Question
European Investment Bank
PL
Last activity: 11 Jul 2024 3:09 EDT
Security Checklist - Secure Database Connections
I'd like to have more information regarding the step "Secure Database Connections" of the Security Checklist for Pega 24.1.
Specifically, the documentation says to avoid the "Use Configuration in Preferences" to define Database Connections, however in our instance that configuration is read-only due to the pzReadOnlyDatabase When rule.
I'd like to know what Pega recommends to secure the Database credentials. My question is relevant for the following Databases:
- PegaRULES
- PegaDATA
- PegaDATAReporting
Moreover, the recommendation is to "limit the capabilities and roles in the Pega Platform database account to restrict the ability to truncate tables, create or delete tables, or otherwise alter the schema". I would like to know what this means, as I believe the DB account used by Pega needs such privileges.
Thank you.
Pegasystems Inc.
IN
@Fabio StinchedduIn our comprehensive security checklist, we have curated the top practices for safeguarding data. One critical aspect highlighted is the protection of database connections, which are deemed sensitive information. Pega strongly advises securing credentials to prevent unauthorized access. It is crucial that these credentials are exclusively visible and editable by users with elevated privileges. When defining credentials within rules, ensure that access is restricted to high-privileged users. In the context of limiting capabilities, Pega's DB account necessitates certain privileges, but adherence to the principle of least privilege is paramount. Grant only the essential privileges and restrict access to necessary users and accounts.