If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

MDM Server Application Properties

This article is intended to serve as a reference point for MDM server configuration. As such, it provides an overview of the available properties and, when applicable, refers users to more comprehensive sources. The properties described here are defined in the mdm-server/etc/application.properties file. For each property, you will find information about the required data type, its default value, and a short description. The Mandatory column specifies whether a property is required for the application to run and function as expected.

MDM Solution Configuration

The following properties point to files containing additional MDM settings. The paths are relative to the mdm.serverConfig file.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.mdm.mda.config-file`	String	`mda-config.xml`	Yes	The path to the MDM Web App configuration file (see MDM Web App Backend).
`ataccama.one.mdm.nme.config-file`	String	`nme-config.xml`	Yes	The path to the MDM Engine configuration file (see MDM Engine Configuration File).
`ataccama.one.mdm.config.config-folder`	String	`.`	Yes	The path to the directory containing configuration XML files. In self-managed deployments, you need to change it appropriately.
`ataccama.one.mdm.config.runtime-folder`	String	`${ataccama.one.mdm.config.config-folder}/../runtime`	Yes	The path to the `runtime` folder.

ataccama.one.mdm.mda.config-file

String

mda-config.xml

Yes

The path to the MDM Web App configuration file (see MDM Web App Backend).

ataccama.one.mdm.nme.config-file

String

nme-config.xml

Yes

The path to the MDM Engine configuration file (see MDM Engine Configuration File).

ataccama.one.mdm.config.config-folder

String

.

Yes

The path to the directory containing configuration XML files. In self-managed deployments, you need to change it appropriately.

ataccama.one.mdm.config.runtime-folder

String

${ataccama.one.mdm.config.config-folder}/../runtime

Yes

The path to the runtime folder.

User Settings Configuration

You can configure how and where MDM Web App user settings are stored. User settings include, for example, which columns users have chosen not to display, filter settings, column width settings, and others.

Name Data Type Default Value Mandatory Description

ataccama.one.mdm.user-settings.type

String

jdbc

Yes

inmemory - When the in-memory persistence is used, user settings are stored in the web server memory and are lost on server restart.
jdbc - When the database persistence is used, users settings are permanently stored in a database. The component creates all the necessary tables when the server is started for the first time.

Keep in mind that in HA mode the in-memory persistence cannot be used and the database persistence option might lead in some cases to inconsistent settings across nodes.

ataccama.one.mdm.user-settings.datasource

String

mdc_db

Yes

The name of the database.

ataccama.one.mdm.user-settings.table-prefix

String

us_

Yes

The tables created by the server have this prefix to distinguish them from other tables in the database.

Task Configuration

Use the follownig properties to configure tasks.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.mdm.task.datasource`	String	`mdc_db`	Yes	The name of the database that is used for storing tasks and drafts.
`ataccama.one.mdm.task.table-prefix`	String	`tasks_`	Yes	The prefix that is used for tables created while working with tasks.
`ataccama.one.mdm.task.automation.enabled`	Boolean	`true`	No	Enables automatic task creation.
`ataccama.one.mdm.task.automation.datasource.name`	String	`eh_db`	No	The name of the database that is used for storing events related to automatic tasks.
`ataccama.one.mdm.task.automation.datasource.prefix`	String	`tasks_`	No	The prefix that is used for tables created while working with automatic tasks.

ataccama.one.mdm.task.datasource

String

mdc_db

Yes

The name of the database that is used for storing tasks and drafts.

ataccama.one.mdm.task.table-prefix

String

tasks_

Yes

The prefix that is used for tables created while working with tasks.

ataccama.one.mdm.task.automation.enabled

Boolean

true

Enables automatic task creation.

ataccama.one.mdm.task.automation.datasource.name

String

eh_db

The name of the database that is used for storing events related to automatic tasks.

ataccama.one.mdm.task.automation.datasource.prefix

String

tasks_

The prefix that is used for tables created while working with automatic tasks.

MDM Features

Use these properties to configure specific MDM features and specify links to other applications.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.mdm.ai-matching.enabled`	Boolean	`false`	No	Enables AI Matching in MDM Web App.
`ataccama.client.connection.ai.host`	String	`localhost`	No	The IP address or the hostname of the server where AI Matching microservices are running.
`ataccama.client.connection.ai.grpc.port`	String	`8640`	No	The number of the AI Matching gRPC port.
`ataccama.one.mdm.mmm.enabled`	Boolean	`false`	No	Enables the communication between MDM and Metadata Management Module (MMM). If set to `true`, the Glossary button and the link to ONE in MDM Web App navigation are shown.
`ataccama.one.mdm.mmm.server-url`	String	`localhost:8021`	No	The URL for MMM (`mmm-be`).
`ataccama.one.mdm.mmm.webapp-url`	String	`localhost:8020`	No	The URL to the ONE Web Application (accessible from the left navigation panel).
`ataccama.one.mdm.mmm.cleaning-period`	String	`24`	No	Defines how often the MMM node structure is updated. Accepted units: `ns` (nanoseconds), us `(microseconds), `ms `(milliseconds), `s (seconds), `m` (minutes), `h` (hours), `d` (days). If not specified, the unit is `h`.
`ataccama.one.mdm.rdm.webapp-url`	Number	`8060`	No	The URL definition used as the RDM link in the MDM Web App navigation. To remove the icon from the navigation, set it to an empty value or remove the property completely.
`ataccama.one.mdm.notifications.enabled`	Boolean	`true`	No	Enables MDM notifications.
`ataccama.one.mdm.license-folder`	String	`./license`	No	Path from where the license file can be loaded (in addition to the user home folder). Relative to the MDM Server folder.
`ataccama.one.mdm.features.environment.reset.enabled`	Boolean	`true`	Yes	Enables the possibility to reset the environment from the new Admin Center (for user roles defined by the `ataccama.one.mdm.admin-center.full-access.required-roles` MDM Server application property).
`ataccama.one.mdm.server.refresh.dirs-to-delete`	String	/	No	Comma separated list of folders, files in which are deleted when the environment is reset.

