WEB DEVELOPMENT AND

DATABASE ADMINISTRATION
LEVEL – IV

Module Title: Monitoring and Administer Database

Course Code: EIS WDDBA4 02 1221

LO1 Start up a database

1.1 Configure database system

When you install SQL Server, Setup writes a set of default startup options in the Microsoft Windows
registry. If the Database Engine cannot locate the necessary files, SQL Server will not start. Startup
options can be set by using SQL Server Configuration Manager. Connect to SQL Server When System

Administrators Are Locked Out

A system administrator can lose access to an instance of SQL Server because of one of the following reasons:

• All logins that are members of the sysadmin fixed server role have been removed by mistake.
• All Windows Groups that are members of the sysadmin fixed server role have been removed by mistake.

• The logins that are members of the sysadmin fixed server role are for individuals who have left the company
or who are not available.

• The account is disabled or no one knows the password.

One way in which you can regain access is to reinstall SQL Server and attach all the databases to the new
instance. This solution is time-consuming; and, to recover the logins, it might require restoring the master
database from a backup.

• Monitoring database start-up and operation for irregularities

Microsoft SQL Server and the Microsoft Windows operating system provide utilities that let you view the current
condition of the database and to track performance as conditions change.

Activity Monitor runs queries on the monitored instance to obtain information for the Activity Monitor
display panes. When the refresh interval is set to less than 10 seconds, the time that is used to run these
queries can affect server performance.

To view the Activity Monitor, a user must have VIEW SERVER STATE permission. To view the Data File
I/O section of Activity Monitor, you must have CREATE DATABASE, ALTER ANY DATABASE, or
VIEW ANY DEFINITION permission in addition to VIEW SERVER STATE.

To open Activity Monitor in SQL Server Management Studio

• On the SQL Server Management Studio standard toolbar, click Activity Monitor.
• In the Connect to Server dialog box, select the server name and authentication mode, and then
click Connect.

To open Activity Monitor in Object Explorer

In Object Explorer, right-click the instance name or SQL server, and then select Activity Monitor.
LO2 Manage database

2.1 compiling data dictionary and data structure

A data dictionary is a collection of descriptions of the data objects or items in a data model for the benefit
of programmers and others who need to refer to them. I.e. Itis a set of information describing the contents,
format, and structure of a database and the relationship between its elements, used to control access to and
manipulation of the database.

When developing programs that use the data model, a data dictionary can be consulted to understand
where a data item fits in the structure, what values it may contain, and basically what the data item means
in real-world terms.

* Most DBMS keep the data dictionary hidden from users to prevent them from accidentally destroying its
contents.

* A data dictionary may contains:

- The definitions of all schema objects in the database.
- How much space has been allocated for, and is currently used by the schema objects - Default values for
columns.

- Integrity constraint information (Constraints that apply to each field, if any)

- Auditing information, such as who has accessed or updated various schema objects
- Privileges and roles each user has been granted (Access Authorization)
- Description of database users, their responsibilities and their access rights.
Data dictionaries do not contain any actual value from the database, only book keeping information for managing
it.

What is an advantage of a Data Dictionary?

When a new user is introduced to the system or a new administrator takes over the system, identifying table
structures and types becomes simpler.

2.2 Introduction to data integrity

Data integrity is a constraint which used to ensure accuracy and consistency of data in a database by validating
the data before getting stored in the columns of the table.

Data integrity refers to the overall completeness, accuracy and consistency of data in according to business
requirements
2.3 Introduction to integrity constraints

2.3.1 Types of integrity constraints

› Entity integrity
› Referential integrity
› Domain integrity
› User defined integrity

2.3.1.1 Entity integrity

This is concerned with the concept of primary keys. The rule states that every table must have its own primary
key and that each has to be unique and not null.

2.3.1.2 Referential integrity

This is the concept of foreign keys. A foreign key is a column (or columns) that references a column (most
often the primary key) of another table. The purpose of the foreign key is to ensure referential integrity of
the data. In other words, only values that are supposed to appear in the database are permitted.

