Sithum Database 2023
Sithum Database 2023
LO2 Develop a fully functional relational database system, based on an existing system design
Pass, Merit & Distinction P2 P3 M2 M3 D2
Descripts
Resubmission Feedback:
* Please note that grade decisions are provisional. They are only confirmed once internal and external moderation has taken place and
grades decisions have been agreed at the assessment board.
Assignment Feedback
Formative Feedback: Assessor to Student
Action Plan
Summative feedback
Assessor Date
signature
Student Date
signature
Pearson Higher Nationals in
Computing
Unit 04: Database Design & Development
Assignment 01
General Guidelines
1. A Cover page or title page – You should always attach a title page to your assignment. Use
previous page as your cover sheet and make sure all the details are accurately filled.
2. Attach this brief as the first section of your assignment.
3. All the assignments should be prepared using a word processing software.
4. All the assignments should be printed on A4 sized papers. Use single side printing.
5. Allow 1” for top, bottom , right margins and 1.25” for the left margin of each page.
1. The font size should be 12 point, and should be in the style of Time New Roman.
2. Use 1.5 line spacing. Left justify all paragraphs.
3. Ensure that all the headings are consistent in terms of the font size and font style.
4. Use footer function in the word processor to insert Your Name, Subject, Assignment No,
and Page Number on each page. This is useful if individual sheets become detached for any
reason.
5. Use word processing application spell check and grammar check function to help editing
your assignment.
Important Points:
1. It is strictly prohibited to use textboxes to add texts in the assignments, except for the
compulsory information. eg: Figures, tables of comparison etc. Adding text boxes in the body
except for the before mentioned compulsory information will result in rejection of your
work.
2. Carefully check the hand in date and the instructions given in the assignment. Late
submissions will not be accepted.
3. Ensure that you give yourself enough time to complete the assignment by the due date.
4. Excuses of any nature will not be accepted for failure to hand in the work on time.
5. You must take responsibility for managing your own time effectively.
6. If you are unable to hand in your assignment on time and have valid reasons such as illness,
you may apply (in writing) for an extension.
7. Failure to achieve at least PASS criteria will result in a REFERRAL grade .
8. Non-submission of work without valid reasons will lead to an automatic RE FERRAL. You will
then be asked to complete an alternative assignment.
9. If you use other people’s work or ideas in your assignment, reference them properly using
HARVARD referencing system to avoid plagiarism. You have to provide both in-text citation
and a reference list.
10. If you are proven to be guilty of plagiarism or any academic misconduct, your grade could be
reduced to A REFERRAL or at worst you could be expelled from the course
Student Declaration
I hereby, declare that I know what plagiarism entails, namely to use another’s work and to present
it as my own without attributing the sources in the correct form. I further understand what it
means to copy another’s work.
Issue Date
Submission Date
Submission format
Part 1: The submission should be in the form of an individual written report written in a concise,
formal business style using single spacing and font size 12. You are required to make use of
headings, paragraphs and subsections as appropriate, and all work must be supported with
research and referenced using Harvard referencing system. Please also provide in-text citation
and bibliography using Harvard referencing system. The recommended word limit is 3,000–
3,500 words, although you will not be penalised for exceeding the total word limit.
Part 2: The submission should be in the form of a fully functional relational database system
demonstrated to the Tutor; and an individual written report (please see details in Part 1 above).
Part 3: The submission should be in the form of a witness statement of the testing completed
by the Tutor; technical documentation; and a written report (please see details in Part 1 above).
Unit Learning Outcomes:
LO1 Use an appropriate design tool to design a relational database system for a substantial
problem.
LO2 Develop a fully functional relational database system, based on an existing system design.
LO3 Test the system against user and system requirements.
LO4 Produce technical and user documentation.
Assignment Brief and Guidance:
Assignment brief
Polly Pipe is a water sports provider and installer based in Braintree, England. They need you
to design and implement a database that meets the data requirements. These necessities are
defined in this scenario and below are samples of the paper records that the Polly Pipe
preserves.
