• A) .You should write no more than 300 words for this part of the question.

• In the full Eventbase client record keeping system, as well as basic name and date of birth data there is more confidential and sensitive information held about the clients including addresses, credit card data, health/accessibility requirements (to be able to advise on location accessibility and/or event first aid facilities), car registration details for car-park booking, and so on.

  Eventbase exchange data with outside companies for some of the services they arrange for their clients. For example:

• when they send brochures to clients they send the name and address data to a bulk mailing company,
• when a client books car-parking at a location, the local car-park management company are sent the client name and car registration data for that event.

• When obtaining GDPR permissions, the clients are informed that Eventbase will hold all client data securely on their data servers and itemise the specific data items that will be shared with outside companies.

Considering the security and data management facilities for relational databases, describe how the company could ensure the client information can be adequately protected.

Your description should consider the full client table (which would contain all the details of their clients) and how only selected data can be made available to the applications and users that share data with the outside companies. You should assume that different users (marketing, sales, event handling, etc.) should only be given access to the data relevant to their roles within Eventbase.

You should draw on the principle of least privilege and the rules for controlled sharing when answering this question.

You do not need to demonstrate any SQL code for your answer to this question, but you might refer to SQL features in your answer.

• B) You should write no more than 300 words for this part of the question.

  During the initial prototype evaluation of the webshop, Eventbase discovered that some clients would add tickets to their online basket and then browse through the available add-ons for the event adding some add-ons to the basket. However, when they went to pay for the content of their basket they would be told that the event tickets could not be purchased as they had already been sold and the entire basket sale is rejected. This occurred most often for popular events when only a few tickets remained available and when the user had spent some considerable time browsing through the add-ons. When the data was examined, the tickets that had been in the users basket were showing as sold to another user.

  Briefly explain why the Eventbase webshop application described above could use a transaction management system capable of realising the ACID properties for transactions to prevent the above problem arising. You should include a description of how the above problem might have occurred, and which of the four ACID properties this particular example demonstrates.

  Why are the other three ACID properties important to Eventbase when developing the webshop? Give examples of the potential problems they could prevent.

  You do not need to write any SQL code for your answer to this question, but you may refer to SQL features in your answer.