. The rule states that the foreign key value can be in two states. The first state is that the foreign key value
would refer to a primary key value of another table, or it can be null. Being null could simply mean that
there are no relationships, or that the relationship is unknown. Referential integrity is a feature provided
by relational DBMS that prevents users from entering inconsistent data.

Referential integrity ensures that every value in a child key; the foreign key of the child table, has a
corresponding value in the parent key; the primary key or unique index of the parent table. Referential
integrity is enforced between tables using the parent-child relationship established with foreign keys. DB
Maker has automatic support for referential integrity constraints between tables through the definition of
foreign keys. When adding a record to a child table, the value in the child key must also exist in the parent
key. Similarly, when deleting a record from the parent table, all records in the child key with the same value
must be deleted first.

Referential actions provide a means to update or delete a parent key when referential integrity would not
normally allow it such as when a parent key is referenced by a child key. The referential actions define the
operation DB Maker should perform on all matching rows in the child key when updating or deleting a
parent key referential actions for both updates and deletes: CASCADE, SETNULL, SET DEFAULT, and
NO ACTION.

CASCADE performs an update or delete on all matching values in the child key when updating or
deleting the parent key. This will set the value of the child key to the same value as the parent key when a
row in the parent key updates, or will delete all matching values in the child key with the same value as
the parent key when deleting a row in the parent key.
SET NULL sets all matching values in the child key to NULL when you update or delete a row in the
parent key. You cannot use the SET NULL action when the child key was defined with the NOT NULL
constraint.

SET DEFAULT sets all matching values in the child key to the default value of the column when you
update or delete a row in the parent key. You cannot use the SETDEFAULT action when the default
value is NULL and the child key was defined with the NOT NULL constraint.NO ACTION enforces
normal referential integrity rules. DB Maker will use NO ACTION by default.Columns in a foreign key
may contain null values. If a foreign key contains a null value, it satisfies referential integrity
automatically

2.3.1.3 Domain integrity

This states that all columns in a relational database are in a defined domain. The concept of data
integrity ensures that all data in a database can be traced and connected to other data. This ensures
that everything is recoverable and searchable. Having a single, well defined and well controlled data
integrity system increases stability, performance, reusability and maintainability

2.3.1.4 User defined integrity

User-defined integrity allows you to define specific business rules that do not fall into one of the other
integrity categories. All of the integrity categories support user-defined integrity (all column- and tablelevel
constraints in CREATE TABLE, stored procedures, and triggers).

Business rules may dictate/state that when a specific action occurs further actions should be triggered.
For example, deletion of a record automatically writes that record to an audit table.
2.4 Create and design indexes and multiple-field keys
2.4.1 What is index?
An indexis a separate physical data structure that enables queries to access one or more data rows fast.A
database index is a separate physical data structure that improves the speed of data retrieval operations
on a database table at the cost of additional writes and the use of more storage space to maintain the
extra copy of data. Indexes are used to quickly locate data without having to search every row in a
database table every time a database table is accessed. Indexes can be created using one or more
columns of a database table, providing the basis for both rapid random lookups and efficient access of
ordered records.
Why Use Indexes? Two primary reasons exist for creating indexes in SQL Server:

To maintain uniqueness of the indexed column(s) To

provide fast access to the data in tables.
Keep index as narrow as possible

Narrower indexes take less space, require less time to process, which in turn means the query will
run faster.

Column order is important

For indexes covering multiple columns, the order of the columns in the index is important.
Make sure the column you are building an index for is declared NOT NULL
This can decrease the size of the index, which in turn will speed up the query
A simple index is an index on a single column, while a composite index is an index on two or more columns.

2.4.2 Decide which fields to be index

The following list gives guidelines in choosing columns to index:
- You should create indexes on columns that are used frequently in WHERE clauses.

- You should create indexes on columns that are used frequently to join tables.

- You should create indexes on columns that are used frequently in ORDER BY clauses.
- You should create indexes on columns that have few of the same values or unique values in the table.

- You should not create indexes on small tables (tables that use only a few blocks) because a full table scan
may be faster than an indexed query.

- If possible, choose a primary key that orders the rows in the most appropriate order.
2.4.3 Create an index
. Indexes can be created to order the values in a column in ascending or descending sequence.