Polly Pipe is focused in placing aquariums at business customers. Customers can request
several installations, but each installation is tailor-made for a specific customer. Facilities are
classified by type. One or more employees are assigned to each facility. Because these
facilities are often very large, they can include carpenters and masons as well as water
installers. The facilities use equipment such as aquariums, air pumps and thermostats. There
can be multiple computers in a facility.
Below are examples of paper records that Polly Pipe currently maintains.
Activity 1
1.1. Identify the user and system requirements to design a database for the above scenario
and design a relational database system using conceptual design (ER Model) by including
identifiers (primary Key) of entities and cardinalities, participations of relationships.
Convert the ER Model into logical database design using relational database model
including primary keys foreign keys and referential Integrities. It should contain at least
five interrelated tables. Check whether the provided logical design is normalised. If not,
normalize the database by removing the anomalies.
(Note:-It is allowed to have your own assumptions and related attributes within the scope of the case study
given)
1.2. Design set of simple interfaces to input and output for the above scenario using
Wireframe or any interface-designing tool. Evaluate the effectiveness of the given design (ERD
and Logical design) in terms of the identified user and system requirements .
Activity 2
Activity 2.1
a. Develop a relational database system according to the ER diagram you have created
(Use SQL DDL statements). Provide evidence of the use of a suitable IDE to create a
simple interface to insert, update and delete data in the database. Implement proper
security mechanisms in the developed database.
Evaluate the database solution developed and its effectiveness with relevant to the
user and system requirements identified, system security mechanisms (EX: -User
groups, access permissions) and the maintenance of the database.
Activity 2.2
a. Explain the usage of DML with below mentioned queries by giving at least one single
example per each case from the developed database. Assess the usage of the below
SQL statements with the examples from the developed database to prove that the
data extracted through them are meaningful and relevant to the given scenario.
Select/ Where / Update / Between / In / Group by / Order by / Having
Activity 3
Activity 3.1
Provide a suitable test plan to test the system against user and system requirements. provide
relevant test cases for the database you have implemented. Assess how the selected test
data can be used to improve the effectiveness of testing.
Note:- Learner needs to give expected results in a tabular format and screenshots of the actual results with
the conclusion
Activity 3.2
Get independent feedback on your database solution from the non-technical users and some
developers (use surveys, questioners, interviews or any other feedback collecting method)
and make recommendations and suggestions for improvements in a separate
conclusion/recommendations section.
Activity 4
Produce a technical documentation and a user guide for the developed database system.
Suitable diagrams diagrams (Use case diagram, class diagram, flow charts, DFD level 0 and 1)
should be included in the technical documentation to show data movement in the system.
Assess the developed database by suggesting future enhancements to ensure the
effectiveness of the system.
Grading Criteria Achieved Feedback
List of tables
For the Polly Pipe Aquarium Database System, the user requirements include the ability to
Add, Update, and Delete Customer, Employee, Equipment, and Installation Details. Specific
details to be included for each category are outlined as follows:
Customer Details:
- Customer Name
- Customer Address
- Mobile Number
Employee Details:
- Employee Name
- Telephone Number
- Address
- Date of Birth
- Employee Type
Equipment Details:
- Equipment Name
- Equipment Type
- Equipment Description
Installation Details:
- Installation Type
- Staff Assigned Period
- Installation Time
- Installation Address
These requirements serve as a comprehensive guide for the development of the Polly Pipe
Aquarium Database System, ensuring that it aligns with the expectations and needs of the
users.
System Requirement
The specification that a system must have for a piece of hardware or software to function
properly is known as the system requirements. Installation or performance issues may arise
in the system if these conditions are not met. The Installation problem may block the
installation of a system or application, whereas the performance may cause a product to
malfunction, perform inadequately, hang, or crash. Clients are often provided with these by
system developers and software development companies as part of the product. (Anon.,
2015)
For the Database system to operate, the following system requirements must be met on the
device.
SQL Server must be installed to run the Polly Pipe Aquarium Database System.
Functional Requirement
Non-Functional Requirement
Non-functional requirements encompass a set of specifications detailing the operational
capabilities and limitations of the system. These specifications are designed to enhance the
system's functionality in areas such as security, reliability, performance, maintainability,
scalability, and usability.
Entities
An entity is essentially a discernible real-world "object" that has existence. It should not be
classified as an "entity" until it is distinctly distinguishable from all other objects in the real
world. In the context of information, an entity within a database system is limited to the
specific "thing" or "object" for which data is stored or retrieved. Examples of entities
include an individual person, a singular product, or a specific organization.(AltexSoft,
2022)
1. Strong Entity:
2. Weak Entity:
- A weak entity, on the other hand, relies on another entity within the database for
its existence and cannot stand alone.
Attributes
Attributes refer to the characteristics or properties of an entity that are
represented in a highly informative table. In a data table, an entity is defined by a set of
fixed traits. For instance, creating a student entity involves specifying attributes such as roll
number, name, and course. The values assigned to these attributes for each student entity
provide validation and detail within the table.
1. Simple Attribute:
- A simple attribute cannot be further broken down into smaller, more relevant
components for the database.
2. Composite Attribute:
- Composite attributes are qualities that depend on another attribute and are
subdivided into smaller attributes.
3. Multi-Valued Attribute:
- A multi-valued attribute can have more than one value for a particular entity.
5. Stored Attribute:
6. Derived Attribute:
- A derived attribute can calculate its value based on the value of a stored attribute.
Relationship
Indeed, relationships in a database can be categorized into three types:
1. One-to-One Relationship:
- This type of connection links a record in one entity to exactly one record in another
entity. For instance, the relationship between employees and the cars they drive, where each
employee has one car for travel.
2. One-to-Many Relationship:
- In a one-to-many relationship, a record in one entity is linked to another entity that can
have multiple records. Take the example of a person and their mobile numbers; a person can
have multiple mobile numbers, but a mobile number is not shared with another person.
3. Many-to-Many Relationship:
- This connection occurs when multiple records in one entity are associated with a set of
multiple records in another entity. For example, consider the relationship between students
and course enrollment, where a student can enroll in multiple courses, and a course can have
multiple students.
Entities and Attributes for Polly Pipe Aquarium Database.
Customer – Entity
Customer ID - Attribute
Customer Name - Attribute
Customer Address - Attribute
Mobile Number - Attribute
Employee – Entity
Employee ID - Attribute
Employee Name - Attribute
Telephone Number - Attribute
Address - Attribute
Date of Birth - Attribute
Employee Type - Attribute
Equipment – Entity
Equipment No - Attribute
Equipment Name - Attribute
Equipment Type - Attribute
Equipment Description - Attribute
Installation – Entity
Installation No - Attribute
Installation Type - Attribute
Staff Assigned Period - Attribute
Installation Time - Attribute
Installation Address - Attribute
Equipment required - Attribute
No of Employees required – Attribute
- In software engineering, ER diagrams are commonly utilized during the design phases of
a software system project. They serve as a standard tool to identify various system
components and their interactions with one another.
Data Integrity
Certainly, data integrity is a critical aspect involving accuracy, validity, consistency, and
security, especially in legal contexts. It is achieved through a set of procedures,
guidelines, and standards implemented during the system's design phase.
1. Entity Integrity:
- In relational databases, professionals establish a primary key for each set of data to
distinguish it from others. This practice prevents null values and data duplication,
ensuring the uniqueness and identification of each dataset.
2. Referential Integrity:
- Referential integrity involves implementing rules into a database's architecture
regarding the use of foreign keys. This ensures a consistent and effective linkage of data
sets across the database, enabling reliable saving and retrieval of data.
3. Domain Integrity:
- Domain integrity encompasses procedures that guarantee the accuracy of data values
within a column. This involves restrictions on data type, format, and quantity, ensuring
that data adheres to specified protocols.
Data validation is also integral to maintaining data integrity, ensuring that data meets
predefined standards and criteria.
