Professional Documents
Culture Documents
L03 Data Control
L03 Data Control
L03 Data Control
3
VIEWS
A view is a (virtual) relation generated from a base relation
In SQL, a SELECT-query is stored as a VIEW
4
VIEWS IN DISTRIBUTED DBMS
Views might be derived from fragments.
5
TAKEN FROM SNOWFLAKE INC.
Regular view ✔ ✔
Cached query ✔
result
Materialized view ✔ ✔ ✔ ✔
6
VIEW REFRESHING
1. Immediate mode
When underlying data is updated
View is always consistent but increases update times
7
INCREMENTAL VIEW MAINTENANCE
You can utilize:
1. Counting algorithm
• Count the changes done to the base relation to update the views
2. Data skew
• Use different join plans based on differences in the amount of data and changes
• Rebalance
8
DATA SECURITY
Data protection
Prevents the content of data to be understood by unauthorized users
Encryption / decryption
Access control
Prevent the access and operations of data by unauthorized users
Discretionary access control (DAC)
▪ Authorization granted to subject within the database
9
DISCRETIONARY ACCESS CONTROL
Main actors
Subjects (users, groups of users) who execute operations
Operations (queries, functions, procedures)
Objects (data attribute, entity, row, table, etc.)
10
MANDATORY ACCESS CONTROL
Often associated with Multi-level access control (MLS)
Different security levels (clearances)
Top Secret > Secret > Confidential > Unclassified
11
MAC IN RELATIONAL DB
A relation can be classified at different levels:
Relation: all tuples have the same clearance
Tuple: every tuple has its own clearance
Attribute: every attribute has its own clearance
12
https://www.ekransystem.com/en/blog/mac-vs-dac
13
PROS AND CONS
PROS CONS
DAC Flexible Low level of protection
Easy to maintain User privilege overlap
User-friendly Access management
Granular maintenance
MAC High level of protection Difficult to scale
Granularity Manual maintenance
Fewer errors
https://www.ekransystem.com/en/blog/mac-vs-dac
14
ADDITIONAL PROBLEMS IN A DISTRIBUTED
ENVIRONMENT
Remote user authentication
Usually done using a service
The service should be replicated to multiple sites
15
SEMANTIC INTEGRITY CONTROL
Maintain database consistency
Structural constraints
Unique keys, primary and foreign keys, etc.
Behavioral constraints
Dependencies in the relational model
Two components
Integrity constraint specification
Integrity constraint enforcement
16
DIFFERENT CONSTRAINTS
Data model related (predefined)
Primary, foreign, unique key
Attribute types, not-null
Functional dependency between data
Methods:
IF and CHECK conditions
17
INTEGRITY ENFORCEMENT
1. Detection
• Execute a given query
• Detect an inconsistency across the databases
• Fix or undo
2. Preventive
• Execute a query only if the data will stay consistent within the databases
• Need to determine what state counts as consistent (based on update rules)
• Can use various methods in relational databases, for example:
• CHECK conditions
• ASSERTIONS (check condition on multiple tables)
• TRIGGERS
18
PROBLEMS WITH DISTRIBUTED INTEGRITY
CONTROL
Definition of constraints
How are the constraints defined?
Where to store
Where are the constraints stored?
Enforcement
Where should the constraints be enforced to minimize costs or increase efficiency?
19
CONCLUSION
Solutions initially designed for centralized systems
Extended for distributed systems
Materialized views and group-based discretionary access control
20