 You can use the CREATE INDEX statement to create indexes.

The general form of CREATE INDEX statement is:

CREATEINDEX index_name ON table_name(column1 [ASC | DESC] ,...)

Example:Create an index for the EmpID column of the employee table

2.4.4 Delete an index

Deleting an index means removing one or more relational indexes from the current database.
The DROP INDEX statement is used to delete an index in a table.
Syntax:

Why Use the DROP INDEX Statement?

You may drop an index permanently when it is no longer useful or temporarily. If the index is harming or
not helping performance, it could be dropped.

Indexes may slow down the loading of data because they must be maintained during the data load process.
For high performance loads, an index could be dropped for the duration of a load and then recreated.

To delete an index by using Object Explorer, you can follow the steps as shown below:

 In Object Explorer, expand the database that contains the table on which you want to delete an index.

 Expand the Tables folder.

 Expand the table that contains the index you want to delete.
 Expand the Indexes folder.
 Right-click the index you want to delete and select Delete.
 In the Delete Object dialog box, verify that the correct index is in the Object to be deleted grid and click OK.

To delete an index using Table Designer

In Object Explorer, expand the database that contains the table on which you want to delete an index.

Expand the Tables folder.

Right-click the table that contains the index you want to delete and click Design.
On the Table Designer menu, click Indexes/Keys.
In the Indexes/Keys dialog box, select the index you want to delete.
Click Delete.
Click Close.
On the File menu, select savetable_name.

2.4.5 View and edit indexes

To view all indexes in a database
- In Object Explorer, connect to an instance of the SQL Server Database Engine and then expand that
instance.

- Expand Databases, expand the database that contains the table with the specified index, and then expand
Tables.
 - Expand the table in which the index belongs and then expand Indexes.

To modify an index using wizard

› In Object Explorer, connect to an instance of the SQL Server Database Engine and then expand
that instance.

› Expand Databases, expand the database in which the table belongs, and then expand Tables.
› Expand the table in which the index belongs and then expand Indexes.
› Right-click the index that you want to modify and then click Properties.
› In the Index Properties dialog box, make the desired changes. For example, you can add or remove
a column from the index key, or change the setting of an index option.

2.4.6 Create multiple-field keys

Relational database designs use a set of columns as the primary key for a table. When this set includes more
than one column, it is known as a “composite” or “compound” primary key.

If the values in a single common key field are insufficiently unique to accurately join or relate two tables,
you need to use multiple common key fields in combination. In the examples below, the composite primary
key consists of two columns, Birth_Date and Social_Security_Number.

CREATE TABLE Customer_Composite_Key

(Last_Namenarchar(30),
First_Namenarchar(30),
Birth_Datedatetime,
Social_Security_Number integer,
PRIMARY KEY (Birth_Date, Social_Security_Number));

2.5 Locking Tables and Databases

Database locks serve to protect shared resources or objects.

These protected resources could be:

• Tables • Connections
•
Data Rows • Entire Systems
There are also many types of locks such as shared locks, transaction locks, DML locks, and backup-recovery locks

2.6 Monitor data storage space

This section describes the storage structures of your database, and explains how to monitor and manage the amount
of storage that is in use and available for the database and its backups. It contains the following topics:
 Training, Teaching and Learning Materials (TTLM)

› About the Database Storage Structures › Viewing Log

Files
› Monitoring Storage Space Usage
› Compacting Storage
A database is the collection of logical and physical structures that together contain all the data and metadata
for your applications. The database also contains control structures (such as control files) that it needs for
startup and operation.

2.7 Update data

You usually use the following two application pages to update data in a database:
• An update form

• An update action page

You can create an update form that calls an update action page. The update action page should also contain
a confirmation message for the end user.

The modification of data that is already in the database is referred to as updating. You can update individual
rows, all the rows in a table, or a subset of all rows. Each column can be updated separately without
affecting the other columns.

Syntax: UPDATE{table_name| view_name}

SET{column_name={expression|default|null}}|

WHERE{search condition}

Use the UPDATE statement to change single rows, groups of rows, or all of the rows in a table.

