| |
Home |
![[Table of Contents]](/dwicons/b_toc.gif)
|
Security Administration Guide |
![[-]](/dwicons/i_colpse.gif)
| Glossary |
A process that runs every time SQL Server is stopped and restarted. The process ensures that all transactions that have completed before the server went down are brought forward and all incomplete transactions are rolled back.
A copy of a database or transaction log, used to recover from a media failure.
One or more Transact-SQL statements terminated by an end-of-batch signal, which submits them to SQL Server for processing. The Report WorkbenchTM and other client software supply end-of-batch signals to SQL batches automatically.
A wide variety of functions that take one or more parameters and return results. The built-in functions include mathematical functions, system functions, string functions, text functions, date functions, and a type conversion function.
The utility for copying data in and out of databases, called bcp.
A set of specific (usually standardized) characters with an encoding scheme that uniquely defines each character. ASCII and ISO 8859-1 (Latin 1) are two common character sets.
Changing the encoding scheme of a set of characters on the way into or out of SQL Server. Conversion is used when SQL Server and a client communicating with it use different character sets. For example, if SQL Server uses ISO 8859-1 and a client uses Code Page 850, character set conversion must be turned on so that both server and client interpret the data passing back and forth in the same way.
The point at which all data pages that have been changed are guaranteed to have been written to the database device.
An index in which the physical order and the logical (indexed) order is the same. The leaf level of a clustered index represents the data pages themselves.
See character set.
See sort order.
An instruction that specifies an operation to be performed by the computer. Each command or SQL statement begins with a keyword, such as insert, that names the basic operation performed. Many SQL commands have one or more keyword phrases, or clauses, that tailor the command to meet a particular need.
A command terminator is the end-of-batch signal that sends the batch to SQL Server for processing.
Context-sensitive protection provides certain permissions or privileges, depending on the identity of the user. This type of protection can be provided by SQL Server using a view and the user_id built-in function.
See character set conversion.
The process of setting up databases and creating database objects such as tables, indexes, rules, defaults, constraints, procedures, triggers, and views.
The system tables that contain descriptions of the database objects and how they are structured.
Adding, deleting, or changing information in the database with the insert, delete, and update commands.
A set of related data tables and other database objects that are organized and presented to serve a specific purpose.
A device dedicated to the storage of the objects that make up databases. It can be any piece of disk or a file in the file system that is used to store databases and database objects.
A database object is one of the components of a database: table, view, index, procedure, trigger, column, default, constraint, or rule.
The user who creates a database becomes the Database Owner. A Database Owner has control over all the database objects in that database. The login name for the Database Owner is "dbo".
Specifies what kind of information each column will hold, and how the data will be stored. Datatypes include char, int, money, and so on. Users can construct their own datatypes in SQL Server based on the SQL Server system datatypes. User-defined datatypes are not supported in Sybase SQL ToolsetTM.
A function that displays information about dates and times, or manipulates date or time values. The five date functions are getdate, datename, datepart, datediff and dateadd.
In a user's own database, SQL Server recognizes the user as "dbo". A database owner logs into SQL Server using his or her assigned login name and password.
A situation which arises when two users, each having a lock on one piece of data, attempt to acquire a lock on the other's piece of data. The SQL Server detects deadlocks, and kills one user's process.
The option chosen by the system when no other option is specified.
The database that a user gets by default when he or she logs in.
1. The default language of a user is the language that displays that user's prompts and messages. It can be set with sp_modifylogin or the language option of the set command.
2. The SQL Server default language is the language that is used to display prompts and messages for all users unless a user chooses a different language.
A demand lock prevents any more shared locks from being set on a data resource (table or data page). Any new shared lock request has to wait for the demand lock request to finish.
"Dirty reads" occur when one transaction modifies a row, and then a second transaction reads that row before the first transaction commits the change. If the first transaction rolls back the change, the information read by the second transaction becomes invalid.
Restricts access to objects based on identity and/or group membership. The controls are discretionary in the sense that a user with a certain access permission (for example, an object owner) is capable of passing access permission on to any other user (such as with the grant command).
Disk allocation pieces are the groups of allocation units from which SQL Server constructs a new database file. The minimum size for a disk allocation piece is one allocation unit, or 256 2K pages (256 4K pages on Stratus).
The process of preparing a database partition, foreign device or file for SQL Server use. Once the device is initialized, it can be used for storing databases and database objects. The command used to initialize a database device is disk init.
A duplicate of a SQL Server database device. All writes to the device being mirrored are copied to a separate physical device, making the second device an exact copy of the device being mirrored. If one of the devices fails, the other contains an up-to-date copy of all transactions. The command disk mirror starts the disk mirroring process.
The number of significant binary digits offered by the default display format for real and float values. Internally, real and float values are stored with a precision less than or equal to that of the platform-specific datatypes on which they are built. For display purposes, Sybase real values have 9 digits of precision; Sybase float values, 17.
Interleaving of dump data across several dump volumes.
