DataBase Trigger and Integrity
-
Upload
rachel-wheeler -
Category
Documents
-
view
214 -
download
0
Transcript of DataBase Trigger and Integrity
-
7/29/2019 DataBase Trigger and Integrity
1/7
International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10
ISSN: 1837-7823
23
DataBase Trigger and IntegrityYaya Itai (PHD student of Babcock University)
Computer Science & Math Department Babcock University, Nigeria
AWODELEOLUDELE PhD
Computer Science & Math Department Babcock University, Nigeria
NICOLAE GOGA PhD
Computer Science & Math Department Babcock University, Nigeria
Abstract
Database integrity ensures data entered into the database is accurate, valid, and consistent. The need to continuously
audit database modifications and current challenges faced by financial institutions in-terms of insufficient audit trail
log being captured as a result of using the Data Manipulation Language (DML) commands, by privileged users, on a
large number of databases, has not been adequately addressed by the traditional database audit set up currently in
place. This paper explains the need for database trigger and it role in data integrity.
Keywords: DML, Data integrity, Trigger and Database
1.Introduction
In todays competitive world, organizations that leverage on customers data to improve business execution can
quickly adjust their strategies to enhance performance and outpace the competition.
Data integrity is a fundamental component of information security. In its broadest use, data integrity refers to the
accuracy and consistency of data stored in a database, data warehouse, data mart or other construct. The term Data
Integrity can be used to describe a state, a process or a function and is often used as a proxy for data quality
[9].
Data with integrity is said to have a complete or whole structure. Data values are standardized according to a data
model and/or data type. All characteristics of the data must be correct; including business rules, relations, dates,
definitions and lineage for the data to be complete. Data integrity is imposed within a database when it is designed
and is authenticated through the ongoing use of error checking and validation routines.
Integrity, in database terms, is the quality of trustworthiness that the data in a database is imbued with; high levels of
integrity reassure all users of a database system that they can rely on the information they retrieve from the system.
Database technologies are a core component of many computing systems. They allow data to be retained and shared
electronically and the amount of data contained in these systems continues to grow at an exponential rate. So does
the need to ensure the integrity of the data and secure the data from unintended access.
Data modeling in termsof integrity is one of the most critical tasks in building an information system. Pair a well-
developed and solid database design with extensive but appropriate integrated database triggers; the end result will
be a database implementation that consistently yields accurate andtimely information. Additionally, the database and
its underlying data will realize greater data integrity with the reliance on external and sometimes faulty applications
minimized, which will in turn contribute to higher audit quality and decreased business costs[8].The default database Audit trail that captures the DML activities entries (Update, Delete and Insert), does not
capture the details of what were modified. It merely shows that entries were modified on database tables[5].
2. The need for data integrity
Data integrity is the assurance that data is consistent, correct, and accessible, as we move into the database world,
data integrity comes in many different types: null rules, unique column values, primary key values, referential
integrity rules and complex integrity checking[13].
-
7/29/2019 DataBase Trigger and Integrity
2/7
International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10
ISSN: 1837-7823
24
Without data integrity, we cannot even begin to be concerned with data quality since it assumes that we might not
have all the data, or that we cannot access it either physically or logically, or that we can have no certitude of its
condition.
It becomes important to track logical data integrity as applications are implemented on architectures where data
movement, operations or migrations might altar, truncate, delete or corrupt the data. This is particularly important in
the context of systems of record. These are information storage systems that are considered the authoritative datasource for a given piece of data or information.
As a process, Data integrity verifies that data has remained unaltered in transit from creation to reception. As a state
or condition, Data Integrity is a measure of the validity and fidelity of a data object. As a function related to security,
a data integrity service maintains information exactly as it was inputted, and is auditable to affirm its reliability.
Data undergoes any number of operations in support of decision-making, such as capture, storage, retrieval, update
and transfer. Data integrity can also be a performance measure during these operations based on the detected error
rate.
