Domain Constraints: Domain of possible values must be associated with every attribute. Domains could be specified as below:

Transcription

1 UNIT III Integrity and Security: Domain Constraints Referential Integrity Assertions Triggers Security and Authorization Authorization in SQL.Relational-Database Design: Normalization -First Normal Form, Second Normal Form, Third Normal Form, Boyce-Codd Normal Form. Integrity and Security Integrity constraints provide a means of ensuring that changes made to the database by authorized users do not result in a loss of data consistency. Thus, integrity constraints guard against accidental damage to the data base. These constraints are in the forms: Key declarations: stipulation (condition) that certain attributes form a candidate key for a given entity set. The set of legal insertions and updates is constrained to those that do not create two entities with the same value on a candidate key. Form of a relationship: many- to- many, one- to- many, one to one. A one-to-one or one to-many relationship restricts the set of legal relationships among entities of a collection of entity sets. Domain Constraints Referential Integrity Assertions Triggers Security Authorization Authorization in SQL Domain Constraints: Domain of possible values must be associated with every attribute. Domains could be specified as below: create DOMAIN NAME1 CHAR(10) create DOMAIN STUNO INTEGER create DOMAIN NAME2 CHAR(10) etc. Note that NAME1 and NAME2 are both character strings of length 10 but they now belong to different (semantic) domains. It is important to denote different domains too Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 1

2 (a) Constrain unions, intersections, differences, and equi joins of relations. (b) Let the system check if two occurrences of the same database value denote the same real world object. The constraint on union-compatibility and join-compatibility is important so that only those operations that make sense are permitted. For example, a join on class number and student number would make no sense even if both attributes are integers and the user should not be permitted to carry out such operations (or at least be warned when it is attempted). When Should Constraints Be Checked? Usually they are checked for each modification statement. But sometimes deferred constraint checking is necessary. 1.Domain Constraints Integrity constraints guard against accidental damage to the database, by ensuring that authorized changes to the database do not result in a loss of data consistency. Domain constraints are the most elementary form of integrity constraint. They test values inserted in the database, and test queries to ensure that the comparisons make sense. Number of standard domain types, such as integer types, character types, and date/time types defined in SQL. Domain constraints are the most elementary form of integrity constraint. They are tested easily by the system whenever a new data item is entered into the database. It is possible for several attributes to have the same domain. For example, the attributes customer-name and employee-name might have the same domain: the set of all person names. However, the domains of balance and branch-name certainly ought to be distinct. It is perhaps less clear whether customer-name and branch-name should have the same domain. Find all customers who have the same name as a branch to be a meaningful query. Thus, if we view the database at the conceptual, rather than the physical, level, customer-name and branch-name should have distinct domains. The create domain clause can be used to define new domains. For example, the statements: Values of one domain can be cast (that is, converted) to another domain. If the attribute A or relation r is of type Dollars, we can convert it to Pounds by writing (cast r.a as Pounds) (Should also multiply by the dollar-to-pound conversion-rate) o The check clause in SQL-92 permits domains to be restricted: Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 2

3 Use check clause to ensure that an hourly-wage domain allows only values greater than a specified value. o The domain has a constraint that ensures that the hourly-wage is greater than 4.00 The domain HourlyWage has a constraint that ensures that the hourly wage is greater than The clause constraint wage-value-test is optional, and is used to give the name wagevalue-test to the constraint. The check clause can also be used to restrict a domain to not contain any null values: As another example, the domain can be restricted to contain only a specified set of values by using the in clause: The preceding check conditions can be tested quite easily, when a tuple is inserted or modified. However, in general, the check conditions can be more complex (and harder to check), since subqueries that refer to other relations are permitted in the check condition. For example, this constraint could be specified on the relation deposit: The check condition verifies that the branch-name in each tuple in the deposit relation is actually the name of a branch in the branch relation. Thus, the condition has to be checked not only when a tuple is inserted or modified in deposit, but also when the relation branch changes (in this case, when a tuple is deleted or modified in relation branch). The preceding constraint is actually an example of a class of constraints called referential-integrity constraints. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 3

