Data Base Systems

Some Thoughts

Ethics Guide–Nobody Said I Shouldn’t

• Kelly make a backup copy of his company’s

database on CD and took it home and installed it on his home computer.

• While performing queries on the database, he found customer order information and focused in on his friend Jason’s customer order entries.

• Kelly noticed that Jason gave huge discounts to

Valley Appliances but not to his other customers.

• At an after work gathering, Kelly asked Jason about the Valley Appliances discount telling him what he had been doing.

• When Kelly returned to work, he was fired.

Ethics Guide–Nobody Said I Shouldn’t (Continued)

Security Guide–Database Security

• The firewall, a computing device located between a firm’s internal network and external networks, prevents unauthorized access to the internal network.

• For the best security, the DBMS computer should be protected by a firewall, and then all other security measures should be designed as if the firewall has been breached.

Security Guide–Database Security (Continued)

• All operating systems and DBMS patches should be installed as soon as they become available.

• To prevent unauthorized access, no one other than authorized operations personnel should be able to directly access the computer that runs the DBMS.– Instead, all access should be via authorized applications

programs

• The computer running the DBMS should be secured behind locked doors, and visits to that room should be recorded in a log.

Security Guide–Database Security (Continued)

• All major DBMS products have extensive, built-in security features.– These features allow for the definition of user accounts

and user roles.– Each user account belongs to a specific person.– A role is a generic employee function, such as payroll

clerk or field salesperson.– Once an account is defined, it can be assigned specific

permissions, and it can also be assigned particular roles.

• Most DBMS products log failed attempts to sign on and produce other usage reports as well.

Security Guide–Database Security (Continued)

• The database administrator (DBA) should periodically monitor such logs and reports for suspicious activity.

• It is important to have a plan of action for security emergencies.

• The steps to be taken vary from database to database.

Problem Solving Guide–Immanuel Kant, Data Modeler

• Only the users can say whether a data model

accurately reflects their business environment.

• What happens when the user’s disagree among themselves?– It’s tempting to say, “The correct model is the one that

better represents the real world.” The problem with this statement is that data models do not model “the real world.”

– A data model is simply a model of what the data modeler perceives.

Problem Solving Guide–Immanuel Kant, Data Modeler (Continued)

• What happens when the user’s disagree among themselves? (continued)– This very important point can be difficult to understand;

but if you understand it, you will save many hours in data modeling validation meetings and be a much better data modeling member.

• Nothing that humans can do represent the real world.– A data model, therefore, is a model of a human’s model

of what appears to be “out there.”– For example, a model of a salesperson is a model of the

model that humans make of salespeople.

Problem Solving Guide–Immanuel Kant, Data Modeler (Continued)

• What do we do when people disagree about what should be in a data model?– First, we realize that anyone attempting to justify her

data model as a better representation of the real world is saying, quite arrogantly, “The way I think of the world is the way that counts.”

– Second, in times of disagreement we must ask the question, “How well does the data model fit the mental models of the people who are going to use the system?”

– The only valid point is whether it reflects how the users view their world.

• Will it enable the users to do their jobs?

Opposing Forces Guide:No, Thanks, I’ll Use a Spreadsheet

• I’m not buying all this stuff about databases.

– “I’ve tried them and they’re a pain-way too complicated to set up, and most of the time, a spreadsheet works just as well.”

– “No, unless you are a General Motors or Toyota, I wouldn’t mess with a database.”

– “You have to have professional IS people to create it and keep it running.”

– “Besides, I don’t really want to share my data with anyone.”

– “I work pretty hard to develop my client list.”– “Why would I want to give it away?”

Opposing Forces Guide:No, Thanks, I’ll Use a Spreadsheet (Continued)

• I’m not buying all this stuff about databases (continued)– “When I want something, I use Excel’s Data Filter.”– “I can usually get what I need.”– “Of course, I can’t still send form letters, but it really

doesn’t matter.”– “I get most of my sales using the phone, anyway.”

Reflection Guide–Requirements Creep

• Changing requirements is the biggest challenge for creating and managing databases and database applications.– The development team just finishes the order entry

database and applications when a user asks, innocently enough, “Where do I enter the second salesperson?”

– The development team responds “This is the first time I’ve heard of it. Why didn’t someone tell me this before?”

– Of course, the best way to solve this problem is not to have it in the first place; it would be better to learn of the need for multiple salesperson’s names long before the system is created.

Reflection Guide–Requirements Creep (Continued)

• It is very important for user involvement in both requirements specification and data model validation.

• Unfortunately, however, not all change requests are preventable.– Some occur only after a period of system use.

• An information system enables its users to behave in new ways, and as they behave in new ways, they think of new requirements for the system.