| |
Home |
![[Table of Contents]](/dwicons/b_toc.gif)
|
(Workplace UNIX) Introducing SQL Server |
![[-]](/dwicons/i_colpse.gif)
| Chapter 2: Managing a SQL Server Installation |
This chapter discusses system-wide activities that you as System Administrator, or other designated users, perform while managing the SQL Server installation, including:
You can perform many of the activities described in this chapter interactively with SQL Server Manager, a Windows application for managing SQL Server. Use SQL Server Manager to:
Using SQL Server Manager, you can accomplish SQL Server management, administrative, and maintenance functions quickly and easily.
After you install SQL Server, you configure it using the configuration utility, sybinit. See Configuring Sybase SQL Server for your platform for instructions on using sybinit.
Backup Server is provided as part of SQL Server for Workplace UNIX. It is used for maintaining backup copies of your databases and transaction logging files. To use Backup Server, you need to activate it explicitly.
SQL Server supports international use through files that contain translated error messages, character set definitions, sort order definitions, and utilities for converting SQL Server's character set into the appropriate character set for a PC or terminal. These files are called localization files, and they are included when you install any Language Module with your SQL Server.
For users to access data stored on SQL Server, they must have:
Users may be organized into groups and permissions granted to the group. This mechanism allows similar types of users to be granted data access capabilities at one time, rather than one by one.
Activities related to setting up and managing SQL Server users are carried out by the System Security Officer, the System Administrator, and the Database Owner.
The table below summarizes the activities and who performs them.
Activity | Executed By |
|---|---|
Create new logins, assign default database and default language | System Security Officer |
Create groups | Database Owner or System Administrator |
Add users to database, assign aliases, assign groups | Database Owner or System Administrator |
Grant permissions on statements and database objects to groups or users | Database Owner, System Administrator, or database object owner |
Once an individual has been given a SQL Server login, that person may then become a database user for any user database on that server. Although a SQL Server login does not automatically grant the user access to a database, a default database may be assigned to a SQL Server login account that allows the user to directly access that database upon logging in.
After a user has been given access to a database, the owner of the database or the owner of objects within the database still must give the user permission to read, modify or delete data, use certain Transact-SQL statements, and execute stored procedures.
The System Security Officer sets up users and groups for individual databases on SQL Server. The System Security Officer also grants permissions to users and assigns a default database and default language for users. Users and their permissions are assigned for individual databases, one at a time.
Use the SQL Server Manager to manage SQL Server logins and database users and groups.
For a small installation, you can assign both System Security Officer and System Administrator roles to the same user in order to consolidate database user management activities with a single person. For large installations with many users, it is recommended that System Security Officer and System Administrator functions be separate and carried out by different users.
Passwords help prevent unauthorized access to SQL Server data. SQL Server passwords must be at least six characters long and can contain any printable letters, numerals, or symbols.
When creating your own password or one for another user, choose one that cannot be guessed. Do not use personal information, names or nicknames of pets or loved ones, or words that appear in the dictionary. The most secure passwords are ones that combine uppercase and lowercase characters with numbers and punctuation, for example, "4A$sk."
Users can change their passwords at any time.
A group is a mechanism for assigning a collective name to multiple database users for the purpose of granting and revoking permissions. Using groups, you can manage permissions for many users in a single operation.
Every user is a member of the predefined group "public" and can be a member of one other group. (Users remain in "public" whether or not they belong to another group.)
A System Administrator or Database Owner can create a group at any time. The System Administrator assigns or reassigns users to groups.
To accommodate occasional users of SQL Server, the System Security Officer can create a login name (for example, "visitor") and password that visiting users can use. Typically, such users are granted very restricted permissions.
Note that visitor accounts allow more than one person to log in to SQL Server on a single account. This results in poor auditing records, since you cannot distinguish the actions of individual users of the visitor account. To avoid this situation, assign each user a separate login account.
You can enable remote access to allow users on another SQL Server to execute stored procedures on your server. You can also set up users of your SQL Server to execute remote procedure calls to the remote server.
