Search code examples
databasedatabase-designmysqldatabase-security

Questions and considerations to ask client for designing a database


so as title says, I would like to hear your advices what are the most important questions to consider and ask end-users before designing database for their application. We are to make database-oriented app, with special attenion to pay on db security (access control, encryption, integrity, backups)... Database will also keep some personal information about people, which is considered sensitive by law regulations, so security must be good.

I worked on school projects with databases, but this is first time working "in real world", where this db security has real implications.

So I found some advices and questions to ask on internet, but here I always get best ones. All help appreciated! Thank you!


Solution

  • Some other specifics besides what has already been said:

    • Do you have any Regulatory requirements for data access and storage (Sarbanes-Oxley and HIPAA come to mind)
    • Do you need to be able to audit record changes
    • What internal controls do you need reflected in the database
    • What business rules must be followed under what circumstances
    • How large to you expect the data to get - the larger the data store expected the more critical to design with performance in mind from the start
    • How flexible do you want the system to be (do you want to be able to add columns on the fly? OR add business rules) Be careful with this one, make sure the client understands that flexibilty often comes at the cost of performance.
    • Do you need a separate data warehouse for reporting?
    • How do you need the data populated? Will it come from an application, multiple applications, data imports or a combination?
    • What databases do you currently have license for? Do you want to have this application use it?
    • Will different groups of users need different accesses?
    • How is the process currently being handled, can we have access to that database or see the current process in action. Observe, for a minimum of one day, the client using the current system. Take extensive notes, you will learn many things no one will think to tell you.
    • Do you need to migrate data from the old system