LO3 Manage database access

Before you can connect to SQL Server, an administrator of the SQL Server installation must give you
permission to connect. In a Windows authentication setup, the administrator would either allow your Windows
account or a group that contains your Windows account to connect to SQL Server.

Access is managed on two levels

Logins –Access to the server
Users –Access to a database
 Creating Logins
Most Windows users need SQL Server login account to connect to SQL Server. With Windows
authentication, if a user belongs to a specific Windows group, just by belonging to that group, providing
that group is contained within SQL Server, the account will have access to SQL Server. When a database is
 Training, Teaching and Learning Materials (TTLM)
created, initially only the database owner has any rights to complete any task on that database, whether that
be to add a table, insert any data, or view any data.

9
TLM Development Manual te: January, 2020

mpiled by: ICT Department

The following example creates a login for a particular user ID and assigns a password. The MUST_CHANGE option
requires users to change this password the first time they connect to the server.

Use the GUI: Security-->Right Click, New Login…

T-SQL:
–CREATE LOGIN <login name> FROM WINDOWS

–CREATE LOGIN <login name> WITH PASSWORD ‘<password>’

3.1 Database Administrator Security and Privileges

If your database had no security measures in place, absolutely anyone could come along and steal or corrupt
the data, causing havoc to you and your company. And not just in one database, but on every database in
every server. Security can be enforced in many ways on a SQL Server: by Windows itself through
Windows authentication; by restricting users’ access to sensitive data through views; or by specifically
creating users, logins, and roles that have explicit levels of access.

Server Logins and Database Users

As you now know, there are two steps to complete, whether you want to create a SQL Server authentication–
based login or a Windows authentication–based login. A server login is one that, when used, can connect
only to the server itself. It cannot use any of the user databases within SQL Server. The second step was
creating the database user; in the graphical section that we looked at first, this is when we selected the
databases we wanted to use. Within SQL Server, permissions can be granted at multiple levels, including
the server and database level. Examples of server-level permissions include creating new logins or managing
server properties. Examples of database permissions include being able to read data from a table or being
able to create new tables. One server login can be associated with multiple users in different databases.
Generally, when using Windows authentication, a database username is the same as the login name, but this
does not have to be the case. It does, however, simplify administration. In this book, we will mostly be
dealing with database-level permissions, but we will briefly examine server roles in the following section.

Use the GUI: db. ->Security->Users->Right Click, New User… T-SQL:

–CREATE USER <user name> FROM LOGIN <login name>
To create a SQL Server login that uses Windows Authentication using wizard

. In SQL Server, open Object Explorer and expand the folder of the server instance.
. Expand security folder, Right-click on login folder, and then select New Login.
 Training, Teaching and Learning Materials (TTLM)
. Click on the General, and enter the name of a Windows user in the Login name box.
. Select Windows Authentication, and then Click OK.
To create a SQL Server login that uses SQL Server Authentication using wizard

* In SQL Server, open Object Explorer and expand the folder of the server instance.
* Expand security folder, Right-click on login folder, and then select New Login.
* Click on the General, and enter the name of a Windows user in the Login name box.
* Select SQL Server Authentication. However, Windows Authentication is the more secure option.
* Enter a password for the login.
* Select the password policy options that should be applied to the new login, and then Click OK.
- In general, enforcing password policy is the more secure option.

To create a SQL Server login that uses SQL Server Authentication using T-SQL code

 Open New Query Editor

 Use the following Transact-SQL syntax:
CREATE LOGIN [login Name] WITH PASSWORD = 'password'
Example: CREATE LOGIN student WITH PASSWORD=’abc/123’

We can drop login by using the DROP LOGIN login_name statement

A login only can only be granted authorization to objects in a database if a database user
has been mapped to the login. A special user, guest, exists to permit access to a
database for logins that are not mapped to a specific database user.

