Posted: 22 Sep 2017 11:51 EDT Last activity: 22 Jan 2020 1:57 EST
Direct database access for Pega applications
Hello! There are a lot of data breaches and my company is leading an effort to limit direct database access. As you know, Pega is very database intensive. For example, we use SQL tools, such as SQL Developer, to verify our database tables, structure changes, JAR files in the pr_engineclasses table, rule counts after a release, etc. Is there a way in the designer studio that will allow me to verify db structure changes, browse db tables, etc.?
If I am unable to have direct database access, how can developers/architects verify database changes, JAR files, etc. in the database? The database administrators will retain direct access, but the application support teams would lose their access.
At a high level, it seems that we will have to write a tool that will replace our existing sql tools.
Has anyone faced a similar situation? Do you have any suggestions?
***Updated by moderator: Lochan to tag SR details to post***
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Thank you for the link to the article. I was able to add the role and I can see the query inspector and query runner. However, if I run SQL, I get the error - There is no configuration (no Data-Admin-DB-Name instance) for database Read-only PegaRULES. Now, this is under the System:Database, which also includes the Optimize Schema and Modify Schema options. These options use the default PegaRules and PegaData.
I don't understand why I am not able to run SQL for the Query Runner but yet the system knows how to reference the schema for the Optimize Schema option. If it works for one, it should work for both. Right?
I am going to try a few things and see if I can get this to work. Thanks!
Posted: 3 years ago
Updated: 11 months ago
Posted: 17 Oct 2017 10:21 EDT Updated: 22 Jan 2020 1:57 EST
Hello! I opened a service request for this issue - SR-B82736. The resolution was to add 2 JDBC entries in WebSphere - "jdbc/PegaRULESReadOnly" and "jdbc/PegaDATAReadOnly". Then, add the corresponding entries into the prconfig.xml file, so that these entries would be picked up by the application: