Databases Reference
In-Depth Information
at any moment, either directly or through an application. Again, there are soft-
ware utilities that enable them to perform these functions.
Monitoring the database users is done from several perspectives. One is the mat-
ter of access security, making sure that only authorized personnel access the data.
This includes managing database users and authorizing user access to the data-
base, as ordered by data administration personnel in conjunction with the data
owners. Another perspective is the need to maintain records on the amount of
use the various users make of the database. This can have implications in future
load balancing and performance optimization work. This information can also
be used in allocating system costs among the various users and applications.
A related concern is database auditing. Even assuming that only authorized
users have accessed the database, reasons involving accounting and error cor-
rection require that a record be kept of who has accessed and who has modi-
fied which data items. This is also critical if you suspect unauthorized access,
someone hacking into the database. This
audit trail,
the ongoing log of user activ-
ity, is a necessary tool when attempting to detect and hopefully block unautho-
rized access. The level of auditing supported is DBMS-specific. Some DBMSs are
limited to tracking user connections only, or simply to the fact that the user
accessed database data. Others can record detailed activity, including specific data
modifications.
Managing Metadata
There are multiple concerns relating to managing metadata. In most cases, data-
base administrators are the only individuals who should have direct access to
metadata. This means that, except in some specific, limited instances, database
administrators are the only ones who should be making changes to the meta-
data information. When permission to make metadata changes is delegated, it
needs to be both carefully tracked and tightly controlled. You can configure SQL
Server, for example, to not only block metadata changes, but to also log the
attempt, including the user or application trying to make metadata changes.
The database administrator, working with the data administrator, may also
need to publish some of the database structure. Users and application pro-
grammers often need to understand, at some level, how database objects are
structured to enable database access. However, DBMSs give you ways of iso-
lating the database tables from direct access, including views and user stored
procedures.
The database administrator is also responsible for both documenting
and protecting the database metadata. This means backing up the metadata
in case of problems and documenting database and database object structure.
One way of doing this is by scripting the databases, creating scripts that can
be run to recreate database objects or, if necessary, to completely recreate the
database.