1. Creating and Managing database Users

To create a database user using SQL Server
• In SQL Server, open Object Explorer and expand the Databases folder.
• Expand the database in which to create the new database user.
• Expand Security folder, right click on user folder and select User.
• Select General, and enter a name for the new user in the User name box.
• In the Login name box, enter the name of a SQL Server login to map to the database user.
• Click OK.
To create a database user using T-SQL code
 Open New Query Editor
 Use the following Transact-SQL syntax:
CREATE USER <new user name> FOR LOGIN <login name>
Example: CREATE USER Admin1 for login Student
Server Level
• Start/stop services
 Training, Teaching and Learning Materials (TTLM)
• Grant access

• Create database

Database Level
• Query and modify data

• Create objects
2. Creating Schemas
InSQL Server, schema is an object that conceptually holds definitions for database objects such as tables,
views, stored procedures, etc. The main advantage of creating a schema is that you can grant permissions
to database objects by using a single CREATE SCHEMA statement.

Syntax: CREATE SCHEMA [schema_name] Authorization [user_name]

Example: create a student schema owned by Admin as follows:

Create schema student Authorization Admin
Create table stud (fnamevarchar(20), Id int, sex char(6))
We can use the DROP SCHEMA schema_name statement to remove schema from the database.

Note: Windows Authentication mode is the default and recommended authentication mode.
Configuring SQL Server Authentication Modes
To select or change the server authentication mode, follow these steps:
* In SQL Server, right-click on a desired SQL Server, select Properties and then Select Security
* Select the desired server authentication mode under Server Authentication and then click
OK.

* In Object Explorer, right-click on a desired server and then click Restart.

Using Windows authentication is a more secure choice.

 Managing Server and database Security

1. Creating Roles
Database roles deal with actions that are performed at the database level. Role is a random set of privileges
that is granted to users. There are three types of roles in SQL server:

• Fixed server roles

Within SQL Server, specific predefined roles are set up to allow certain tasks and to restrict other tasks.
Someone with the right permissions, such as a system administrator, can assign these roles to any user ID or
group of user IDs within SQL Server.
 Training, Teaching and Learning Materials (TTLM)
If you look at the Server Roles node in the Object Explorer, you will see a list of roles as shown in Figure But
what do they mean? You get a little hint if you move to the Server Roles node within SQL Server
Management Studio.

These roles, available for anyone to use across the server, can perform the following tasks:
• SYSADMIN –Performany action on the server.
• SECURITYADMIN –Manage server level permissions.
• SERVERADMIN –Manage server configurations and start/stop services.
• PROCESSADMIN –Kill processes running on the instance.
• SETUPADMIN –Add/remove linked servers.
• BULKADMIN –Able to run BULK INSERT and execute bulk operations.
• DISKADMIN –Manage server disk files. DBCREATOR –Create, alter, drop, and restore databases.
• PUBLIC –Generic role that all users member of are a
.Server roles are static objects. They contain groups of actions that operate at the server level rather than at
the database level. When creating a new login, you could assign these server roles to it if you wanted the
login to carry out server actions as well as any database-related actions, if required.If your Windows
account belongs to the BUILTIN/Administrators group, then it automatically belongs to the sysadmin
server role. You can check this yourself by highlighting the sysadmin server role, right-clicking it, and
selecting Properties to bring up the dialog box shown in Figure below . You should see

BUILTIN/Administrators listed. As more logins are created, they can be added to this role via the Add button.

• Fixed database roles

Database roles deal with actions that are performed at the database level. Actions within SQL Server can be
grouped into different types of actions.
 Training, Teaching and Learning Materials (TTLM)
Following are the existing database roles installed with SQL Server and what they can or cannot do:
• dbo/db_owner: Specifies the owner of the database
• db_accessadmin: Can manage access to a database for logins
• db_backupoperator: Can back up the database
• db_datareader: Can read data from all user-defined tables
• db_datawriter: Can perform any write actions to user tables
• db_ddladmin: Can perform Data Definition Language (DDL) actions like creation of tables
• db_denydatareader: Cannot read data from user tables

• db_denydatawriter: Cannot write data from user tables

• db_securityadmin: Can modify database role membership and manage permissions
• public: Can see any database objects that are created with public, or full rights, access
(Every user that you create will belong to the public database role.)

User defined database roles

We cannot create or change server level roles, but it is possible database level role.
After you create a database level role, configure the database-level permissions of the role by using
GRANT, DENY, and REVOKE.
Syntax: CREATE ROLE role_name [AUTHORIZATION owner_name ]

Role_name is the name of the role to be created.

