided by the
windows operating system
– Mixed security: SQL Server will accept either the
windows-authenticated user name or it will perform its
own authentication
• Roles may be assigned to a SQL Server user
account:
– A role is a group of predefined authorities
– Public role has the authority only to connect to the
database
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-6
SQL Server Backup
• SQL Server supports several types of backup:
– A complete backup makes a copy of the entire
database
– A differential backup makes a copy of the database
changes since the last complete backup
– Differential backups are faster and can be taken more
frequently
– Complete backups are simpler to use for recovery
• The transaction log also needs to be periodically
backed up
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-7
Database Recovery
• Both data and log files are created by SQL
Server
• SQL Server provides a wizard for setting up
database maintenance plan, e.g., scheduling
database and log backups
• To recover a database with SQL Server:
– The database is restored from a prior database
backup
– Log after images are applied to the restored database
– At the end of the log, changes from any transaction
that failed to commit are then rolled back
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-8
SQL Server Recovery Models
• Three recovery models
– Simple recovery: neither logging is done nor log
records applied:
• To recover a database is to restore the database to the last
backup
• This method can be used for a database that is never
changed
– Full recovery: all database changes are logged
– Bulk-logged: all changes are logged except those
that cause large log entries
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-9
David M. Kroenke’s
Database Processing
Fundamentals, Design, and Implementation
(10th Edition)
End of Presentation:
Chapter Eleven Part Three
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-10
SQL for SQL Server
Bijoy Bordoloi and Douglas Bock
Chapter 11: SQL Server Database
Administration
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-11
Objectives
• Develop a general understanding of database administration.
• Understand the duties of a database administrator.
• Learn about the organization of a SQL Server database file
structure.
• Create a database.
• Learn concepts concerning the SQL Server system catalog and
database catalogs.
• Learn about the special dbo database user account.
• Become familiarized with the Enterprise Manager software.
• Create system and database user accounts.
• Grant, deny, and revoke permissions.
• Create and allocate roles.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-12
Database Administration Overview
•
•
Database administration is a
specialized area within a large
information systems department.
A database administrator (DBA) works
closely with application developers to
support application development
efforts.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-13
Database Administrator Duties
• Install database management system software and
upgrades.
• Design and create a database including the allocation
of system disk storage for current and future
database storage requirements.
• Start up and shut down database services.
• Create user accounts and monitor user activities.
• Grant database permissions to control data security
and data access.
• Backup and recover a database in the event of
system failure.
• Tune a database to optimize database performance.
• Manage database network connectivity.
• Migrate a database to a new version of the DBMS
software.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-14
Enterprise Manager
•
•
SQL Server 2000’s Enterprise Manager
software is a Microsoft Management
Console snap-in.
Enterprise Manager provides a graphical
user interface for administering SQL Server
databases. Use it to:
–
–
–
–
–
–
Create databases.
Create tables and other objects.
Create and manage user accounts.
Allocate system and object permissions.
Manage security and schedule tasks.
Perform database backups.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-15
Enterprise Manager Graphical User Interface
The initial window in unexpanded Tree view.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-16
Expanded Tree Pane – Company Database
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-17
•
Database Types
Two groups of databases were
displayed on the previous slide:
– (1) System databases – includes
Master, Model, MSDB, and Tempdb.
– (2) User-Defined Application databases.
Those shown include the Company and
Riverbend databases used in this
textbook and two databases provided by
Microsoft as examples – Northwind and
Pubs.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-18
System Databases
• Master – stores database information about
other databases for a given instance of the
SQL Server 2000. Also tracks disk space
usage, configuration of the DBMS, and
information on database objects.
• Model – a database template that is copied
whenever you create a new database.
• Tempdb --- stores temporary objects/data
such as those created by ORDER BY and
JOIN operations.
• MSDB – used to schedule tasks such as
database backup.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-19
Database Files
• Physical windows files – includes a primary
data file and transaction log file as a
minimum.
