DATA MANAGEMENT SYSTEMS

DATA MANAGEMENT APPROACHES

2 GENERAL APPROACHES TO DATA MANAGEMENT

Two ways how users access database

1 Formal Access
User program, prepared by system professional, send
data access request to the DBMS, which validate the
request and retrieve the data for processing. Under
this access the presence of the DBMS is transparent
to the users.
2
Informal Access
Users can access data via direct query, which
requires no formal user program using DBMS. It
allows authorize users to process data independent of
professional programmers by providing a friendly
environment for integrating and retrieving data.

DATA BASE MODEL

FLAT FILE MODEL

Database Approach
-this approach centralizes the organizations data into
a common database that is shared by other users.
DBMS is a special software system that is programmed to know
which data elements each user is authorized to access.
Key Elements of the Database environment

5 elements of database management include;

The database management system (DBMS)

User

Database planning

Develop organizational database strategy

Define database environment

Define data requirement

Develop data dictionary

Design

Logical database
External users view demand
Internal view of database
Database control

The Physical Database

This is the lowest level of the database and
the only level that exist in physical form. It consists of
magnetic spots on metallic coated disks. At the
physical level, the database forms a logical collection
of records and files that constitute the firms data
resource.

The database administrator

The physical database
DBMS models
Users These are the persons that use database
management.

Database Administrator is responsible for managing

the database resources. The duties of the DBA fall
into the following areas: database planning; database
design; database implementation, operation and
maintenance; database growth and change.

Growth and Change

Plan for change and growth

Evaluate new technology

Implementation

Determine access policy

Implement security control

Specify tests procedure

Establish programming standard

Operation and Maintenance

Evaluate database performance

Recognize database as user needs

Review standard and procedure

allows representing information using
parent/child relationships: each parent
can have many children, but each child
has only one parent (also known as a 1to-many relationship). The IBM
Information Management
System (IMS) is the most popular
example of hierarchical database.
2.

Network database model is

a database model conceived as a
flexible way of representing objects and
their relationships. While
the hierarchical database
model structures data as a tree of
records, with each record having one
parent record and many children, the
network model allows each record to
have multiple parent and child records,
forming a generalized graph structure.

3.

Relational database model is first

formulated and proposed in 1969
by Edgar F. Codd. The formal model

DBMS Models
A data model is an abstract representation of
the data about entities, including resources, events and
transactions, and agents (personnel or customer) and their
relationships in an organization. The purpose of a data
model is to represent entity attributes in a way that is
understandable to users.
o

1.

3 common models
Hierarchical database model is a data
model in which the data is organized
into a tree-like structure. The structure

has its foundation in relational algebra

and set theory, which provide the
theoretical basis for most of the data
operation used. The purpose of the
relational model is to provide
a declarative method for specifying data
and queries. The relational model of
data permits the database designer to
create a consistent, logical
representation of information.

Access control models are sometimes categorized as

either discretionary or non-discretionary. The three most widely
recognized models are Discretionary Access Control (DAC),
Mandatory Access Control (MAC), and Role Based Access
Control (RBAC). MAC is non-discretionary.

Attribute-based access control

In attribute-based access control (ABAC),

Flat-File Approach
-are data files that contain records with no structured
relationship to other files. This approach is most often associated
with so called legacy systems. These are often large mainframe
systems that were implemented in the 1970s and 1980s. Some
organizations today still make extensive use of such systems.
Eventually, they will be replaced by modern database
management systems, but in the meantime, auditors must
continue to deal with legacy-system technologies.
- This approach promotes a single-user view
approach to data management whereby end users own their
data rather than share them with others users. It is therefore
structured, formatted and arranged to suit the specific needs of
the owner or primary user of the data. It may exclude data
attributes that are useful together users, thus preventing
successful integration of data across the organization. When
multiple users need the same data for different purposes, they
must obtain separate data sets structured to their specific needs.

access is granted not based on the rights of the subject

associated with a user after authentication, but based on
attributes of the user. The user has to prove so-called claims
about his attributes to the access control engine. An attributebased access control policy specifies which claims need to be
satisfied, in order to grant access to an object. For instance the
claim could be "older than 18". Any user that can prove this claim
is granted access. Users can be anonymous when
authentication and identification are not strictly required. One
does, however, require means for proving claims anonymously.
This can for instance be achieved using anonymous
credentials[citation needed]. XACML (extensible access control markup
language) is a standard for attribute-based access control.
XACML 3.0 was standardized in January 2013.