AUTHORIZATION owner_name is the database user or role that is to own the new role. If no user
is specified, the role will be owned by the user that executes CREATE ROLE.

Example: CREATE ROLE student

-To add user u1 to be the member of student role, EXECUTE sp_addrolemember ‘student’,’u1’

-To add user u1 to be the member of fixed database role, EXECUTE sp_addrolemember

Example:sp_addrolemember ‘db_accessadmin’,’u1’

- We can drop roles using the Drop role role_name code

- We can remove membership from roles using sp_droprolemember stored procedure

Example; sp_droprolemember db_accessadmin, ‘u1’

2. Granting Permissions
The GRANT statement is used to give privilege to users or roles.

GRANT –give user privileges on an object. Does not override implicit denied permissions
 Training, Teaching and Learning Materials (TTLM)
Note: if the permission is given via the [WITH GRANT OPTION], all users in the TO clause can themselves pass
on the privilege to other users.

Examples: GRANT SELECT ON student to u1

GRANT SELECT, INSERT, UPDATE (salary) ON employee to u1

Grant insert on orders to test

Grant delete, update on customers to test

The privileges that can be granted are divided into four groups:

• Column privileges relate to one specific column of a table for example, the privilege to update the
values in the AMOUNT column of the PENALTIES table with UPDATE statements.

• Table privileges relate to all data of one specific table for example, the privilege to query all the
data of the PLAYERS table with SELECT statements.

• Database privileges relate to all tables of one specific database for example, the privilege to create
new tables in the existing TENNIS database.

The GRANT command grants access privileges on database objects to individualusers. Only the object owner,
a DBA or a SYSADM may execute the command.Object privileges control which database objects a user can
access and the actions theycan perform. There are seven object privileges: SELECT,

INSERT, DELETE,UPDATE, INDEX, ALTER, and REFERENCE. The keywords ALL and ALLPRIVILEGES
can also be used to simultaneously grant privileges on an object.

•SELECTprivilege is used to select data in a database object, applies to the entireobject, and cannot

be granted to specific columns.

•INSERTprivilege is used to insert new data into a database object. The privilegecan also be restricted

to specific columns.

•DELETEprivilege is used to delete data from a database object, applies to theentire object and

cannot be granted on specific columns.

•UPDATEprivilege is used to update data in a database object. The privilege canalso be restricted to specific

columns.
 Training, Teaching and Learning Materials (TTLM)
•INDEXprivilege is used to create an index on a database object, applies to theentire object, and cannot

be granted on specific columns.

•ALTER privilege is used to alter the schema of a database object, applies to theentire object and cannot

be granted on specific columns.

•REFERENCE privilege is used to create referential constraints, such as foreignkeys, on a database object.

The privilege can also be restricted to specificcolumns

User privileges relate to all databases that are known to SQLfor example, the privilege to remove existing databases
or to create new ones.

Syntax

Notedatabase privilege also have the privilege of create, drop and lock table privilege

Over view of privileges

 Training, Teaching and Learning Materials (TTLM)

3. DENY –remove user privileges on an object overrides any implicit permission grants
Examples:
• deny select on customers to test
• deny insert on orders to test
test
• deny delete, update on customers to
4. Revoking Permissions
The REVOKE statement withdraws or revokes privileges from a user without deleting that user from the
USERS table. This statement has the opposite effect of the GRANT statement.
REVOKE–resets user privileges on an object In other words, removes explicit grant or deny Examples:
• revoke select on customers to test
• revoke insert on orders to test
revoke delete,updateon customers to test

Examples: REVOKE DELETE ON employee from u1

 Training, Teaching and Learning Materials (TTLM)
REVOKE DELETE, INSERT ON employee from u1

REVOKE GRANT OPTION FOR DELETE ON EMPLOYEE FROM U1 CASCAD

Principals and Securable

A principalis any individual, group, or process that can request access to a protected resource and
be granted permission to access it.

Every database user automatically belongs to the fixed public role.