Data must be kept free from corruption, modification or unauthorized disclosure to drive any number of mission-
critical business processes with accuracy. Inaccuracies can occur either accidentally (e.g.through programming
errors), or maliciously (e.g. through breaches or hacks)[9].
3. Database Triggers Operations
A trigger defines a set of actions that are executed or triggered by an update, insert, or delete on a specified table.Triggers can be created so that they execute either before a specified event (before triggers) or after a specified event
(after triggers). The events that fire a trigger include DML statements that modify data in a table (INSERT,
UPDATE, or DELETE) as shown in Figures 1-3, [15] DDL statements, system events such as startup, shutdown,
and error messages, user events such as logon and logoff. Triggers supplement the standard capabilities of databases
to provide a highly customized database management system that can restrict DML operations against a table to
those issued during regular business hours.
Triggers can be used for: Data validation. Ensures that a new data value is within the acceptable range. This is similar to a check
constraint.
Data integrity. Ensures that cross-table dependencies are maintained by updating associated data records inrelated tables.
Notification. Alerts administrators to potential table problems by generating electronic mail notices.Triggers are stored in the database. This allows for easier application development, as the actions that triggers
perform do not have to be coded in each application. The maintenance of applications and databases is easier
because if a table's rules change, only the corresponding trigger needs to be modified instead of each application
program.
The trigger is mostly used for maintaining the integrity of the information on the database. For example, when a new
record (representing a new Customer) is added to the Customers table, new records should also be created in the
tables of the Customer Information, accounts details and customers interest.
3.1 DML(update, insert and delete Operations)DML update operations on a table, inserts an updated new records in the inserted tables. The old record
that is records before updating are entered into the delete table.
-
7/29/2019 DataBase Trigger and Integrity
3/7
International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10
ISSN: 1837-7823
25
Update new record Inserted
Update Table
Old records before updating deleted
Figure 1
DML (Insert Operations) on a table inserts new record into the inserted table
Insert
Table Inserted
New record Inserted
Figure2
DML Delete Operations on a table inserts the deleted records in the deleted table
Delete
Table Deleted
Deleted records Deleted records
Figure3
3.1 Database triggers Application in Data integrity
3.2 Enforcement of Business RulesTriggers can be used to maintain complex data validation and integrity. A trigger can be used to rollback SQL
transactions performed with invalid or incomplete data, before being applied to the database. Triggers can be used to
maintain security at a higher level by restricting access to privileged users. Triggers can be used to maintain
complex check constraints. Relationship managementsystem can use triggers to generate logs of their best customers
when they make big purchases, or frequent travelers, or buyers of high-profit items. Referential integrity on a child
table requires the referenced parent key column to be unique. Triggers can be used as an alternative where business
applications cannot guarantee that the referenced Parent key column is unique. The number of business rules that
can be implemented using triggers is truly limited only by imagination or, more appropriately and business needs.
3.3 Provide sophisticated auditingTriggers are commonly used to supplement the built-in auditing features of databases, especially when more detailed
audit information is required. AFTER triggers are therefore, normally used when triggers are required to provide
sophisticated auditing. By using AFTER triggers, auditing information is recorded after the triggering statement is
subjected to any applicable integrity constraints, preventing cases where the audit processing is carried out
unnecessarily for statements that generate exceptions to integrity constraints. The concepts of using AFTER row and
I
-
7/29/2019 DataBase Trigger and Integrity
4/7
International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10
ISSN: 1837-7823
26
AFTER statement triggers dependson the information being audited. For example, row triggers provide value-based
auditing on a per-row basis for tables. Triggers can also require the user to supply a "reason number" for issuing the
audited SQL statement, which can be useful in both row and statement-level auditsituations.[11]
The example below demonstrates a trigger that audits data modifications to the ChequeSecurityNumber table on a
per-row basis. It requires that a "reason number" be stored in a global package variable before the update operations.
This trigger tracks changes being made to the ChequeSecurityNumber table, and stores this information inAUDIT_TABLE and AUDIT_TABLE_VALUES.
CREATE OR REPLACE TRIGGER audit_ChequeSecurityNumber
AFTER INSERT OR UPDATE OR DELETE ON ChequeSecurityNumber
FOR EACH ROW
--WHEN (
--USER IN (
'SYS','SYSTEM','CUSTOM','PERFSTAT','INFOPOOL','BPIAUTO','FINCONUSER','EFCC','RECONSELECTOR'
,'ITSELECTOR','MICAUDIT','AUTOUPLOAD','OSI3708','ASSET','EODUSERS','OUTLN','DBSNMP','SELECT
OR')
-- )
DECLAREtime_now DATE;
terminal CHAR(10);
BEGIN
-- get current time, and the terminal of the user
time_now := SYSDATE;
terminal := USERENV('TERMINAL');
-- record new customer cheque Security Number primary key
IF INSERTING THEN
INSERT INTO audit_table
VALUES (audit_seq.NEXTVAL, user, time_now,
terminal, 'ChequeSecurityNumber ', 'INSERT', :new.Custacctnum);
-- record primary key of the deleted row
ELSIF DELETING THEN
INSERT INTO audit_table
VALUES (audit_seq.NEXTVAL, user, time_now,
terminal, 'ChequeSecurityNumber ', 'DELETE', :old.Custacctnum);
-- for updates, record the primary key
-- of the row being updated
ELSE
INSERT INTO audit_table
VALUES (audit_seq.NEXTVAL, user, time_now,
terminal, 'ChequeSecurityNumber ', 'UPDATE', :old.Custacctnum);
-- and for CHQNUM and ACCTNO, record old and new values
IF UPDATING ('CHQNUM') THEN
INSERT INTO audit_table_values
VALUES (audit_seq.CURRVAL, 'CHQNUM',
:old.chqnum, :new.chqnum);
ELSIF UPDATING ('ACCTNO') THEN
INSERT INTO audit_table_values
VALUES (audit_seq.CURRVAL, 'ACCTNO',
-
7/29/2019 DataBase Trigger and Integrity
5/7
International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10
ISSN: 1837-7823
27
:old.acctno, :new.acctno);
END IF;
END IF;
END;
/
3.4 Automatic generation of derived column values
Triggers can derive column values automatically based upon a value provided by an INSERT or UPDATE
statement. This type of trigger is useful to force values in specific columns that depend on the values of other
columns in the same row. BEFORE row triggers are necessary to complete this type of operation because [11]
The dependent values must be derived before the insert or update occurs so that the triggering statementcan use the derived values.
The trigger must fire for each row affected by the triggering INSERT or UPDATE statement.The following illustrates how a trigger can be used to derive new column values for a table whenever a row is
inserted or updated.
BEFORE INSERT OR UPDATE OF cname ON coustomer
/* before updating the CNAME field, derive the values for
the UPPERNAME and SOUNDEXNAME fields. Users should be
restricted from updating these fields directly. */
FOR EACH ROW
BEGIN
:new.uppername := UPPER(:new.cname);
:new.soundexname := SOUNDEX(:new.cname
END;
3.5Prevention of Invalid Transactions
Database triggers provides the functionality to validate and cancel invalid INSERT, UPDATE, or DELETE
transactions or to prevent changes to your database schema. This can be accomplished by incorporating validation
logic into the trigger and then rolling back the current transaction if the action does not meet the validation criteria.
The trigger below performs simple validation of INSERT statements on a table. If the inserted integer value is equal
to one, the transaction is rolled back and the value is not inserted into the table. The Transact-SQL script below
creates a test table, assembly, and managed stored procedure. Note that the two INSERT statements are wrapped in a
try/catch block so that the exception thrown when the trigger finishes execution is caught.[11]
-- Create the test table, assembly, and trigger.
