Secure Configuration and Access Controls: Database Profile Management: Ensure that the database profiles are securely configured and reviewed. Use encrypted connections to the database to protect data in transit. Access to the database should be restricted to authorized users and systems only. Default Schema Use: Limit the use of default schemas in databases, especially for operations involving sensitive data. Specify explicit schemas that segregate data access based on user roles and data sensitivity.
Data Handling and Integrity: Direct Insertions vs Stored Procedures: Use stored procedures instead of direct insertions whenevr whenever possible, as they allow for better control of the data manipulation logic and can encapsulate business rules and data validation steps. Transaction ID Management: Implement transaction ID management to ensure that each batch operation can be uniquely identified and managed. This helps in maintaining data integrity, particularly in rollback scenarios and inter-workflow communications.
Data Minimization and Retention: Field Mapping and Data Exposure: Minimize data exposure by configuring the agent to only handle necessary data fields. Sensitive data should be handled with extra care, potentially encrypting data before insertion. Data Retention Policies: Define data retention policies that specify how long data should be retained within the database. Automate the cleanup of old data to comply with these policies, ensuring that data is not kept longer than necessary.
Error Handling and Cleanup Procedures: Error Handling: Configure the agent to handle SQL exceptions and errors. Ensure that operations such as Run SP (Stored Procedure) at the end of data forwarding incorporate transaction safety measures to prevent data leakage or corruption. Cleanup Operations: Use Cleanup SP to define stored procedures that clean up data in case of workflow cancellation or error. This prevents orphaned data from accumulating.
Audit and Monitoring: Transaction Auditing: Enable detailed auditing for all transactions processed by the Database forwarding agent. Audit logs should capture key details about the transactions, including transaction IDs, timestamps, and user IDs wherever applicable.
For more information on functionality and configuration, see the Database Forwarding Agent section in the MediationZone documentation. | 