4 2.Referential Integrity A referential integrity constraint requires that a foreign key in one relation refers to an actual, existing tuple in another relation. i.e. the value that appears in one relation for a given set( s ) of attributes also appears for certain set of attributes in another relation for ( r ). Primary and candidate keys and foreign keys can be specified as part of the SQL create table statement The primary key clause lists of attributes that comprise the primary key. The unique key clause lists of attributes that comprise a candidate key. The foreign key clause lists the attributes that comprise the foreign key and the name of the relation referenced by the foreign key. By default, a foreign key references the primary key attributes of the referenced table. Example : create table deposit( branch-namechar(15) not null, account-numberchar(10),customer-namechar(20) not null, primary key (account-number, customer-name), foreign key (branch-name) references branch, foreign key (customer-name) references customer). Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 4

5 2.1.Referential Integrity in E-R Model Consider relationship set R between entity sets E1 and E2. The relational schema for R includes the primary keys K1 of E1 and K2 of E2. Then K1 and K2 form foreign keys on the relational schemas for E1 and E2 respectively.. weak entity sets are also a source of referential integrity constraints. For the relation schema for a weak entity set must include the primary key attributes of the entity set on which it depends 2.2.Referential Integrity in SQL SQL supports all four options on deletes and updates Default is NO ACTION ( Action is rejected). CASCADE(Also delete all tuples that refer to deleted tuple). SET NULL/SET DEFAULT(Sets foreign key value of refercing tuple). Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 5

6 Example: create table deposit ( branch-namechar(15) not null, account-numberchar(10), customer-namechar(20) not null, primary key (account-number, customer-name), foreign key (branch-name) references branch, foreign key (customer-name) references customer); 2.3Checking Referential Integrity on Database Modification The following tests must be made in order to preserve the following referential integrity constraint: (r2) K (r1) Insert. If a tuple t2 is inserted into r2, the system must ensure that there is a tuple t1 in r1 such that t1[k] = t2[]. That is t2 [] K (r1) Delete. If a tuple, t1 is deleted from r1, the system must compute the set of tuples in r2 that reference t1: = t1[k] (r2) If this set is not empty either the delete command is rejected as an error, or the tuples that reference t1 must themselves be deleted (cascading deletions are possible). Update. There are two cases: If a tuple t2 is updated in relation r2 and the update modifies values for foreign key, then a test similar to the insert case is made: Let t2 denote the new value of tuple t2. The system must ensure that t2 [] K(r1) Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 6

7 If a tuple t1 is updated in r1, and the update modifies values for the primary key (K), then a test similar to the delete case is made: The system must compute = t1[k] (r2) using the old value of t1 (the value before the update is applied). If this set is not empty 1. the update may be rejected as an error, or 2. the update may be cascaded to the tuples in the set, or 3. the tuples in the set may be deleted. 2.4 Referential Integrity in SQL Primary and candidate keys and foreign keys can be specified as part of the SQL create table statement: The primary key clause of the create table statement includes a list of the attributes that constitute the primary key. The unique clause of the create table statement includes a list of the attributes that constitute a candidate key. The foreign key clause of the create table statement includes both a list of the attributes that constitute the foreign key and the name of the relation referenced by the foreign key. Primary and foreign key declarations using the partial SQL DDL Definition of our bank database shown in fig:6.2 Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 7

8 We can use the following short form as part of an attribute definition to declare that the attribute forms a foreign key: However, a foreign key clause can specify that if a delete or update action on the referenced relation violates the constraint, then, instead of rejecting the action, the system must take steps to change the tuple in the referencing relation to restore the constraint. Consider this definition of an integrity constraint on the relation account: Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 8

9 Because of the clause on delete cascade associated with the foreign-key declaration,if a delete of a tuple in branch results in this referential-integrity constraint being violated,the system does not reject the delete. Instead, the delete cascades to the account relation, deleting the tuple that refers to the branch that was deleted. SQL also allows the foreign keyclause to specify actions other than cascade, if the constraint is violated: The referencing field (here, branch-name) can be set to null (by using set null in place of cascade),or to the default value for the domain (by using set default). Null values complicate the semantics of referential integrity constraints in SQL.Attributes of foreign keys are allowed to be null, provided that they have not otherwise been declared to be non-null. If all the columns of a foreign key are non-null in a given tuple, the usual definition of foreign-key constraints is used for that tuple. Ifany of the foreign-key columns is null, the tuple is defined automatically to satisfy the constraint. SQL also provides constructs that allow you to change the behavior with null values. 3.Assertions An assertion is a predicate expressing a condition that we wish the database always to satisfy. An assertion in SQL takes the form create assertion <assertion-name> check <predicate> When an assertion is made, the system tests it for validity, and tests it again on every update that may violate the assertion o This testing may introduce a significant amount of overhead; hence assertions should be used with great care. Asserting for all X, P(X) is achieved in a round-about fashion using not exists X such that not P(X) Assertions in SQL form: : Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 9

10 Example When an assertion is created, the system tests it for validity. If the assertion is valid,then any future modification to the database is allowed only if it does not cause that assertion to be violated. 4.Triggers A trigger is a statement that is executed automatically by the system as a side effect of a modification to the database. To design a trigger mechanism, we must: Specify when a trigger is to be executed. This is broken up into an event that causes the trigger to be checked and a condition that must be satisfied for trigger execution to proceed. Specify the actions to be taken when the trigger executes. The above model of triggers is referred to as the event-condition-action model for triggers. Trigger Example Suppose that instead of allowing negative account balances, the bank deals with overdrafts by o setting the account balance to zero o creating a loan in the amount of the overdraft o giving this loan a loan number identical to the account number of the overdrawn account The condition for executing the trigger is an update to the account relation that results in a negative balance value. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 10

11 4.1Need of Triggers Triggers are useful mechanisms for alerting humans or for starting certain tasks automatically when certain conditions are met. As an illustration, suppose that, instead of allowing negative account balances, the bank deals with overdrafts by setting the account balance to zero, and creating a loan in the amount of the overdraft. The bank gives this loan a loan number identical to the account number of the overdrawn account. For this example, the condition for executing the trigger is an update to the account relation that results in a negative balance value. Suppose that Jones withdrawal of some money from an account made the account balance negative. Let t denote the account tuple with a negative balance value. The actions to be taken are: Insert a new tuple s in the loan relation with Insert a new tuple u in the borrower relation with Set t[balance] to Triggers in SQL SQL-based database systems use triggers widely, although before SQL:1999 they were not part of the SQL standard. Unfortunately, each database system implemented its Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 11

12 Centralized actions can be defined using a non declarative approach (writing PL/SQL code) with database triggers. A database trigger is a stored procedure that is fired (implicitly executed) when an INSERT, UPDATE, or DELETE statement is issued against the associated table. Database triggers can be used to customize a database management system: value-based auditing automated data generation the enforcement of complex security checks enforce integrity rules enforce complex business rules For updates, the trigger can specify columns whose update causes the trigger to execute. For instance if the first line of the overdraft trigger were replaced by then the trigger would be executed only on updates to balance; updates to other attributes would not cause it to be executed. Example:1 suppose the value in a phone number field of an inserted tuple is blank, which indicates absence of a phone number. We can define a trigger that replaces the value by the null value. The set statement can be used to carry out such modifications. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 12

13 Example:2 Returning to our warehouse inventory example, suppose we have the following relations: inventory(item, level), which notes the current amount (number/weight/volume) of the item in the warehouse minlevel(item, level), which notes the minimum amount of the item to be maintained reorder(item, amount), which notes the amount of the item to be ordered when its level falls below the minimum orders(item, amount), which notes the amount of the item to be ordered. 4.3.The Execution Model for Triggers Execute all BEFORE statement triggers that apply to the statement. Loop for each row affected by the SQL statement. Execute all BEFORE row triggers that apply to the statement. Lock and change row, and perform integrity constraint checking. (The lock is not released until the transaction is committed.) Execute all AFTER row triggers that apply to the statement. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 13