To enable remote procedure calls, both the local and the remote server must be specifically configured. The System Security Officer and the System Administrator share control over remote user access and any associated security issues. Database Owners are responsible for granting permissions to remote users.
A Database Owner can create a database user named "guest". Adding a guest user to a database allows an owner to permit all SQL Server users to use that database without having to name each one as a database user explicitly.
When the user name "guest" is first added to a database, "guest" inherits the privileges of the default group "public". The Database Owner and the owners of database objects can change these permissions to make the privileges of "guest" more or less restrictive.
For security reasons, you can lock a SQL Server account to prevent a particular user from logging in. To ensure that someone always has access, SQL Server maintains at least one unlocked System Security Officer account and one unlocked System Administrator account.
SQL Server Manager displays information about users, such as:
Additionally, Sybase-provided stored procedures report the following information about users:
The table below summarizes ways in which user information can be changed and who can make the changes.
Activity | Executed By |
|---|---|
Change another user's password | System Security Officer |
Change own password | User |
Change group assignment of a user | System Administrator, Database Owner |
Change a login account's default database, default language, or full name | System Administrator |
Change own default database, default language, or full name | User |
You can use an alias to treat more than one person as the same user, with the same privileges, inside a database. In particular, several users can assume the role of Database Owner.
For example, you might create an alias called "vp" to be used by all vice presidents, each of whom has an individual SQL Server account linked to that alias.
You also can use an alias to set up a collective user identity, within which the identities of individual users can be traced by auditing their activities. You cannot do this with a visitor or guest account.
As System Administrator, you are responsible for managing the physical resources used by SQL Server.
You must prepare database devices before you can create user databases to store information. This process is called initialization.
A database device stores the objects that make up databases. The term "device" does not necessarily refer to a distinct physical device. A database device is any piece of a disk (such as a partition or a file in the file system) used to store databases and database objects.
Databases are allocated storage space when you create or enlarge them. When creating a database, you can specify one or more database devices and the amount of space on each device to be allocated to the new database.
A System Administrator initializes new database devices. After initializing the devices, the System Administrator creates a pool of default database devices to be used by all SQL Server users when creating databases. Whenever users create (or enlarge) databases without specifying a database device, new disk space is allocated from this pool.
SQL Server uses default values for many aspects of its storage management¾where databases, tables, and indexes are placed and how much space is allocated for each of them. However, the System Administrator can modify any of these values.
After stabilizing an application and determining its data-handling requirements, you refine storage management to improve performance. These refinements are not an essential aspect of data definition, but rather a means of improving performance.
Some of the activities associated with management of physical resources are:
If you do not specify a size when creating a database, the database is created with the default amount of space. This amount will be the greater of these two values:
You can allocate more space for the model database as well as reset the database size configuration parameter.
It is difficult to reclaim storage space after it has been assigned. You cannot deallocate space that has been assigned to a database unless you drop the database first; however, you can always add more space.
When a database grows to fill all of the allocated space, you can add space for database objects or the transaction log, or both. Permission to enlarge a database defaults to the Database Owner.
The transaction log is a system table that records all changes made to a database. By default, the transaction log is located on the same device as the database, but unless you are creating very small, non-critical databases, you should always place the transaction log on a separate device.
Designating a separate device for the transaction log has the following benefits:
The size of the device required for the transaction log varies according to the amount of update activity and the frequency of transaction log dumps. In general, allocate to the log 10 to 25 percent of the space you allocate to the database itself.
Segments are named subsets of the database devices available to a specific database. A named segment functions as a label that points to one or more database devices. Use segment names when creating databases or indexes to place tables or indexes on specific database devices.
Using segments can improve SQL Server performance and give increased flexibility over placement, size, and space usage of specific database objects. For example:
You can use SQL Server Manager to create and manage segments. Or you can use Sybase-provided system stored procedures, if you prefer.
Mirroring a disk duplicates the database; all writes to the device are copied to a separate physical device. If one of the devices fails, the other contains an up-to-date copy of all transactions. Disk mirroring can provide recovery of SQL Server databases without downtime in the event of media failure.