A single tape, partition, or file used for a database or transaction dump. A dump can span many volumes, or many dumps can be made to a single tape volume.
A dump made while the database is active.
A process running a SQL Server that communicates with other server processes using shared memory. An engine can be thought of as one CPU's worth of processing power. It does not represent a particular CPU on a machine. Also referred to as "server engine."A SQL Server running on a uniprocessor machine will always have one engine, engine 0. A SQL Server running on a multiprocessor machine can have one or more engines. The maximum number of engines running on SQL Server can be reconfigured using the max online engines configuration variable.
A message that SQL Server issues, usually to the user's terminal, when it detects an error condition.
The number attached to a SQL Server error message that allows unique identification of the line of SQL Server code at which the error was raised.
Locks that prevent any other transaction from acquiring a lock until the original lock is released at the end of a transaction, always applied for update (insert, update, delete) operations.
Returns values. An expression can be a computation, column data, a built-in function, or a subquery.
A file created while using bcp to copy data out from a table in a SQL Server database to an operating system file. The format file contains information on how the data being copied out is formatted and can be used to copy the data back into a SQL Server table or to perform additional copy outs.
A user-specified threshold that specifies the amount of space on a segment, and the action to be taken when the amount of space available on that segment is less than the specified space.
See built-in functions.
System-defined variables that SQL Server updates on an ongoing basis. For example, @@error contains the last error number generated by the system.
If the user name "guest" exists in the sysusers table of a database, any user with a valid SQL Server login can use that database, with limited privileges.
A hexadecimal-encoded binary string that begins with the prefix 0x and can include the digits 0 through 9 and the uppercase and lowercase letters A through F. The interpretation of hexadecimal strings is platform specific. For some systems, the first byte after the prefix is the most significant; for others, the last byte is most significant. For example, the string 0x0100 is interpreted as 1 on some systems and as 256 on others.
A string of characters used to identify a database object, such as a table name or column name.
See disk initialization.
A signed 32-bit integer value.
An intent lock indicates the intention to acquire a shared or exclusive lock on a data page.
Also called "locking level," isolation level specifies the kinds of actions that are not permitted while the current transaction executes. The ANSI standard defines 3 levels of isolation for SQL transactions. Level 1 prevents dirty reads, and level 2 also prevents non-repeatable reads. Level 3 prevents both types of reads and phantoms; it is equivalent to doing all selects with holdlock. The user controls the isolation level with the set option transaction isolation level; the default is isolation level 1.
A module within SQL Server that acts as the interface between SQL Server and the operating system.
A word or phrase that is reserved for exclusive use by Transact-SQL. Also called a "reserved word."
A default threshold in SQL Server that suspends or kills user processes if the transaction log has run out of room. This threshold leaves just enough space for the deallocation records for the pages cleared by the log dump itself. Threshold events call a user-defined procedure whose default name is sp_thresholdaction. This procedure is not supplied by Sybase; it must be written by the System Administrator.
The bottom level of a clustered or non-clustered index. In a clustered index, the leaf level contains the actual data pages of the table.
A request for an exclusive lock that is repeatedly denied because a series of overlapping shared locks keeps interfering. SQL Server detects the situation after four denials and refuses further shared locks.
The process of restricting access to resources in a multi-user environment to maintain security and prevent concurrent access problems. SQL Server automatically applies locks to tables or pages.
See isolation level.
The name a user uses to log into SQL Server. A login is valid if SQL Server has an entry for that user in the system table syslogins.
Restricts access to objects based on the sensitivity (as represented by a label) of the information contained in the objects and the formal authorization (that is, clearance) of users to access information of such sensitivity. This security feature is available with Secure SQL ServerTM, but not with the standard SQL Server.
Controls the user databases and the operation of SQL Server as a whole. Known as master, it keeps track of such things as user accounts, ongoing processes, and system error messages.
The number that uniquely identifies an error message.
See disk mirror.
A template for new user databases. The buildmaster program and the installmodel script create model when SQL Server is installed. Each time the create database command is issued, SQL Server makes a copy of model and extends it to the size requested, if necessary.
A character set that includes characters encoded using more than one byte. EUC JIS and Shift-JIS are examples of character sets that include several types of characters represented by multiple bytes in a Japanese language environment.
An index that stores key values and pointers to data. The leaf level points to data pages rather than containing the data itself. Compare to clustered index.
Non-repeatable reads occur when one transaction reads a row and then a second transaction modifies that row. If the second transaction commits its change, subsequent reads by the first transaction yield different results than the original read.
The standard rules of database design in a relational database management system.
Having no explicitly assigned value. NULL is not equivalent to zero, or to blank. A value of NULL is not considered to be greater than, less than, or equivalent to any other value, including another value of NULL.
A passive entity that contains or receives information, and that cannot change the information it contains. In SQL Server, objects can include rows, tables, databases, stored procedures, and views. See also database objects.