Data Validation
Data validation is the procedure of verifying the accuracy and quality of data. This
involves incorporating various checks into a system or report to ensure that both input and
stored data maintain logical consistency. In automated systems, data is often input with
minimal human monitoring. Therefore, ensuring the validity of the data entered into the
system is crucial to meet specified requirements and maintain overall data integrity.
Various forms of data validation exist, and some are outlined below.
A data type check verifies that the inputted information corresponds to the
correct data type. For instance, consider a field designed to accept only numeric values. In
such a scenario, the system should disallow any data containing extraneous characters,
such as letters or special symbols. The image below illustrates the implementation of a
data type check in data validation for a non-integer value along with an accompanying
error message.
Figure 3 Data Type Check
Format Check
Numerous data types adhere to specific formats. For example, date columns
often follow a predetermined format, such as "YYYY-MM-DD" or "DD-MM-YYYY."
Implementing a data validation method to verify the correct formatting of dates contributes
to maintaining uniformity across data and time. The image below illustrates a format check
applied to the date data type in the staff table, accompanied by a corresponding message.
Consistency Check
Database Normalization
Data Anomalies:
Data anomalies are problems that arise in a poorly managed, non-normalized database due
to data redundancy. Three types of data anomalies include:
Insert Anomaly:
An insertion anomaly occurs when it is impossible to add data to the database due to the
absence of other required data.
Update Anomaly:
An update anomaly results from data inconsistency caused by redundancy and incomplete
updating.
Delete Anomaly:
A deletion anomaly involves unintended data loss due to the deletion of other related data.
Purposes of Database Normalization
Normalization Rules:
Six normalization rules are commonly used:
The tables below provide examples of the 1st, 2nd, and 3rd normal forms, showcasing the
application of these normalization principles.
ID Courses
001 Diploma in IT
001 HND in Computing
002 HND in Tourism &
Hospitality
003 Diploma in BM
003 HND in BM
004 BeEng (Top-up) in
Software Engineering
Table 5 3NF (Third Normal Form)
Branch ID Branch
1 Colombo
2 Negombo
3 Ja-Ela
ID Courses
001 Diploma in IT
001 HND in Computing
002 HND in Tourism &
Hospitality
003 Diploma in BM
003 HND in BM
004 BeEng (Top-up) in
Software Engineering
Primary Key
A primary key is a singular column value utilized to uniquely identify each row within a
table. Key characteristics include:
Composite Key
A composite key is formed by combining two or more columns in a table to uniquely identify
each row. Key characteristics of a composite key are:
Foreign Key
Foreign keys are columns that establish connections between two or more tables, typically
representing primary keys of another table.
Login Form
This form is utilized for user login, where correct input of the username and password leads
to the display of the Main Menu.
Figure 5 Login Form
Staff Form
This form serves the purpose of documenting personnel details for Polly Pipe
Company. Each employee is assigned a unique ID number, and their information can be
efficiently retrieved by entering the ID in the "Employee No" field. This form simplifies the
task of maintaining employee records and facilitates the allocation of tasks based on
relevant installations. The database is regularly updated to reflect changes, such as staff
resignations and new hires. In instances of issues related to employee attendance or other
personnel matters, this record proves instrumental in monitoring and managing employee-
related concerns.
Figure 8 Staff Form
Customer Form
This Customer Menu within the Polly Pipe system prominently features
options for registering, updating, and deleting customer information. The menu is
specifically designed for entering customer details into the system. Given the large-scale
nature of Polly Pipe's business organization, maintaining comprehensive customer data is
crucial. In the event of any issues or concerns raised by customers regarding services,
having readily available customer records significantly enhances the efficiency of resolution
processes.
This interface facilitates the easy editing of Polypipe company's equipment records by
administrators. It proves highly convenient for updating the installation menu as
administrators can utilize the equipment records stored in the database through the
equipment menu interface.
SQL Commands
SQL, which stands for Structured Query Language, comprises commands that serve as
instructions to interact with databases, enabling operations, functions, and data queries. SQL
commands are versatile and can be employed for various tasks, including searching the
database, creating tables, adding or modifying data, and deleting tables.