14 Complete deferred integrity constraint checking. Execute all AFTER statement triggers that apply to the statement. Example: 4.4.When Not To Use Triggers Triggers were used earlier for tasks such as maintaining summary data (e.g. total salary of each department) Replicating databases by recording changes to special relations (called change or delta relations) and having a separate process that applies the changes over to a replica There are better ways of doing these now: Databases today provide built in materialized view facilities to maintain summary data Databases provide built-in support for replication Encapsulation facilities can be used instead of triggers in many cases Define methods to update fields Carry out actions as part of the update methods instead of through a trigger 5.Security The data stored in the database need to be protected from unauthorized access, malicious destruction or alteration, and accidental introduction of consistency. Security Violations Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 14

15 Misuse of the database can be categorized as being either intentional(malicious) or accidental. Accidental loss of data consistency may result from Crashes during transaction processing Anomalies caused by concurrent access to the database Anomalies caused by the distribution of data over several computers Logical errors that violate the assumption those transcations prevent the database consistency constraints It is easier to protect against accidental loss of data consistency than to protect against malicious access to the database.among the forms of malicious access are: Unauthorized reading of data (theft of information) Unauthorized modification of data Unauthorized destruction of data To protect the database,we must take security measures at several levels: Database security refers to protection from malicious access. Absolute protection of the database from malicious abuse is not possible, but the cost to the perpetrator can be made high enough to deter most if not all attempts to access the database without proper authority. To protect the database, we must take security measures at several levels: Database system. Some database-system users may be authorized to access only a limited portion of the database. Other users may be allowed to issue queries, but may be forbidden to modify the data. It is the responsibility of the database system to ensure that these authorization restrictions are not violated. Operating system. No matter how secure the database system is, weakness in operatingsystem security may serve as a means of unauthorized access to the database. Network. Since almost all database systems allow remote access through terminals or networks, software-level security within the network software is as important as physical security, both on the Internet and in private networks. Physical. Sites with computer systems must be physic ally secured against armed or surreptitious entry by intruders. Human. Users must be authorized carefully to reduce the chance of any user giving access to an intruder in exchange for a bribe or other favors. Security at all these levels must be maintained if database security is to be ensured. A weakness at a low level of security (physical or human) allows circumvention of strict high-level (database) security measures. Security within the operating system is implemented at several levels, ranging from passwords for access to the system to the isolation of concurrent processes running within the system. The file system also provides some degree of protection. Finally, network-level security has gained widespread recognition as the Internet has evolved from an academic research platform to the basis of international electronic commerce. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 15

16 6.Authorization A user may have several forms of authorization on parts of the database. Forms of authorization on parts of the database: Read authorization - allows reading, but not modification of data. Insert authorization - allows insertion of new data, but not modification of existing data. Update authorization - allows modification, but not deletion of data. Delete authorization - allows deletion of data Forms of authorization to modify the database schema: Index authorization - allows creation and deletion of indices. Resources authorization - allows creation of new relations. Alteration authorization - allows addition or deletion of attributes in a relation. Drop authorization - allows deletion of relations. The drop and delete authorization differ in that delete authorization allows deletion of tuples only. If a user deletes all tuples of a relation, the relation still exists, but it is empty. If a relation is dropped, it no longer exists. Resource authorization. A user with resource authorization who creates a new relation is given all privileges on that relation automatically. Index authorization may appear unnecessary, since the creation or deletion of an index does not alter data in relations. Rather, indices are a structure for performance enhancements.however, indices also consume space, and all database modifications are required to update indices. If index authorization were granted to all users, those who performed updates would be tempted to delete indices, whereas those who issued queries would be tempted to create numerous indices. To allow the database administrator to regulate the use of system resources, it is necessary to treat index creation as a privilege. 6.1 Authorization and Views Users can be given authorization on views, without being given any authorization on the relations used in the view definition Ability of views to hide data serves both to simplify usage of the system and to enhance security by allowing users access only to data they need for their job A combination or relational-level security and view-level security can be used to limit a user s access to precisely the data that user needs. View Example Suppose a bank clerk needs to know the names of the customers of each branch, but is not authorized to see specific loan information. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 16