Permissions that regulate the use of certain commands (data modification commands plus select, truncate table, and execute) to specific tables, views, columns, or procedures. These permissions are granted and revoked by the owner of the object, who can grant them to other users. See also object creation permissions.
Permissions that regulate the use of commands that create objects (for example, create table, create procedure, and create database). These permissions can be granted only by a System Administrator or a Database Owner. See also object access permissions.
A group of programs that translates your commands to the computer, helping you perform such tasks as creating files, running programs, and printing documents.
1. An argument to a stored procedure.
2. A value passed between routines and/or forms.
The authority to perform certain actions on certain database objects or to run certain commands.
Phantoms occur when one transaction reads a set of rows that satisfy a search condition, and then a second transaction modifies the data (through an insert, delete, update, and so on). If the first transaction repeats the read with the same search conditions, it obtains a different set of rows.
A positive integer that determines the maximum number of digits that can be represented in a decimal, numeric, or float column.
See permission.
1. A request for the retrieval of data with a select statement.
2. Any SQL statement that manipulates data.
Permission to read an object (for example, to select rows from a table).
The process of rebuilding one or more databases from database dumps and log dumps. See also automatic recovery.
A stored procedure executed on a server different from the server the user is logged into.
The single login, "sa", which is created when SQL Server is installed. This login is configured with both the System Administrator and System Security Officer roles. To increase individual accountability, use the "sa" account to assign roles to individual logins.
A non-negative integer that determines the maximum number of digits that can be represented to the right of the decimal point. The scale of a datatype cannot be greater than its precision.
A persistent object in the database. It consists of the collection of objects associated with a particular schema name and user authorization identifier. The objects are tables, views, domains, constraints, assertions, privileges and so on. A schema is created by a create schema statement.
A multilevel trusted database management system that is targeted for evaluation at the Class B1 criteria. It is an enhanced version of the standard SQL Server, which is targeted for evaluation at the Class C2 criteria. The requirements for both criteria are given by the Department of Defense in DOD 52.00.28-STD, Department of Defense Trusted Computer System Evaluation Criteria (TCSEC), also known as the "Orange Book." The Secure SQL Server adds security functions to those offered by the standard server, including mandatory access controls. See also SQL Server and mandatory access controls.
A named subset of database devices available to a particular database. It is a label that points to one or more database devices. Segments can be used to control the placement of tables and indexes on specific database devices.
See engine.
The ID number by which a user is known to SQL Server.
The severity of an error condition: errors with severity levels of 19 and higher are fatal errors.
A lock created by non-update ("read") operations. Other users may read the data concurrently, but no transaction can acquire an exclusive lock on the data until all the shared locks have been released.
Used by SQL Server to determine the order in which character data is sorted. Also called "collating sequence".
The server in Sybase's client-server architecture. SQL Server manages multiple databases and multiple users, keeps track of the actual location of data on disks, maintains mapping of logical data description to physical data storage, and maintains data and procedure caches in memory. SQL Server supports security features such as discretionary access controls and division of roles. The Server is targeted to evaluate at the Class C2 criteria.
See System Security Officer.
A statement begins with a keyword that names the basic operation or command to be performed.
A collection of SQL statements and optional control-of-flow statements stored under a name. SQL Server-supplied stored procedures are called system procedures.
An active entity that can manipulate database objects. In SQL Server, subjects include users and processes acting on behalf of users.
A user in charge of SQL Server system administration, including managing disk storage, granting and revoking the System Administrator role, and creating new databases. See also sa account.
The four databases on a newly installed SQL Server: the master database, which controls user databases and the operation of SQL Server; the temporary database (tempdb), used for temporary tables; the system procedures database (sybsystemprocs), and the model database (model), which is used as a template to create new user databases.
A function that returns special information from the database, particularly from the system tables.
Stored procedures that SQL Server supplies for use in system administration. These procedures are provided as shortcuts for retrieving information from the system tables, or mechanisms for accomplishing database administration and other tasks that involve updating system tables.
A user who controls security-related operations in SQL Server, including auditing, locking and unlocking login accounts, and password management. See also sa account.
One of the data dictionary tables. The system tables keep track of information about SQL Server as a whole and about each user database. The master database contains some system tables that are not in user databases.
The temporary database (tempdb) in SQL Server that provides a storage area for temporary tables and other temporary working storage needs (for example, intermediate results of group by and order by).
A mechanism for ensuring that a set of actions is treated as a single unit of work.
A system table (syslogs) in which all changes to the database are recorded.
A special form of stored procedure that goes into effect when a user gives a change command such as insert, delete, or update to a specified table or column. Triggers are often used to enforce referential integrity.
User authorization identifiers are associated with each schema. All the objects are said to be owned by or to have been created by the associated user authorization identifier for the schema.
The ID number by which a user is known in a specific database. Distinct from server user ID.
An alternative way of looking at the data in one or more tables. Usually created as a subset of columns from one or more tables.
Permission to write an object (for example, to update a row or to add a row to a table).
|
|