• Primary data file – stores application data and
startup information.
• Transaction log files – stores transaction data
to support database recovery.
• Secondary data files – stores application data
that will not fit into the primary data file –
generally added to additional disk drives.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-20
Database Files Contd.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-21
Disk Storage
• Database objects are stored using two units
of storage – page and extent.
• Database files are divided into pages while
several pages are grouped into extents.
• Pages are 8Kb in size.
• A data row cannot span pages in SQL Server
– the maximum row size is 8,060 bytes.
• Data pages store table row data; Index pages
store index values; Text/Image pages store
data of type TEXT, NTEXT, and IMAGE.
• Extents are contiguous pages allocated with
8 pages/extent.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-22
Creating an SQL Server Database
• The CREATE
DATABASE
statement can be
used with SQL
Query Analyzer to
create a database.
• Enterprise
Manager is easier
to use – right-click
the database node
or use the Action
menu - New
Database option.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-23
Database Properties – General Tab
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-24
Database Properties – Data Files Tab
Contd.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-25
Database Properties – Data Files Tab
• The Database Properties dialog box – Data
Files tab is used to specify file names for the
primary data file. The example shown on the
next slide is named TestDatabase_Data.
• It is stored to a folder named C:\Data.
• The data file has an initial size of 1Mb and is
set to automatically grow in 10% increments.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-26
Database Properties – Transaction Log
Tab
• The figure shown on the next slide is the
Transaction Log tab used to specify file
names for the transaction log file.
• Here the transaction log is named
TestDatabase_Log on drive C: in the folder
named C:\DataLogs.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-27
Database Properties – Transaction Log
Tab Contd.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-28
Files and File Groups
• Larger databases with several secondary
data files are easier to manage by
defining a filegroup object type – a logical
container to hold files as a unit.
• This makes it easier to backup files.
• Use Enterprise Manager to create a
filegroup by a right-click of the database in
the Tree panel and selection of the
Properties menu.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-29
Files and File Groups Contd.
• Select the Filegroups tab and name the filegroup.
You can then use the Properties dialog box to create
secondary files and assign them to the filegroup.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-30
Create Database Options to Create
Filegroups
• The example shown here creates a primary data file along with
a filegroup and secondary data files and log files.
/* SQL Example 11.1 */
CREATE DATABASE TestDatabase
ON PRIMARY
( NAME = TestDatabase_Data,
FILENAME = 'C:\Data\TestDatabase_Data.Mdf',
SIZE = 10, MAXSIZE = 50, FILEGROWTH = 25% ),
FILEGROUP TestDatabaseGroup1
( NAME = TestDatabaseSecondary1_Data,
FILENAME = 'D:\Data\TestDatabaseSecondary1_Data.Ndf',
SIZE = 20, MAXSIZE = 50, FILEGROWTH = 5% ),
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-31
Create Database Options to Create
Filegroups Contd.
( NAME = TestDatabaseSecondary2_Data,
FILENAME =
'E:\Data\TestDatabaseSecondary2_Data.Ndf',
SIZE = 10, MAXSIZE = 50, FILEGROWTH = 5% )
LOG ON
( NAME = 'TestDatabase_Log',
FILENAME = 'G:\Datalogs\TestDatabase_Log.Ldf',
SIZE = 5MB, MAXSIZE = 25MB, FILEGROWTH
= 5MB );
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-32
SQL Server System Catalog
• The SQL Server system catalog consists of
system tables in the Master database.
• System tables stored in individual databases
are the database catalog.
• The system catalog stores information about
the structure of database objects such as
databases, tables, views, and indexes –
termed metadata (data about data).
• Only SQL Server should modify the system
catalog.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-33
SQL Server and Database
Accounts
• Both SQL Query Analyzer and Enterprise Manager
can create SQL Server login accounts.
• Within SQL Query Analyzer, you can execute several
different procedures to create logins and to modify
passwords.