17 Approach: Deny direct access to the loan relation, but grant access to the view cust-loan, which consists only of the names of customers and the branches at which they have a loan. The cust-loan view is defined in SQL as follows: The clerk is authorized to see the result of the query: select * from cust-loan; Clearly, the clerk is authorized to see the result of this query. However, when the query processor translates it into a query on the actual relations in the database, it produces a query on borrower and loan. Thus, the system must check authorization on the clerk s query before it begins query processing 6.2Authorization on Views Creation of a view does not require resource authorization. A user who creates a view does not necessarily receive all privileges on that view. User receives only those privileges that provide no additional authorization beyond those that user already had. For example, a user cannot be given update authorization on a view without having update authorization on the relations used to define the view. If a user creates a view on which no authorization can be granted, the system will deny the view creation request. In our cust-loan view example, the creator of the view must have read authorization on both the borrower and loan relations. 6.3.Granting of Privileges The passage of authorization from one user to another may be represented by an authorization graph. The nodes of this graph are the users. The root of the graph is the database administrator. Consider graph for update authorization on loan. An edge Ui Uj indicates that user Ui has granted update authorization on loan to Uj. In the sample graph in Figure 6.6, observe that user U5 is granted authorization by both U1 and U2; U4 is granted authorization by only U1.A user has an authorization if and only if there is a path from the root of the authorizationgraph (namely, the node representing the database administrator) down to the node representing the user. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 17

18 Suppose that the database administrator decides to revoke the authorization of user U1. Since U4 has authorization from U1, that authorization should be revoked as well. However, U5 was granted authorization by both U1 and U2. Since the database administrator did not revoke update authorization on loan from U2, U5 retains update authorization on loan. If U2 eventually revokes authorization from U5, then U5 loses the authorization. A pair of devious users might attempt to defeat the rules for revocation of authorization by granting authorization to each other, as shown in Figure 6.7a. If the database administrator revokes authorization from U2, U2 retains authorization through U3, as in Figure 6.7b. If authorization is revoked subsequently from U3, U3 appears to retain authorization through U2, as in Figure 6.7c. However, when the database administrator revokes authorization from U3, the edges fromu3 to U2 and from U2 to U3 are no longer part of a path starting with the database administrator. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 18

19 7. Authorization in SQL Security Specification in SQL The SQL standard includes the privileges delete, insert, select, and update. The select privilege corresponds to the read privilege. SQL also includes a references privilege that permits a user/role to declare foreign keys the user/role must have been granted references privilege on those attributes. The SQL data-definition language includes commands to grant and revoke privileges. The grant statement is used to confer authorization. The basic form of this statement is: The privilege list allows the granting of several privileges in one command. The following grant statement grants users U1, U2, and U3 select authorization on the account relation: The update authorization may be given either on all attributes of the relation or on only some. If update authorization is included in a grant statement, the list of attributes on which update authorization is to be granted optionally appears in parentheses immediately after the update keyword. If the list of attributes is omitted, the update privilege will be granted on all attributes of the relation. This grant statement gives users U1, U2, andu3 update authorization on the amount attribute of the loan relation: Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 19

20 The SQL references privilege is granted on specific attributes in a manner like that for the update privilege. The following grant statement allows user U1 to create relations that reference the key branch-name of the branch relation as a foreign key: The privilege all privileges can be used as a short form for all the allowable privileges.similarly, the user name public refers to all current and future users of the system. SQL also includes a usage privilege that authorizes a user to use a specified domain Roles Roles can be created in SQL:1999 as follows Roles can then be granted privileges just as the users can, as illustrated in this statement: The Privilege to Grant Privileges By default, a user/role that is granted a privilege is not authorized to grant that privilege to another user/role. we append the with grant option clause to theappropriate grant command. For example, if we wish to allow U1 the select privilegeon branch and allow U1 to grant this privilege to others, we write To revoke an authorization, we use the revoke statement. It takes a form almost identical to that of grant: Thus, to revoke the privileges that we granted previously, we write The revoke statement may alternatively specify restrict Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 20