For creating the Polly Pipe database system, the primary SQL commands employed are
DDL and DML.
Data Control Language (DCL):
DCL commands deal with the control of access to data.
To create the Polypipe database system, Microsoft SQL Server Management Studio version
18.12.1 was used. Below are the pieces of evidence, comprising queries, employed in
creating the database system. (Note: The specific queries are not provided in your message;
if you have queries to discuss or need assistance with, please provide them.)
Login Table
Customer Table
I utilized queries to input four values into the customer table, representing
previous customers associated with Polypipe. The screenshot below displays the queries
along with the customer details encompassing four columns in the customer database. The
system application provides users with the capability to modify existing customer data or
append new data to the database.
Installation Table
Staff Table
Equipment Table
Four sets of equipment data have been incorporated, and the company can
easily identify and manage equipment using the unique equipment ID provided in the
equipment table. This table facilitates the efficient allocation of required equipment for
installations within the company.
Evidence of the use of a suitable IDE to create a simple interface to insert,
update and delete data in the database.
Insert
I employed the registration button within the Pollypipe system's graphical user
interface (GUI) to enter information into the database. The evidence of successfully
Figure 16 Insert
As depicted in the image above, I have successfully registered a new customer. The
subsequent picture illustrates the registered customer data displayed in the data grid
view.
The following image displays the C# code associated with the register button, along with
the corresponding SQL query that is utilized.
The
SQL SQL statement utilized in Visual Studio to perform an insertion operation using Data
Manipulation Language (DML)
Update
I utilized the update button within the Pollypipe system's graphical user
interface (GUI) to modify pre-existing data in a table. The confirmation of the
update on the customer table is visible below. The specific column updated is
the "Mobile Number-466378" column for "Customer No-14," and it has been
changed to "Mobile Number-4663985.
The form below shows the Updated value of the customer table.
Figure 17 Update
The following images depict the C# code associated with the update button, along with the
corresponding SQL update query.
Delete
I employed the Delete button within the Pollypipe system's graphical user interface (GUI) to
remove the customer data row from the customer table with the identifier "Customer No-14."
The confirmation of this deletion is presented below.
Figure 18 Delete
The Picture below shows that there is no Customer data for Customer No- “14” in the Data
grid view of Customer GUI.
The following image displays the C# code associated with the Delete button in the Customer
Database Security
DBMS Configuration:
Configuring the database management system involves customizing both the system and the
database server. This allows control over the database server's operation and functionality.
Organized data structures, permissions, and access controls contribute to effective database
security.
Authentication:
Authentication is the process of verifying whether a user attempting to log into a system has
the necessary permissions. Implementing robust authentication measures is crucial for
controlling access to the database and ensuring only authorized users can interact with it.
Backups:
A secure database should incorporate a well-audited method for creating and managing
backups. Having reliable backups is crucial in mitigating the impact of data loss or theft,
ensuring that even if data is compromised, a backup is available for recovery.
Encryption:
Employing file encryption adds an extra layer of protection by rendering the contents of the
file unreadable to unauthorized individuals. In the event of data theft, encrypted files
provide an additional barrier, preventing unauthorized access even if the files are
compromised.
Here are some main database security threats that many companies face.
Insider threats
The most fundamental database threat is also the most challenging to predict – insider
threats. Individuals with authorized access to the database and its settings can compromise
data integrity in various ways. The following are types of insider threats:
Malicious Intent:
Occurs when someone with official access to the database intentionally steals,
leaks, or deletes information. This could be a disgruntled employee or an authorized partner
with harmful intentions.
Negligence:
Infiltration:
Takes place when an individual joins a team with the intent to steal the company's
data. This type of insider threat involves a person intentionally seeking access for malicious
purposes.
Injection Attacks:
Specifically targeted at databases or database management systems, injection
attacks involve cybercriminals inserting SQL or NoSQL attack strings into a database. False
strings are interpreted as genuine, posing a threat to the application's HTTP protocols and
data layers.
