1

SA Capstone Requirements and Design

Week 8

SYST36367 - Winter 2014

Some slides adapted from: Systems Analysis and Design in a Changing World, 6th Edition, Satzinger, Jackson, Burd, CENGAGE Learning, 2012

Lesson Objectives• Building a Database Model• Design System Security & Controls• Generating Storyboards• Generating Wireframes• Design Operational & Executive Reports• User Interface Guidelines (validation, control selection,

layout, responsive design, etc.)

2

Building a Database Model• Ensure that all the tables, fields and relations are

appropriate and optimized for the application• Specifically, look to:

– Ensure that all entities have been identified– Ensure that all fields and keys for each table have been identified– Partition the entities optimally between tables– Eliminate redundancies in data– Ensure that the relations are appropriate – Look for many to many relations and reduce them to one to many

relations– Provide support for an audit trail which is essential for debugging,

securing and administering a system

3

Systems Analysis and Design in a Changing World, 6th Edition

Designing Relational DatabasesBased on the Domain Model Class Diagram

1. Create a table for each class2. Choose a primary key for each table (invent one, if necessary)3. Add foreign keys to represent one-to-many associations4. Create new tables to represent many-to-many associations5. Represent classification hierarchies6. Define referential integrity constraints7. Evaluate schema quality and make necessary improvements8. Choose appropriate data types9. Incorporate integrity and security controls

5

Systems Analysis and Design in a Changing World, 6th Edition

The Need for System Controls• A furniture store sells merchandise on credit with internal financing.

Salespeople sometimes sell furniture on credit to friends and relatives. How do we ensure that only authorized employees can extend credit and record payments and adjustments to credit accounts?

• A bookkeeper uses accounting software to generate electronic payments to suppliers. How does the system ensure that the payment is for goods or services that were actually received? How does the system ensure that no one can generate payments to a bogus supplier?

• An online retailer collects and stores credit card and other information about customers. How does the company ensure that customer data is protected and secure?

6

Systems Analysis and Design in a Changing World, 6th Edition

Designing System Controls• Controls -- mechanisms and procedures that are built

into a system to safeguard the system and the information within it

• Integrity control -- a control that rejects invalid data inputs, prevents unauthorized data outputs, and protects data and programs against accidental or malicious tampering

• Security controls -- are part of the operating system and the network and tend to be less application specific.

• There is some overlap between Integrity and Security controls

7

Systems Analysis and Design in a Changing World, 6th Edition

Integrity and Security Controls

8

Systems Analysis and Design in a Changing World, 6th Edition

Integrity ControlsInput Controls

• Input control -- a control that prevents invalid or erroneous data from entering the system

• value limit control -- a control that checks numeric data input to ensure that the value is reasonable

• completeness control -- a control that ensures that all required data values describing an object or transaction are present

• data validation control -- a control that ensures that numeric fields that contain codes or identifiers are correct

• field combination control -- a control that reviews combinations of data inputs to ensure that the correct data are entered

9

Systems Analysis and Design in a Changing World, 6th Edition

Integrity ControlsAccess controls, Transaction logging, Complex update controls,

Output controls• Access control -- a control that restricts which persons or programs can

add, modify, or view information resources• Transaction logging -- a technique by which any update to the database is

logged with such audit information as user ID, date, time, input data, and type of update

• Complex update control -- a control that prevents errors that can occur when multiple programs try to update the same data at the same time or when recording a single transaction requires multiple related database updates

• Output control -- a control that ensures that output arrives at the proper destination and is accurate, current, and complete

10

Systems Analysis and Design in a Changing World, 6th Edition

Integrity ControlsRedundancy, Backup, and Recovery

• Designed to protect data from hardware failure and catastrophes

• Redundancy – continuous access to data through redundant databases, servers, and sites

• Backup – procedures make partial or full copies of a database to removable storage media, such as magnetic tape, or to data storage devices or servers at another site

• Recovery – procedures read the off-site copies and replicate their contents to a database server that can then provide access to programs and users.

11

Systems Analysis and Design in a Changing World, 6th Edition

Integrity ControlsTo Prevent Fraud

• Fraud triangle -- model of fraud that states that opportunity, motivation, and rationalization must all exist for a fraud to occur– Opportunity—the ability of a person to take actions that perpetrate

a fraud. For example, unrestricted access to all functions of an accounts payable system enables an employee to generate false vendor payments.

– Motivation—a desire or need for the results of the fraud. Money is the usual motivation, although a desire for status or power as well as a need to be a “team player” may be contributing factors.

– Rationalization—an excuse for committing the fraud or an intention to “undo” the fraud in the future. For example, an employee might falsify financial reports to stave off bankruptcy, thus enabling fellow workers to keep their jobs.

12

Systems Analysis and Design in a Changing World, 6th Edition

Integrity ControlsTo Prevent Fraud

13

Systems Analysis and Design in a Changing World, 6th Edition

Security ControlsAccess Controls

• Authentication -- the process of identifying users who request access to sensitive resources

• Authorization -- the process of allowing or restricting a specific authenticated user’s access to a specific resource based on an access control list

• Multifactor authentication -- using multiple authentication methods for increased reliability

• Unauthorized user -- a person who isn’t allowed access to any part or functions of the system

• Registered user -- a person who is authorized to access• Privileged user -- a person who has access to the source code, executable

program, and database structure of the system

14

Systems Analysis and Design in a Changing World, 6th Edition

Security Controls

Access Controls

15

Generating Wireframes & Story Boards

• Refer to the Example provided in the Wiki

16

Interface Design- Wireframes

• Lo-Fi Design– Basic structure– Minimal labels– Use of Placeholders

Interface Design- Wireframes

Interface Design- Wireframes

• Hi-Fi Design– Detailed structure– Formal or final labels– Use of Placeholders– Images if possible

Interface Design- Wireframes

Interface Design- Wireframes

• From your wireframe you can flush out your interface design.

Interface Design- Wireframes

Systems Analysis and Design in a Changing World, 6th Edition

23

Dialog Design

• For each use case, think of the natural flow of a dialog between user and computer– Based on the flow of activities in use case

description and/or the system sequence diagram– Create a storyboard of the dialog, showing the

sequence of sketches of the screen each step of the dialog. (storyboarding)

– Review the storyboard with users

24

From Dialog to Storyboard (part 1)

25

From Dialog to Storyboard (part 2)

Generating Storyboards

26

Here is a great link explaining Storyboards and Wireframes on AgileModeling.com

GUI Background GUIs are NOT just about “eye candy” The GUI is the most important aspect of many apps to many

customers Apple, Microsoft, Google and others spend billions on GUI R&D Most Developers today can NOT ignore the importance of GUIs Many Developers still think that GUIs are frivolous and can be left

to the latter stages of product development! Most customers will NOT accept a poor GUI with the hope that it

will become good one day

27

More GUI Background Our world today is flooded with GUIs from many applications

including: Desktop Applications Web Applications Mobile Apps Home Electronics

We probably have all experienced the frustrations of using a poor GUI and the satisfaction and productivity improvements associated with a good GUI

Good news: We ALL have extensive GUI experience that we can leverage!

28

GUI Design• GUI Design for most of us is about:

1. Understanding and modeling how end users of our products currently work

2. Reflecting about how we can improve the way they work3. Applying the GUI techniques of others to our own GUIs4. Planning our design5. Involving the customer (prototyping, etc.)

29

Bad User Interfaces• Are Visually Unappealing• Are Hard to Use• Lead to user entry errors• Make processes more difficult, time consuming and complicated that they should be• Waste time and money

• Frustrate users!

30

Good User Interfaces• Are Visually Appealing• Are Easy to Use• Eliminate most common user entry errors• Make processes fast and easy• Save time and money OR make lots of money

• Please users!

31

User Interface Control Tips• To avoid invalid user input and to make things easier for the user:

Use appropriate controls Allow the user to select from predefined lists where possible

• The MaskedTextBox control is an enhanced TextBox control which: Provides the user with guidance and prevents invalid data entry. Provides many predefined masks (phone number, IP address, etc.) that can be easily

selected at design time.

• Provide visual cues (ex. *) to indicate which fields are mandatory.

• Provide ToolTips, validation and online help for controls

32

UI Layout Tips• Ensure that controls are logically organized using container

controls (GroupBox, Panel, TabControl, etc.) • Ensure that the UI models the desired workflows in a natural way• Ensure that controls are aligned• Use icons, images and graphics to improve the look and feel• Optimize the usage of the screen space (provide adequate

spacing without unnecessary gaps)• Optimize the layout for various screen sizes (responsive design) • Use legible/clear fonts

33

More UI Layout Tips• Provide an appropriate Window icon and Title• Use large controls and fonts if space allows to accommodate

touch screen users• Anchor controls appropriately for Full Screen mode• Set the Control Tab Order appropriately

34

Resources• Microsoft’s Windows User Experience Interaction

Guidelines (http://msdn.microsoft.com/en-us/library/windows/desktop/aa511440.aspx)

• Apple’s Mac OS X Human Interface Guidelines (http://developer.apple.com/library/mac/#documentation/UserExperience/Conceptual/AppleHIGuidelines/Intro/Intro.html)

35

36

• Focus on Summary and Exception Reports which facilitate Business Decisions (ex. sales grouped by category)

• Avoid Detailed Reports especially when they are basically Data Dumps (ex. list of all sales)

• Output Forms (Invoices, Purchase Orders, etc.) do NOT assist with decision making so they do NOT qualify

• Remember that each report header should include:– Branding (Customer Logo and Company Name)– A Clear Title– The Date it was generated on– The Filter Conditions that were used to generate the report

• Reports should also provide Pagination Support meaning:– Page number is listed on every page (ie. 3 of 5)– Column/Field Headers are displayed on every page

Design Operational & Executive Reports

Deliverable 3 (Project Design) Let’s review Deliverable 3 together which is due in Week 10 For detailed instructions and a link to the rubric please visit the Wiki

37

38

Group Meetings

Please break into your Capstone Groups to plan and work on Deliverable 3!

We will be meeting with each group today to assess your progress and provide some advice