21 In this case, the system returns an error if there are any cascading revokes, and does not carry out the revoke action. The following revoke statement revokes only the grant option, rather than the actual select privilege: 7.1Limitations of SQL Authorization SQL does not support authorization at a tuple level E.g. we cannot restrict students to see only (the tuples storing) their own grades With the growth in Web access to databases, database accesses come primarily from application servers. End users don't have database user ids, they are all mapped to the same database user id All end-users of an application (such as a web application) may be mapped to a single database user The task of authorization in above cases falls on the application program, with no support from SQL Benefit: fine grained authorizations, such as to individual tuples, can be implemented by the application. Drawback: Authorization must be done in application code, and may be dispersed all over an application Checking for absence of authorization loopholes becomes very difficult since it requires reading large amounts of application code. 8.Encryption Data may be encrypted when database authorization provisions do not offer sufficient protection. Properties of good encryption technique: Relatively simple for authorized users to encrypt and decrypt data. Encryption scheme depends not on the secrecy of the algorithm but on the secrecy of a parameter of the algorithm called the encryption key. Extremely difficult for an intruder to determine the encryption key. Data Encryption Standard (DES) substitutes characters and rearranges their order on the basis of an encryption key which is provided to authorized users via a secure mechanism. Scheme is no more secure than the key transmission mechanism since the key has to be shared. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 21

22 Advanced Encryption Standard (AES) is a new standard replacing DES, and is based on the Rijndael algorithm, but is also dependent on shared secret keys Public-key encryption is based on each user having two keys: o public key publicly published key used to encrypt data, but cannot be used to decrypt data o private key -- key known only to individual user, and used to decrypt data. Need not be transmitted to the site doing encryption. Encryption scheme is such that it is impossible or extremely hard to decrypt data given only the public key. The RSA public-key encryption scheme is based on the hardness of factoring a very large number (100's of digits) into its prime components. 9.Authentication Password based authentication is widely used, but is susceptible to sniffing on a network Challenge-response systems avoid transmission of passwords DB sends a (randomly generated) challenge string to user User encrypts string and returns result. DB verifies identity by decrypting result Can use public-key encryption system by DB sending a message encrypted using user s public key, and user decrypting and sending the message back Digital signatures are used to verify authenticity of data E.g. use private key (in reverse) to encrypt data, and anyone can verify authenticity by using public key (in reverse) to decrypt data. Only holder of private key could have created the encrypted data. Digital signatures also help ensure no repudiation: sender cannot later claim to have not created the data NORMALIZATION: Normalization is a technique for producing set of relation with desirable properties given the data requirements of an enterprise. It is the processes of removing redundant data from are tables to improve storage efficiency data integrity and scalability. It generally involves splitting the existing tables into multiple ones which must be rejoined or linked each time a query is used. Pitfalls in relational database design: The undesirable properties that a bad relational database design may have are: Repetition of information Inability to represent certain information Loss of information Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 22

23 Purpose of normalization To avoid redundancy by storing each fact within the database only once To put a data into a form that confirm to relational principles To put data into form that is more able to accurately accommodate change. To avoid updating anomalies To facilitate the enforcement of data constraints. Benefits: Facilitates data integration. Reduces data redundancy Produces a robust architecture for retrieving and maintaining data Complements data modeling Reduces the chance of data anomalies occurring Redundancy: Redundant is where we have stored some information more than once Repeating groups An attribute that can have more than one value Anomalies An undesirable side effects that occur when performing any modification Insert Update Delete Functional dependency Attribute B is functionally depend upon attributes A, if a values of A determines a single value of attribute B at any one time. Example: A->B A determines B or B functionally dependent on A Compound determinant If more than one attribute is necessary to determine another attribute in an entity Full functional dependency It use all the attribute of the composite determinant to identify its object uniquely Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 23

24 Partial functional dependency It only use a subset of attributes of the composite determinant to identify its object uniquely Transitive dependency Transitive dependency exists when there is an intermediate functional dependency Example: A->B->c If A->Band B->c then A->B->C then, A->C Lossless join dependency A property of decomposition which ensures that no spurious tuples are generated when relations are reunited to a natural join dependency or operator. Types of Normalization First normal form Second normal form Third normal form Boyee codd normal form Fourth normal form Fifth normal form FIRST NORMAL FORM(1 NF): The relation is said to be first normal form(1nf) if and only if each attribute of the relation is atomic more simplify to be in 1nf each column must contain only a single value and each row must contain the same columns. It describes the tabular format in which 1. All the key attributes are defined. 2. There are no repeating groups in the tables. 3. All attributes are depend on the primary key. Consider the table given below Table name:employee Empno name Deptno dname skills 1 Kevin jacob 201 R&d C,java,perl 2 Jones 224 IT Linux,max 3 Rivera 201 R&d Oracle,java,db2 Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 24

