As a DCAE maintainer, I would all DCAE components have DB access be complaint to below requirement 

1.Application container must not access DB as a root
2.Dedicated user with privileges limited to only those really required should be used
3.Application may initialized DB using root account from a dedicated job container

All service components using pgaas plugin are complaint by default. Following components will need to be assessed.

• DCAE-Dashboard (Platform component using PG)
• DCAE-Inventory (Platform comping using PG)
• TCA-gen2 (mongo)
• Heartbeat (Postgres)
• PM-Mapper (mongo)
• SON-handler 
• DataLake-Feeder 

+ New Microservices being introduced for Guilin (DES, Slice Analysis MS)

02/12/2021  - DCAE Dashboard/Inventory update are not required. These components will be deprecated once DCAE Helm transformation work is done.