/* SQL Example Creating a Login */
EXEC sp_addlogin ‘thumb’, ‘secret’, ‘Company’;
/* Changing password */
EXEC sp_password ‘secret’, ‘newsecret’, ‘thumb’;
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-34
Using Enterprise Manager to Create Login
Accounts
• Select Tools
menu,
Wizards
option and
expand the
Database
tree.
• Select the
Create Login
Wizard
option shown
here.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-35
Creating Login Accounts – Contd.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-36
Creating Login Accounts – Contd.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-37
Creating Login Accounts – Contd.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-38
Default Database User Accounts
• Users needing access to specific
application databases must have a valid
database user account for that
database.
• Each database has two default
accounts: dbo and guest.
• The dbo account owns a database and
the account cannot be dropped.
• The guest account is used by users who
have no specific database user account.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-39
Creating Database User Accounts
• The sp_grantdbaccess procedure can be executed
within SQL Query Analyzer to create a database user
account and associate it with an existing Windows
users account or SQL Server security login account.
• This example associates a database user account
named robertsmith with a Windows user account
named rsmith.
EXEC sp_grantdbaccess ‘rsmith’, ‘robertsmith’
EXEC sp_grantdbaccess ‘rsmith’
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-40
Creating Database User Accounts Contd.
• Enterprise Manager
can be used as
shown here to create
database user
accounts.
• Expand the
database tree and
select New
Database user – use
the dialog box to
enter the login and
user name and grant
permissions to the
user.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-41
Revoking Database User Accounts
Through Enterprise Manager
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-42
Roles
• Roles make it easier for a DBA to manage the
allocation of permissions.
• A role is like a container of a group of
permissions for a specific type of system user
such as an accountant.
• Each accountant hired will be authorized the
permissions contained in the role named
Accountant.
• This also applies to other jobs such as Clerk.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-43
Roles Contd.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-44
Fixed Server Roles
• Fixed server roles exist at the server level external to
databases.
• Several fixed server roles exist. These include:
– Sysadmin – a role granted all permissions for SQL Server
and associated with the system administrator (sa) login and
dbo user.
– DbCreator – a role with permission to create/modify
databases.
– DiskAdmin – permission to manage disk files.
– Other fixed server roles also exist and are described in the
chapter reading.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-45
Allocating Fixed Server Roles – Enterprise
Manager
• Expand the security folder and select the
Server Roles option. Right-click the role as
shown.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-46
Allocating Fixed Server Roles – Enterprise
Manager Contd.
• Click the Add button to display the Add Members
window as shown and add the members desired and
click OK.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-47
Fixed Database Roles
• These roles exist for each database and are
grouped according to purpose. They include:
– Db_owner – users who perform most database
activities.
– Db_accessadmin – permission to add/remove
users.
– Db_datareader – SELECT permission on any
database table/view.
– Db_datawriter – Can run any DML statement on
any database table/view.
– Other roles exist as described in the chapter.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-48
Application Roles
• These roles are used to allocate specific permissions
for specific applications such as payroll or inventory
management.
• Application roles are allocated to login sessions.
• Application roles require a password.
• While connected to an application role, the database
user loses all other allocated permissions except
those associated with the application role.
/* Example */
EXEC sp_addapprole ‘payroll’, ‘payroll_password’
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-49
User-Defined Database Roles
• This is the more traditional use of roles – to allocate
permissions to groups of users as was described
earlier.
• Suppose a role named Clerk has several permissions
needed by a newly hired clerk named dbock. This
EXEC will create the Clerk role owned by bbordoloi.
The role is then granted to dbock.
/* Example Granting Role */
EXEC sp_addrole ‘clerk’, ‘bbordoloi’
EXEC sp_addrolemember ‘clerk’, ‘dbock’
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-50
Permissions
• Permissions authorize database users to
perform various operations such as
CREATE DATABASE and SELECT.