25 In the above table this skill field has multi value attributes and unnormalized form.a relation table must not have repeating groups. So,it can be converted into first normal form as shown as below Empno name Deptno dname skills 1 Kevin jacob 201 R&d C 1 Kevin jacob 201 R&d java 1 Kevin jacob 201 R&d perl 2 Jones 224 IT linux 2 Jones 224 IT max 3 Rivera 201 R&d oracle 3 Rivera 201 R&d java 3 rivera 201 R&d Db2 Here the above employee table is in the first normal form. The redundancy value in the are eliminated by placing the multi value attribute into different rows to indicate the same relationship as before. Characteristics of first normal form: Remove horizontal redundancy: No two columns hold the same value or information. No single column holds more than single item. Each row must be unique Use a primary key Benefits of 1NF: o Easy to query or sort the data o More scable o Each row can be identified for updating. SECOND NORMAL FORM A relation is said to be second normal form if and only if every non key field depend on the entire primary key, not on part of a composite key. If a database has only single field primary keys, it is automatically in second normal form. It involves a normalization using functional dependencies. A given set of functional dependencies can be used in designing relational database in which most of the undesirable property do not occur. Using Functional dependencies we can define several normal form, which represent good database design. EMPNO NAME DEPT NO DEPTNAME SKILSS 1 kevinjocob 201 R&D C 1 kevinjocob 201 R&D perl 1 kevinjocob 201 R&D java 2 jones 224 IT LINUX Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 25

26 2 jones 224 IT MAC 3 rivera 201 R&D DB2 3 rivera 201 R&D oracle 3 rivera 201 R&D java EMPNO NAME DEPTNO DEPTNAME 1 kevinjocob 201 R&D 2 jones 224 IT 3 rivera 201 R&D EMPNO SKILLS 1 C 1 perl 1 java 2 LINUX 2 MAC 3 oracle 3 java 3 DB2 FUNCTIONAL DEPENDENCIES The property of one or more attribute that uniquely determined the value of other attribute. Functional dependencies is a relationship between or among attribute such that the value of one attribute depend on or determined by the values of other attributes. Features of 2NF ->Meet all the requirements of the 2NF. -> Remove columns that are not depend up the primary key. -> Remove columns that are not fully depend up on the primary key. THIRD NORMAL FORM(3NF) ->It is always possible to find a lossless-join, dependency-preservation decomposition (I,e) in third normal form(3nf) Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 26

27 ->BCNF require that all non- trivial dependencies be of the form α->β, where, where α is a super key. 3NF relaxes this constrain by allowing non-trivial functional dependencies whose left side is not a super key. -> A relational schema R is in 3NF with respect to set F of functional dependencies, if, for all functional dependencies in F+ of the form α->β where αcr and βcr, at least one of the following holds: α->β is a trivial functional dependencies. α is a supper key for R. Each attribute A in β->a is contained is a candidate key for R. Dependency preserving, lossless join decomposition in to 3NF Let FC be a canonical cover for F; I:=0 For each functional dependency Rj, j=1,2,..i contain αβ Then begin I:=i+1; Ri:=αβ; And If none of the schemas Rj, j=i,1 I contains a candidate key for R Then begin I:=i+1; Ri:= any candidate key for R; End Return(R1, R2, Ri) The relation R is said to be 3NF, if and only if it is a second normal form and no transitive dependency exist between non-key attribute and key attribute. Transitive functional dependency arises only when non-key attribute. A relation is said to be transitively dependent when (i) Z is transitively dependent on X. (ii) When X determines Y and Y determines Z. (iii) Thus Z is indirectly dependent X through Y. EG; Employee Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 27