Windows-level principals
• Windows Domain login
• Windows Local login
• Windows group
SQL Server-level principals
• SQL Server login
• SQL Server login mapped to a Windows login
• SQL Server login mapped to a certificate
• SQL Server login mapped to an asymmetric key
Database-level principals
• Database user
• Database user mapped to SQL Server login
• Database user mapped to a Windows login
• Database user mapped to a certificate
• Database user mapped to an asymmetric key
• Database role
• Application role
• Public role
Securable objects in SQL Server 2008. At the server level, you can secure network endpoints
to control the communication channels into and out of the server, as well as databases, bindings,
and roles and logins.
At the database and
schema level,
virtually every
object you can
create is
securable,
including those
that reside within a
schema.
 Training, Teaching and Learning Materials (TTLM)
SQL Server does not allow cross-database permissions. To grant such permissions, create a duplicate
user in each database and separately assign each database's user the permission

Administrative User Accounts

What is the difference between Database Administrator and System Administrator?

A database administrator is a person responsible for

the installation, configuration, upgrade, administration, monitoring and maintenance of databases in an
organization.

The role includes the development and design of database strategies, system monitoring and improving database
performance and capacity, and planning for future expansion requirements. They may also plan,

Co-ordinate and implement security measures to safeguard the database.

A System Administrator is generally responsible for all parts of the computer network, such as user accounts,
computer accounts, domain trusts, email accounts, etc.

The System Administrator is probably specialized in the network server operating systems and user
administration; where as a Database Administrator will be highly specialized with the specific database server
and client.

A network administrator maintains network infrastructure such as switches and routers, and diagnoses problems
with these or with the behavior of network-attached computers.

Authorization, privileges, and roles

Users can successfully execute operations only if they have the authority to perform the specified function.

For example: To create a table, a user must be authorized to create tables; to alter a table. Authorization

In computing systems, authorization is the process of determining which permissions a person or system is
supposed to have. In multi-user computer systems, a system administrator defines which users are allowed
access to the system, as well as the privileges of use for which they are eligible (e.g., access to file
directories, hours of access, amount of allocated storage space).
Privileges
A privilege is a permission to perform an action or a task. Authorized users can create objects, have access
to objects they own, and can pass on privileges on their own objects to other users by using the GRANT
statement. Privileges may be granted to individual users or roles (groups).
 Training, Teaching and Learning Materials (TTLM)
You can apply five different kinds of user privileges. A user may be able to view, delete, insert, or update
information in a table or view.

A user who has no privileges to a table is not able to use the table at all. Role

A role is a group of privileges that can be granted to users as one unit. You can create roles and assign
users to certain roles. A single user may have more than one role assigned, and a single role may have more
than one user assigned. All roles are granted to users with the GRANT ROLE statement.

3.2 Network security breaches in database

Monitoring network server log-in log file for illegal log-in attempts or for security breach

Network monitoring

The term network monitoring describes the use of a system that constantly monitors a computer network
for slow or failing components and that notifies the network administrator in case of outages. Network
Server Monitoring allows a network administrator to track the health of network servers in real time.
Network Server Monitoring can identify servers that are in danger of malfunctioning before a malfunction
occurs so that the administrator can proactively repair the server. Network Server Monitoring allows a single
administrator to maintain many remote network servers.

3.2.1 Backup operator

A backup operator is a user that can backup and restore the computer regardless of file system security. By
default, users are allowed to backup and restore files for which they have the appropriate file and directory
permissions without requiring membership in the Backup Operators group. The Backup Operators group
allows users to backup and restore files regardless of whether they have read or write access to the files.

3.2.2 Account operator

By default, Account Operators have permission to create, modify, and delete accounts for users, groups, and
computers in all containers and organizational units of Active Directory except the Built-in container and
the Domain Controllers. Account Operators do not have permission to modify the Administrators and
Domain Admins groups, nor do they have permission to modify the accounts for members of those groups.

3.2.3 Server operator

Server Operators is a local group that allows a user to perform general administrator tasks. These tasks
include sharing server resources, performing file backup and recovery, etc. As with other operator accounts,
 Training, Teaching and Learning Materials (TTLM)
Server Operators can also log on to a server locally and shut it down. Server Operators can perform most
common server administration tasks.