When a read or write to a mirrored device fails, the bad device becomes unmirrored, and SQL Server displays an error message. SQL Server continues to run, unmirrored.
The decision about whether to implement disk mirroring should be based on your analysis of the trade-offs described in this section. You can also consider mirroring just the transaction logs, all devices on a server, or selected devices.
Disk mirroring involves the following cost and performance trade-offs:
Mirroring user databases increases the time needed to write transactions because they are written to two disks.
If disk mirroring is not implemented, recovery of SQL Server in the event of media or power failures causes system downtime that will impact productivity of your users.
You can achieve recovery without downtime when the master and user databases (including logs) are mirrored, and you can recover without the need to reload transaction logs.
Immediate recovery requires full redundancy (all databases and logs mirrored); this consumes disk space.
Using SQL Server Manager, you can issue any of the disk mirroring commands while the devices are in use, including starting or stopping the mirroring operation.
The System Administrator, System Security Officer, or Database Owner can monitor the performance of SQL Server and customize and fine-tune its operation.
The variables that affect SQL Server and database behavior are:
SQL Server for Workplace UNIX provides the following applications for performance tuning:
SQL Server for Workplace UNIX also provides a query tool, wisql, which you can use to execute stored procedures that change configuration parameters and database options.
Configuration parameters control various aspects of SQL Server's operating environment. When you install SQL Server, default values for these parameters are established, based on assumptions about how SQL Server is generally used. You can change the values of these parameters to fine-tune the performance of SQL Server.
Configuration parameters can be grouped according to the area of SQL Server behavior they affect:
System Administrators and System Security Officers can modify configuration parameters using SQL Server Manager or wisql.
Database options control many aspects of database behavior, such as:
System Administrators and Database Owners can configure the database option settings for a SQL Server database using SQL Server Manager or wisql.
The Transact-SQL set statement tells SQL Server how to handle queries and stored procedures. These query processing options are set for the duration of the user's work session. If a stored procedure contains a set statement, its effect lasts while the stored procedure executes. No permissions are required to use the set statement.
For example, the following statement causes SQL Server to stop processing queries after it returns the first ten rows:
set rowcount 10
You can execute the set statement from wisql.
SQL Server for Workplace UNIX provides two facilities for monitoring SQL Server activity: SQL Server Monitor and a set of predefined global variables.
SQL Server Monitor is a tool for gathering and displaying performance data. SQL Server Monitor helps you evaluate SQL Server operation, isolate the causes of performance problems, and gather statistics for capacity planning.
SQL Server Monitor consists of four components:
SQL Server Monitor provides system information about
SQL Server Monitor helps you manage SQL Server by:
SQL Server uses a series of pre-defined global variables that hold system-supplied values that track SQL Server activity. These variables are distinguished from local variables by having two @ signs preceding their names (for example, @@error). The global variable @@error, as an example, contains the number of the last error message generated by SQL Server.
You can find the values of these variables in either of two ways:
Execute the sp_monitor procedure to return the current values of global variables. You can monitor how they have changed since the last time you ran the procedure.
SQL Server can generate an audit trail to record system activity. The audit trail can detect all activity within SQL Server and its databases.
By examining the audit trail, the System Security Officer can inspect patterns of access to objects in databases and can monitor the activity of specific users. In the role of System Security Officer, you can:
The SQL Server audit system consists of these components:
You can audit the following SQL Server activities:
Sources of information for topics discussed in this chapter are listed below.
Topic | Source(s) of Information |
|---|---|
Aliases |
|
Auditing SQL Server |
|
Configuration, default installation |
|
Configuration parameters |
|
Configuring SQL Server |
|
Database devices |
|
Default devices |
|
Enlarging database |
|
Error log |
|
Groups |
|
Indexes |
|
Initializing SQL Server |
|
Installing and configuring SQL Server |
|
Localization |
|
Location of database |
|
Locking a user login |
|
Monitoring SQL Server |
|
Performance optimization |
|
Remote stored procedure calls |
|
Resource management |
|
SQL Server Manager |
|
Transaction log |
|
User information |
|
Users |
|
Utilities |
|
|
|