1 sa capstone requirements and design week 8 syst36367 - winter 2014 some slides adapted from:...
TRANSCRIPT
1
SA Capstone Requirements and Design
Week 8
SYST36367 - Winter 2014
Some slides adapted from: Systems Analysis and Design in a Changing World, 6th Edition, Satzinger, Jackson, Burd, CENGAGE Learning, 2012
Lesson Objectives• Building a Database Model• Design System Security & Controls• Generating Storyboards• Generating Wireframes• Design Operational & Executive Reports• User Interface Guidelines (validation, control selection,
layout, responsive design, etc.)
2
Building a Database Model• Ensure that all the tables, fields and relations are
appropriate and optimized for the application• Specifically, look to:
– Ensure that all entities have been identified– Ensure that all fields and keys for each table have been identified– Partition the entities optimally between tables– Eliminate redundancies in data– Ensure that the relations are appropriate – Look for many to many relations and reduce them to one to many
relations– Provide support for an audit trail which is essential for debugging,
securing and administering a system
3
Systems Analysis and Design in a Changing World, 6th Edition
Designing Relational DatabasesBased on the Domain Model Class Diagram
1. Create a table for each class2. Choose a primary key for each table (invent one, if necessary)3. Add foreign keys to represent one-to-many associations4. Create new tables to represent many-to-many associations5. Represent classification hierarchies6. Define referential integrity constraints7. Evaluate schema quality and make necessary improvements8. Choose appropriate data types9. Incorporate integrity and security controls
5
Systems Analysis and Design in a Changing World, 6th Edition
The Need for System Controls• A furniture store sells merchandise on credit with internal financing.
Salespeople sometimes sell furniture on credit to friends and relatives. How do we ensure that only authorized employees can extend credit and record payments and adjustments to credit accounts?
• A bookkeeper uses accounting software to generate electronic payments to suppliers. How does the system ensure that the payment is for goods or services that were actually received? How does the system ensure that no one can generate payments to a bogus supplier?
• An online retailer collects and stores credit card and other information about customers. How does the company ensure that customer data is protected and secure?
6
Systems Analysis and Design in a Changing World, 6th Edition
Designing System Controls• Controls -- mechanisms and procedures that are built
into a system to safeguard the system and the information within it
• Integrity control -- a control that rejects invalid data inputs, prevents unauthorized data outputs, and protects data and programs against accidental or malicious tampering
• Security controls -- are part of the operating system and the network and tend to be less application specific.
• There is some overlap between Integrity and Security controls
7
Systems Analysis and Design in a Changing World, 6th Edition
Integrity ControlsInput Controls
• Input control -- a control that prevents invalid or erroneous data from entering the system
• value limit control -- a control that checks numeric data input to ensure that the value is reasonable
• completeness control -- a control that ensures that all required data values describing an object or transaction are present
• data validation control -- a control that ensures that numeric fields that contain codes or identifiers are correct
• field combination control -- a control that reviews combinations of data inputs to ensure that the correct data are entered
9
Systems Analysis and Design in a Changing World, 6th Edition
Integrity ControlsAccess controls, Transaction logging, Complex update controls,
Output controls• Access control -- a control that restricts which persons or programs can
add, modify, or view information resources• Transaction logging -- a technique by which any update to the database is
logged with such audit information as user ID, date, time, input data, and type of update
• Complex update control -- a control that prevents errors that can occur when multiple programs try to update the same data at the same time or when recording a single transaction requires multiple related database updates
• Output control -- a control that ensures that output arrives at the proper destination and is accurate, current, and complete
10
Systems Analysis and Design in a Changing World, 6th Edition
Integrity ControlsRedundancy, Backup, and Recovery
• Designed to protect data from hardware failure and catastrophes
• Redundancy – continuous access to data through redundant databases, servers, and sites
• Backup – procedures make partial or full copies of a database to removable storage media, such as magnetic tape, or to data storage devices or servers at another site
• Recovery – procedures read the off-site copies and replicate their contents to a database server that can then provide access to programs and users.
11
Systems Analysis and Design in a Changing World, 6th Edition
Integrity ControlsTo Prevent Fraud
• Fraud triangle -- model of fraud that states that opportunity, motivation, and rationalization must all exist for a fraud to occur– Opportunity—the ability of a person to take actions that perpetrate
a fraud. For example, unrestricted access to all functions of an accounts payable system enables an employee to generate false vendor payments.
– Motivation—a desire or need for the results of the fraud. Money is the usual motivation, although a desire for status or power as well as a need to be a “team player” may be contributing factors.
– Rationalization—an excuse for committing the fraud or an intention to “undo” the fraud in the future. For example, an employee might falsify financial reports to stave off bankruptcy, thus enabling fellow workers to keep their jobs.