Backup attacks
Organizations often fall short in maintaining vigilance when it comes to
securing backup files. Frequently, they apply identical procedures and controls to backups
as those used for the primary database. This approach poses a significant risk as if the
primary database were compromised, an attacker could swiftly exploit the same
vulnerabilities in the backup. Another common mistake is either neglecting to secure backup
data comprehensively or lacking proper monitoring of their status.
These are the security mechanisms used for the database security of our
Pollypipe database system.
This security mechanism is used to restrict unauthorized access and to make sure
only eligible people such as the administrator and other administrative staff members can
access the database system.
Figure 19 Access control
Currently, only the administrator has been granted access to the Pollypipe database
system. User access is restricted solely to the administrator, who is responsible for managing
and overseeing the operations of the database system. This controlled access is implemented
to maintain a secure and centralized administration of the Pollypipe database, ensuring that
sensitive information and system functionalities are carefully managed and protected.
The above picture shows the username and password provided for an administrator.
Encryption
The mechanism employed to safeguard sensitive data, such as passwords, involves encoding
it through encryption algorithms, transforming readable characters into unreadable ones. In
the Pollypipe database system, we have successfully implemented this encryption
Figure 20 Encryption
mechanism, effectively securing our data against unauthorized access. The image below
illustrates that if the username or password is incorrect, the user will be denied access to the
system, showcasing the protective measures in place.
Usage of DML of SQL queries with examples per each case from the Pollypipe
Database.
In the realm of Data Manipulation Language (DML), there exist four statements
designed for the manipulation of database tables. The following delineates these four DML
statements along with corresponding examples. The provided DML queries serve as
evidence of table manipulation, specifically targeting the Staff table.
Figure 23 Select
Delete- Used to delete data from the database record.
Figure 24 Delete
Group By-
Figure 26 Group By
In-
Figure 27 In
Order by-
Figure 28 Order by
Where-
Figure 29 Where
The queries mentioned above, intended for the Staff table, are applicable to other
tables within the Pollypipe database. These queries prove particularly useful for modifying or
manipulating database tables, especially in emergency situations where the graphical user
interface (GUI) system software is temporarily shut down for maintenance purposes.
Activity 3
Test Cases
A test case refers to a sequence of operations performed on a system to assess
its adherence to system requirements and ensure proper functionality. The primary goal of a
test case is to assess the performance of different system features, verifying that they
operate as expected and confirming the system's alignment with pertinent requirements,
guidelines, and user specifications. Additionally, the process of developing a test case can
be instrumental in identifying flaws or errors within the system.
Below Picture are the pieces of evidence of the test cases for the above test case plans.
The feedback form and feedback response of the Database system are given
below.
Figure 34 feedback
Feedback response
When you open the Pollypipe Aquarium System a login interface will be displayed.
Username – Admin
Password – admin321
Once you log in, the Main Menu interface will be displayed as seen below.
Step 2 – Main Menu
Upon the display of the Main Menu, you can navigate to various interfaces
by selecting the corresponding buttons available within the Main Menu interface.
Customer
Staff
Installation
Equipment
Customer
You can see the following interface by clicking Customer in the main menu.
Figure 39 Customer
Through this interface, users have the capability to register, update, and delete
customer records. By choosing the "Customer No" option, users can initiate actions to either
update or delete a specific customer record from the system database.
Staff
By clicking the Staff in the main menu, you can see the following interface.
Figure 40 Staff
Within this interface, users have the ability to register, update, and delete employee
records. The employee records can be viewed by selecting the employee number from the
box located at the top, near the "Employee No."
Installation
The following interface will be viewed by clicking Installation in the main menu.
This interface provides users with the capability to register, update, and delete installation
records. The installation records can be viewed by selecting the installation number from the
box located at the top, near "Installation No."
Equipment
You can view the following interface by clicking Equipment in the Main Menu.
Figure 41 Equipment
The user can register, update, and delete an Equipment record using this interface.
You can view the equipment record by selecting the equipment ID from the box shown at
the top near Equipment No.
Technical Documentation
Software Requirement
The following requirements must be fulfilled for a good performance of the system.
System Login