28 PROJECTNO NAME ADDRESS P1 Rose 86,new st. P2 Smith 42, Nehru st. P3 Rose 86,new st. P4 Rose 86, new st. EMPLOYEE PROJECT NO P1 P2 P3 P4 Employee name NAME Rose Smith NAME Rose Smith Rose Rose ADDRESS 86,Nehru st. 42, Nehru st. Here the name attribute is used to link between two tables and act as the foreign key. Boyce codd normal form: (BCNF) BCNF is based on the concept of determinant.a determinant is any artibute (simple,composite) on which some other arttribute is fully functional dependent. A relation schema R is in BCNF with respect to a set Fof functional dependencies if for all functional dependencies in f+ of the form α->β where α subset of R and,β _c R atleast one of the following holds: α->β Is a trivial functional dependency(β-c α) α Is a super key for schema R A relation is in boyee codd normal form is if and only if every detetminant is a candidate key(ie)for every x->y,x is candidate key. Example: Suppose each student may maior in several areas.each student has one tutor for each area.each area has several tutors but tutor advices in only one area each tutor advices several students in an area. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 28

29 Table name: student-staff STUDENT NO AREA STAFF NO 12MC01 CSE MC02 IT MC01 SE MC02 BME MC03 IT 567 The schema is in third normal form because there are no partial dependencies and no interdata dependency and hence anamolies will raise. Suppose the data 12MC01 changes one of the major form computer science to information system.by doing this changes, we loss information about staff number 234 tutor on CSE.this is an anamolies. To insert a new row to establish the fact, staff number 789 an computer science.we cannot do this until atleast one student take this area as the major. This is an insertion anamoly. Suppose,12MC03 withdraw from the major. If removing the redundant row we lose information about staff no 567.This is an deletion anamoly. These anamoly occur bscause there are two overlapping candidate key occur.so BCNF indentify this problem and purpose to solution. Every table has only one candidate key. The above relation can be represented in BCNF by splitting the table into two relations called student number.,staff In one relation, here staff number is refered as second relation with area which is as below. STUDENT NUMBER O2 345 O1 456 O2 678 O3 567 STAFF NUMBER STAFF NUMBER 234 CSE 345 IT 456 SE 678 BME 567 IT AREA Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 29

30 Fourth Normal Form: To improve the database design, by decomposing this schema into fourth normal form decomposition. A relation schema R is in fourth normal form(4nf) with respect to a set D of functional and multivalve dependencies if,for all multivalve dependencies in D+ of the form A->-->B. Hold: A-->B is a trivial multivalued dependency. A is a superkey for schema R. A database design is in 4NF if each member of the set of relation schemas that constitutes the design is in 4 NF. The table set to be 4NF if and only if it s in BCNF and multivalve dependency or functional dependency. 4NF remove unwanted data structures it includes null values. All multivalve dependency must be changed from non trivial to trivial. Example: Car Color Engine C1 Red F3.2L C1 Red F4.5L C1 White F3.2L C1 White F4.5L C1 Blue F3.2L C1 Blue F4.5L C2 Red C3.2L C2 Red C4.5L C2 Green C3.2L C2 Green C4.5L In the above table primary key identifier is car, color, and engine. None of the attributes of dependencies of other attributes there is any possible dependencies or decomposition. Each color for each car is paired with each engine, size for each car and this continuous. With every other car, in the restated car this car reduces in the relational. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 30

31 If a row is deleted from the table car, c1 comes for the row of the table this type of reduces by multivalve decomposition. Suppose there is a relation R of set of attribute S that contain multivalve dependencies X ->> Y. The remaining attribute of relation R called Z; X ->> Y is multivalve dependencies. Two tables:- Car color: Car C1 C1 C1 C2 C2 Color Red White Blue Red Green Car Engine: Car C1 C1 C2 C2 Engine F3.2L F4.5L C3.2L C4.5L When this table structure we can determine the 4NF. For example, Red, C1 car can have either F3.2L, F4.5L. However to delete one piece of (row) information do not actually lose the information as oppressed to when a row is eliminate from the original relation. Prepared by Mrs.D.Maladhy (AP/IT/RGCET) Page 31