• Permissions are divided into two
categories: statement and object.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-51
Granting Statement Permissions
• Use the GRANT statement to grant
permissions. Statement permissions include:
–
–
–
–
–
–
–
–
–
CREATE DATABASE
CREATE DEFAULT
CREATE FUNCTION
CREATE PROCEDURE
CREATE RULE
CREATE TABLE
CREATE VIEW
BACKUP DATABASE
BACKUP LOG
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-52
Granting Statement Permissions – Contd.
• Grant all permissions to dbock.
GRANT ALL TO dbock;
• Grant two permissions to tthumb and
bbordoloi
GRANT CREATE TABLE, CREATE VIEW TO
tthumb, bbordol;
• Grant permissions to a role.
GRANT CREATE PROCEDURE, CREATE FUNCTION
TO clerk;
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-53
Granting Object Permissions Contd.
• Object permissions apply to a specific
database object such as a table.
• Permissions include SELECT, UPDATE,
INSERT, DELETE, and other object
manipulations.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-54
Granting Object Permissions Contd.
• General form of the GRANT statement:
GRANT [ALL | permission_list] ON [table/view
[column_list] | procedure] TO account_list
[WITH GRANT OPTION] [AS {group_name |
role_name}]
• The object is specified with the ON clause.
• The TO clause specifies who receives the
permission.
• The WITH GRANT OPTION enables the
grantee to grant the permission to others.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-55
Granting Object Permissions – Contd.
• Grant SELECT on the dependent table.
GRANT SELECT ON dependent TO bbordoloi;
• Grant SELECT and DELETE on the
dependent table.
GRANT SELECT, DELETE ON dependent TO dbock;
• Grant UPDATE on specific table columns.
GRANT UPDATE ON dependent( dep_name,
dep_gender)
TO bbordoloi;
• Grant ALL permissions to everyone
(PUBLIC).
GRANT ALL ON dependent TO PUBLIC;
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-56
Granting Object Permissions – Enterprise
Manager
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-57
Denying Permissions
• Denying permissions removes existing
permissions from a database user
account or role and prevents granting
the permission to the database user
account by accident through any other
defined role.
/* Examples */
DENY CREATE TABLE TO tthumb;
DENY SELECT, UPDATE ON dependent
TO dbock;
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-58
Revoking Permissions
• You can revoke both statement and object
permissions. Permissions that are revoked can later
be allocated again.
/* Examples */
REVOKE SELECT ON dependent FROM PUBLIC;
REVOKE UPDATE ON dependent FROM dbock;
• You can also revoke GRANT options and cause
system users who have been granted permissions by
a specific database user to also lose their
permissions through the CASCADE clause.
REVOKE GRANT OPTION FOR DELETE ON
dependent FROM dbock CASCADE;
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-59
System Procedures
• System procedures such as the sp_help
procedure can be used to display information
about database objects.
/* SQL Example 11.25 */
EXEC sp_help dependent
Name
Owner
Type
---------- ---------- ------------dependent dbo
user table
Column_name
----------------dep_emp_ssn
dep_name
dep_gender
other information
Type
Computed Length
---------- -------- -------char
no
9
varchar
no
50
char
no
1
is also listed . . .
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-60
System Procedures – Cont.
• Other system procedures such as sp_depends can
display dependency information among objects such
as tables and views. This example shows
dependency information for the employee table.
/* SQL Example 11.26 */
EXEC sp_depends employee;
In the current database, the specified object is
referenced by the following:
Name
type
----------------- ---------------dbo.ck_emp_salary check cns
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-61
Summary
• A SQL Server installation is managed through
the Enterprise Manager.
• A SQL Server database includes physical and
logical objects such as files and filegroups.
• The system catalog stores metadata for a
SQL Server instance and all databases.
Each database has a database catalog.
• You learned to create SQL Server login
accounts, database accounts, and roles.
• You also learned to allocate, deny, and
revoke system and object permissions to/from
accounts and roles.
DAVID M. KROENKE’S DATABASE PROCESSING, 10th Edition
© 2006 Pearson Prentice Hall
9-62