Members of this group can perform server management tasks such as creating, changing, and deleting
shared printers, shared directories, and files. They can also backup and restore files, lock the server console
and shutdown the system, but they cannot modify system policies or start and stop services.

3.2.4 Domain administrator settings

The domain administrator creates, Edit and deletes users, manages domains settings and View domains
statistics. The domain administrator account members are allowed administrative privileges for the entire
domain. By default, the group has the local Administrator account on the Domain Controller as its member.
When a computer joins a domain, the Domain Administrator group is added to the Administrators group.
When a server becomes a domain controller, the Enterprise Administrator group also is added to the
Administrators group. The Administrators group has built-in capabilities that give its members full control
over the system. The group is the default owner of any object that is created by a member of the group.

Setting Up Domain Administrator Account

After you have created and configured the Active Directory domain, you should make a domain administrator
account. To set up a domain administrator account, you should:

• create a new user on the domain controller;

• Include the newly created user in the Domain Admins group.
First, you should create a new user account on the domain controller. To this effect, complete the following
tasks:

1. Log in to the domain controller.

2. Click Start, point to Administrative Tools, and click Active Directory Users and Computers.
3. In the left pane of the Active Directory Users and Computers window, expand the contents of the newly
created Active Directory domain.

4. Right-click the Users folder, point to New, and select User.

5. In the New Object - User window, do the following:

o Type your first and last names in the First name and Last name fields, respectively.

o In the User logon name field, type a name that will be used to log on to the Active Directory
domain. For example:
 Training, Teaching and Learning Materials (TTLM)

6. After providing the necessary information, click Next.

7. Specify an arbitrary password for the domain administrator account and click Next

8. The last window allows you to

review the parameters provided by on
the previous steps. If you wish to modify any parameters, click Back; otherwise, click Finish to create the
domain administrator account.

Now you should include the newly created account in the Domain Admins group, which will allow this account
to perform administrative tasks in the domain context. To this effect, do the following:

9. In the Active Directory Users and Computers window (Start -->Administrative Tools -->Active Directory
Users and Computers), right-click the created user account and select Properties.

10. Select the Member Of tab and click Add.

11. In the Select Groups dialog box, type Domain Admins and click OK.
 Training, Teaching and Learning Materials (TTLM)

12. Click OK.

Adding Nodes to Domain

After you have created the Active Directory domain and the domain administrator account, you should add
all the nodes to the domain. This can be done as follows:

1. Log in to the first node you wish to add to the domain, right-click the My Computer icon, and click
Properties.

2. Select the Computer Name tab and click Change.

3. In the Computer Name Changes window, do the following:

o In the Computer name field, specify a server hostname. This name will be used to uniquely
identify the given node among other nodes in the cluster. By default, you are offered to use
the hostname assigned to the node during the Windows Server 2003 installation. However, we
recommend that you change this hostname to something more descriptive (e.g.

CLUSTERNODE1).
o Select the Domain radio button and type the domain DNS name (you specified this name
during the Active Directory domain). In our example the domain DNS name should be set to

mycompany.local.
After providing the necessary information, your window may look like the following:

When you are ready, click OK.

 Training, Teaching and Learning Materials (TTLM)
4. In the Computer Name Changes window, type the username and password of the domain administrator
account and click OK.

5. Click OK to close the displayed message welcoming you to the domain and then click OK once more to
close the Computer Name Changes window.

6. Restart the node.

7. Perform Steps 1-6 for all the remaining cluster nodes.

3.3 Manage database system resources

 Managing systemresources in the context of database administration

System resource is a tool used by either hardware to alert software of a need or by software to control a
function of hardware. Resource management is the dynamic allocation and de-allocation by an operating
system of processor cores, memory pages, and various types of bandwidth to computations that compete for
those resources. The objective is to allocate resources so as to optimize responsiveness subject to the finite
resources available. Data administration or data resource management is an organizational function
working in the areas of information systems and computer science that plans, organizes, describes and
controls data resources. Data resources are usually as stored in databases under a database management
system.