Deprecated: mysql_connect(): The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead in /home/lsp4you/public_html/connect.php on line 2 LSP4YOU - Learner's Support Publications
DBMS BCA Unit-5 Transaction - Definition Transaction - Examples COMMIT and ROLLBACK Properties of a Transaction States of Transactions The Concurrent Transactions Transactions - Lost Updates Transactions - Unrepeatable Reads Transactions - Dirty Reads Transactions - Inconsistent Analysis Serialisable Schedule Serial and Interleaved Schedule Precedence Graph Algorithm Precedence Graph Construction Non Serializable Schedule Locking Protocol Locks and Types of Locks Binary Locks Multiple-Mode Locks Shared and Exclusive Locks Two Phase Locking (2PL) Types of Two Phase Locking Database Security Goals Types of Database Security Threats to Databases Database Security & Authorization Subsystem Discretionary Security Mechanisms Mandatory Security Mechanisms Control Measures Access Control Inference Control Flow Control Data Encryption Database Security and the DBA DBA - Privileged Commands DBA Role Access Control, User Accounts and Database Audits System Log Database Audit Audit Trail Sensitive Data and Types of Disclosures Sensitive Data - Classification Factors Factors - Data is Safe Discretionary Access Control in a Database Account Level Privileges Relation Level Privileges Access Matrix Model Privileges on Relations


Access Control, User Accounts and Database Audits

Whenever a person or a group of persons needs to access a database system, the individual or group must first apply for a user account. The DBA will then create a new account number and password for the user if there is a legitimate need to access the database.

The user must log in to the DBMS by entering the account number and password whenever database access is needed.

The DBMS checks that the account number and password are valid; if they are, the user is permitted to use the DBMS and to access the database.

The database system must also keep track of all operations on the database that are applied by a certain user throughout each login session, which consists of the sequence of database interactions that a user performs from the time of logging into the time of logging off.

When a user logs in, the DBMS can record the user’s account number and associate it with the computer or device from which the user logged in. All operations applied from that computer or device are attributed to the user’s account until the user logs off.

It is particularly important to keep track of update operations that are applied to the database so that, if the database is tampered with, the DBA can determine which user did the tampering.