12
Systems Analysis and Design in a Changing World, 6th Edition
Security ControlsAccess Controls
• Authentication -- the process of identifying users who request access to sensitive resources
• Authorization -- the process of allowing or restricting a specific authenticated user’s access to a specific resource based on an access control list
• Multifactor authentication -- using multiple authentication methods for increased reliability
• Unauthorized user -- a person who isn’t allowed access to any part or functions of the system
• Registered user -- a person who is authorized to access• Privileged user -- a person who has access to the source code, executable
program, and database structure of the system
14
Generating Wireframes & Story Boards
• Refer to the Example provided in the Wiki
16
Interface Design- Wireframes
• Hi-Fi Design– Detailed structure– Formal or final labels– Use of Placeholders– Images if possible
Systems Analysis and Design in a Changing World, 6th Edition
23
Dialog Design
• For each use case, think of the natural flow of a dialog between user and computer– Based on the flow of activities in use case
description and/or the system sequence diagram– Create a storyboard of the dialog, showing the
sequence of sketches of the screen each step of the dialog. (storyboarding)
– Review the storyboard with users
Generating Storyboards
26
Here is a great link explaining Storyboards and Wireframes on AgileModeling.com
GUI Background GUIs are NOT just about “eye candy” The GUI is the most important aspect of many apps to many
customers Apple, Microsoft, Google and others spend billions on GUI R&D Most Developers today can NOT ignore the importance of GUIs Many Developers still think that GUIs are frivolous and can be left
to the latter stages of product development! Most customers will NOT accept a poor GUI with the hope that it
will become good one day
27
More GUI Background Our world today is flooded with GUIs from many applications
including: Desktop Applications Web Applications Mobile Apps Home Electronics
We probably have all experienced the frustrations of using a poor GUI and the satisfaction and productivity improvements associated with a good GUI
Good news: We ALL have extensive GUI experience that we can leverage!
28
GUI Design• GUI Design for most of us is about:
1. Understanding and modeling how end users of our products currently work
2. Reflecting about how we can improve the way they work3. Applying the GUI techniques of others to our own GUIs4. Planning our design5. Involving the customer (prototyping, etc.)
29
Bad User Interfaces• Are Visually Unappealing• Are Hard to Use• Lead to user entry errors• Make processes more difficult, time consuming and complicated that they should be• Waste time and money
• Frustrate users!
30
Good User Interfaces• Are Visually Appealing• Are Easy to Use• Eliminate most common user entry errors• Make processes fast and easy• Save time and money OR make lots of money
• Please users!
31
User Interface Control Tips• To avoid invalid user input and to make things easier for the user:
Use appropriate controls Allow the user to select from predefined lists where possible
• The MaskedTextBox control is an enhanced TextBox control which: Provides the user with guidance and prevents invalid data entry. Provides many predefined masks (phone number, IP address, etc.) that can be easily
selected at design time.
• Provide visual cues (ex. *) to indicate which fields are mandatory.
• Provide ToolTips, validation and online help for controls
32
UI Layout Tips• Ensure that controls are logically organized using container
controls (GroupBox, Panel, TabControl, etc.) • Ensure that the UI models the desired workflows in a natural way• Ensure that controls are aligned• Use icons, images and graphics to improve the look and feel• Optimize the usage of the screen space (provide adequate
spacing without unnecessary gaps)• Optimize the layout for various screen sizes (responsive design) • Use legible/clear fonts
33
More UI Layout Tips• Provide an appropriate Window icon and Title• Use large controls and fonts if space allows to accommodate
touch screen users• Anchor controls appropriately for Full Screen mode• Set the Control Tab Order appropriately
34
Resources• Microsoft’s Windows User Experience Interaction
Guidelines (http://msdn.microsoft.com/en-us/library/windows/desktop/aa511440.aspx)
• Apple’s Mac OS X Human Interface Guidelines (http://developer.apple.com/library/mac/#documentation/UserExperience/Conceptual/AppleHIGuidelines/Intro/Intro.html)
35
36
• Focus on Summary and Exception Reports which facilitate Business Decisions (ex. sales grouped by category)
• Avoid Detailed Reports especially when they are basically Data Dumps (ex. list of all sales)
• Output Forms (Invoices, Purchase Orders, etc.) do NOT assist with decision making so they do NOT qualify
• Remember that each report header should include:– Branding (Customer Logo and Company Name)– A Clear Title– The Date it was generated on– The Filter Conditions that were used to generate the report
• Reports should also provide Pagination Support meaning:– Page number is listed on every page (ie. 3 of 5)– Column/Field Headers are displayed on every page
Design Operational & Executive Reports
Deliverable 3 (Project Design) Let’s review Deliverable 3 together which is due in Week 10 For detailed instructions and a link to the rubric please visit the Wiki
37
38
Group Meetings
Please break into your Capstone Groups to plan and work on Deliverable 3!
We will be meeting with each group today to assess your progress and provide some advice