1) Suppose Garden Glory identifies three groups of users: managers, administrative per- sonnel, and system administrators. Suppose further that the only job of administrative personnel is to make Service Update Transactions. Managers can make Service Update Transactions and Service Updates for New Employee Transactions. System administra- tors have unrestricted access to the tables. Describe processing rights that you think would be appropriate for this situation. Use Figure 6-19 as an example. What prob- lems might this security system have?

2. Garden Glory has developed the following procedure for backup and recovery. The company backs up the database from the server to a second computer on its network each night. Once a month, it copies the database to a CD and stores it at a manager's house. It keeps paper records of all services provided for an entire year. If it ever loses its database, it plans to restore it from a backup and reprocess all service requests. Do you think this backup and recovery program is sufficient for Garden Glory? What problems might occur? What alternatives exist? Describe any changes you think the company should make to this system.

Answer:

1. Given the three types of users namely managers, administrative personnel and system administrator it is quite evident that there are different access restrictions for these different types of users. Also since it is mentioned that managers have rights and access to update the tables and system administrators have unrestricted access for tables it is possible to have recurrent transactions or cascading updates happening over a single table. Problems in connection with load on database, multiple users trying to access the same table, same update or delete operations happening over a table might occur. The solution to solve this would be to have a procedure that gets triggered when a manager makes an update or a delete, which generates the transactions happening on the table such that based on this audit other users can judge their transaction and decide not to operate or to make operations with approval on a particular data such that there is no extensive load and redundancy of data.

2. As per the mentioned scenario, back ups are taken in CD which is in turn stored in the manager's location. The major problem with this kind of storage is that over time, the CD may get corrupt leading to loss of data. It is possible to lose the data due to theft of hardware or a calamity that might result in damage of CD. With the growing digital world and the networking scenario, the best solution to this scenario would be to store the information onto a cloud storage or server such that it might be highly secure and also easy to access.