Discretionary access control (DAC) is a

Four Significant Problems to Flat-File Approach

1.
2.

3.

4.

Data Storage the organization must incur the costs

of multiple collection and multiple storage procedures.
Data Updating- organizations store a great deal of
data in master files and reference files that require
periodic updating to reflect changes.
Currency of Information- in contrast to the problem of
performing multiple updates is the problem of failing
to update all user files that are affected by a change
in status. If updated information is not properly
disseminated, the change will not be reflected in
some users data, resulting in decisions based on
outdated information.
Task-data dependency- inability to obtain additional
information as the users needs change.

Discretionary access control

policy determined by the owner of an object. The owner decides

who is allowed to access the object, and what privileges they
have.
Two important concepts in DAC are:

File and data ownership: Every object in the system

has an owner. In most DAC systems, each object's initial
owner is the subject that caused it to be created. The
access policy for an object is determined by its owner.

Access rights and permissions: These are the

controls that an owner can assign to other subjects for

ACCESS CONTROLS

specific resources.
Access controls may be discretionary

Access control is one of the fundamental services that

any Data Management System should provide. Its main goal is
to protect data from unauthorized read and write operations. This
is particularly crucial in today's open and interconnected world,
where each kind of information can be easily made available to a
huge user population, and where a damage or misuse of data
may have unpredictable consequences that go beyond the
boundaries where data reside or have been generated.
Access Control Models

in ACL-based or capability-based access control systems. (In

capability-based systems, there is usually no explicit concept of
'owner', but the creator of an object has a similar degree of
control over its access policy.)

Mandatory access control

Mandatory access control refers to

Backup Controls in the Flat-file Environment

allowing access to a resource if and only if rules exist that allow

a given user to access the resource. It is difficult to manage, but

Grandparent-Parent-Child Backup Technique

its use is usually justified when used to protect highly sensitive

information.

The backup procedure begins when the current (the

parent) is processed against transaction files to

Data import and export: Controlling the

produce a new updated master file (the child). With

import of information from other systems and export to other

the next batch of transactions, the child becomes the

systems (including printers) is a critical function of these

current master files (the parent), and the original

systems, which must ensure that sensitivity labels are properly

parent becomes the backup (grandparent) file.

maintained and implemented so that sensitive information is

appropriately protected at all times.

Role-based access control

Data values in direct access files are changed in

place

Role-based access control (RBAC) is an

process

called

destructive

changed, the original value is destroyed, leaving only

used in commercial applications and also in military systems,

one version (the current version) of the file. To provide

where multi-level security requirements may also exist. RBAC

backup, direct access files must be copied before

differs from DAC in that DAC allows users to control access to

being updated.

their resources, while in RBAC, access is controlled at the

viewed as a set of permissions.

through

replacement. Therefore, once a data value is

access policy determined by the system, not the owner. RBAC is

system level, outside of the user's control. A role in RBAC can be

Direct Access File Backup

Off-site Storage

As an added safeguard, backup files created under

both the GPC and the direct access approaches

Three primary rules are defined for RBAC:

should be stored off-site in a secured location.

1.

Role assignment: A subject can execute a transaction

only if the subject has selected or been assigned a

Backup Controls in the Database Environment

suitable role.

2.

Backup

Role authorization: A subject's active role must be

authorized for the subject. With rule 1 above, this rule

The backup feature makes a periodic backup of the

ensures that users can take on only roles for which

entire database. This is an automatic procedure that

they are authorized.

should be performed at least once a day. The backup

copy should then be stored in a secure remote area.

3.

Transaction authorization: A subject can execute a

transaction only if the transaction is authorized for

Transaction Log (Journal)

the subject's active role. With rules 1 and 2, this rule

ensures that users can execute only transactions for

The transaction log feature provides an audit trail of

which they are authorized.

all processed transaction. It lists transactions in a

transaction log file and records the resulting changes
to the database in a separate database change log.

BACK UP CONTROL
A backup is a copy of data. This copy can include

Checkpoint Feature

important parts of the database, such as the control file and data
files. A backup is a safeguard against unexpected data loss and

The checkpoint facility suspends all data processing

application errors. If you lose the original data, then you can

while the system reconciles the transaction log and

reconstruct it by using a backup.

database change log against the database.

Recovery Module

The recovery module uses the logs and backup files

to restart a system after a failure.