CREATE TABLE Table1(c1 int);go
CREATE ASSEMBLY ValidationTriggers from '||:\\
ValidationTriggers.dll';
go
CREATE TRIGGER trig_InsertValidator
ON Table1
FOR INSERT
-
7/29/2019 DataBase Trigger and Integrity
6/7
International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10
ISSN: 1837-7823
28
AS EXTERNAL NAME ValidationTriggers.Triggers.trig_InsertValidator;
go
BEGIN TRY
INSERT INTO Table1 VALUES(42)
INSERT INTO Table1 VALUES (1)END TRY
BEGIN CATCH
SELECT ERROR_NUMBER () AS ErrorNum, ERROR_MESSAGE() AS ErrorMessage
END CATCH;
-- Clean up.
DROP TRIGGER trig_InsertValidator;
DROP ASSEMBLY ValidationTriggers;
DROP TABLE Table1
4. Conclusion
Data integrity is an important part of an organization daily operations and technology has a vital part to play in
ensuring adequacyof data integrity. With the rising complexity of data integrity challenges, database triggerstechniques go a long way to improving the effectiveness of data integrity issues. The use of the various database
trigger techniques such as prevention of invalid transactions, financial business rule enforcement, sophisticated
auditing and automatic column values derivation. Database trigger therefore has an important role to play in the
enforcement of data integrity that would be capable of standing up to data integrity challenges we face in our
operating environment today.
-
7/29/2019 DataBase Trigger and Integrity
7/7
International Journal of Computational Intelligence and Information Security, December 2012 Vol. 3, No. 10
ISSN: 1837-7823
29
References
[1] Baker,W. H., Hutton, A., Hylender, C. D., Novak, C., Porter, C., Sartin, B., Tippett, P., & Valentine, J. A.
(2009). The 2009 data breach investigations report.[1] Dr. Ramon Barquin (2007). Data Integrity and Business
Intelligence.
[2] Caruso, F., M. Cochinwala, U. Ganapathy, G. Lalk, and P. Missier. "Telcordias Database Reconciliation andData Quality Analysis Tool." VLDB, 2000: 615-618.
[3] Ceri, S. ; Cochrane, R. J. & Widom, J. (2000). Practical Applications of Constraints Triggers: Successes
and Lingering Issues. Proceedings of 26th.VLDB Conference, CairoEgypt, September 2000.
[4] Chandrasekaran, S. & Kehoe, B. (2003). Technical comparison of Oracle real application clusters vs.
IBM DB2 UDB ESE.
[5] Craig Mullins and Steve Callan (2004). Collaborative computing.
[6] Craig Buckler, 2011 database triggers operations and constraints. Crossman, P. (2007). The Less-
Than-Obvious Costs of Ignoring Data Architectures .Wall Street & Technology.
[7] David H. Olsen, Olga Yatsenko and Nicole Forsgren Meek ,ENHANCING DATABASE INTEGRITY
AND PROCESS AUTOMATION THROUGH SMART TRIGGERS ( IACI 2002): 490-496
[8]Eric N. Hanson(2010). integrity constraints in a transaction database using triggers
[9] Fergal Glynn (2012). Ensuring database integrity checks.
[10] Steven H. Blackwell (2007). The importance maintaining data integrity and availability.[11] Trigger Functions, SQL Server 2012 http://msdn.microsoft.com/en-us/library/ff848758.aspx
[12] Y Jin (2009). A framework of fuzzy triggers for XML database systems.
[13] Juff Ash(2006). Using triggers to maintain database integrity .
[14] Sapna (2010). Enforcing data integrity through triggers
[15] Shivprasad koirala, Implementing Audit Trail using Trigger 2009
[16] Jorge H. Doom & Laura C. Rivero (2002).Database integrity challenges& solutions.
[17] Md. Marufuzzamn (2009). Overview of database triggers