ataccama.one.mdm.ai-matching.enabled

Boolean

false

Enables AI Matching in MDM Web App.

ataccama.client.connection.ai.host

String

localhost

The IP address or the hostname of the server where AI Matching microservices are running.

ataccama.client.connection.ai.grpc.port

String

8640

The number of the AI Matching gRPC port.

ataccama.one.mdm.mmm.enabled

Boolean

false

Enables the communication between MDM and Metadata Management Module (MMM). If set to true, the Glossary button and the link to ONE in MDM Web App navigation are shown.

ataccama.one.mdm.mmm.server-url

String

localhost:8021

The URL for MMM (mmm-be).

ataccama.one.mdm.mmm.webapp-url

String

localhost:8020

The URL to the ONE Web Application (accessible from the left navigation panel).

ataccama.one.mdm.mmm.cleaning-period

String

24

Defines how often the MMM node structure is updated. Accepted units: ns (nanoseconds), us `(microseconds), `ms `(milliseconds), `s (seconds), m (minutes), h (hours), d (days). If not specified, the unit is h.

ataccama.one.mdm.rdm.webapp-url

Number

8060

The URL definition used as the RDM link in the MDM Web App navigation. To remove the icon from the navigation, set it to an empty value or remove the property completely.

ataccama.one.mdm.notifications.enabled

Boolean

true

Enables MDM notifications.

ataccama.one.mdm.license-folder

String

./license

Path from where the license file can be loaded (in addition to the user home folder). Relative to the MDM Server folder.

ataccama.one.mdm.features.environment.reset.enabled

Boolean

true

Yes

Enables the possibility to reset the environment from the new Admin Center (for user roles defined by the ataccama.one.mdm.admin-center.full-access.required-roles MDM Server application property).

ataccama.one.mdm.server.refresh.dirs-to-delete

String

Comma separated list of folders, files in which are deleted when the environment is reset.

Keycloak Configuration

The following properties configure Keycloak. See Encrypt Passwords for information about how to encrypt passwords.

Name Data type Default Value Mandatory Description

ataccama.authentication.keycloak.realm

String

ataccamaone

Yes

The name of the Keycloak realm.

ataccama.authentication.keycloak.base-url

String

localhost:8083

Yes

The Keycloak base URL.

Do not use / in the end of the URL.

ataccama.authentication.keycloak.server-url

String

${ataccama.authentication.keycloak.base-url}/auth

Yes

The URL of the server where Keycloak is running.

ataccama.authentication.keycloak.admin.client-id

String

mdm-admin-client

Yes

The client identifier used to verify the admin user authorization token.

ataccama.authentication.keycloak.admin.secret

String

mdm-admin-client-s3cret

Yes

The secret key of the client identifier for the admin account. Secret keys can be generated using Keycloak. Used by BASIC and SECRET_JWT strategies.

ataccama.authentication.keycloak.token.client-id

String

mdm-token-client

Yes

The client identifier. Used to verify a user authorization token and to log in a user.

ataccama.authentication.keycloak.token.secret

String

mdm-token-client-s3cret

Yes

The secret key of the client. Secret keys can be generated using Keycloak. Used by BASIC and SECRET_JWT strategies.

ataccama.authentication.keycloak.token.issuer

String

${ataccama.authentication.keycloak.server-url}/realms/${ataccama.authentication.keycloak.realm}

Yes

Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer.

SSL

Use these properties to set up SSL.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`server.ssl.enabled`	Boolean	`true`	No	Enables SSL.
`server.ssl.key-store`	String	/	No	The full path to the keystore.
`server.ssl.key-store-password`	String	/	No The password for decrypting the keystore. Used if the keystore is encrypted (recommended).	`server.ssl.key-password`
String	/	No	The password for the private key. Used if the private key is encrypted.	`server.ssl.trust-store`
String	/	No	The full path to the truststore.	`server.ssl.trust-store-password`

server.ssl.enabled

Boolean

true

Enables SSL.

server.ssl.key-store

String

The full path to the keystore.

server.ssl.key-store-password

String

No The password for decrypting the keystore. Used if the keystore is encrypted (recommended).

server.ssl.key-password

String

The password for the private key. Used if the private key is encrypted.

server.ssl.trust-store

String

The full path to the truststore.

server.ssl.trust-store-password

Logging

The following properties configure logging.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`logging.level.root`	String	`INFO`	No	The root logging level. Available values are `INFO`, `WARN`, `ERROR`, `DEBUG`, `OFF`.
`logging.level.com.ataccama`	String	`INFO`	No	The logging level for `com.ataccama` packages. Available values are `INFO`, `WARN`, `ERROR`, `DEBUG`.
`logging.file.path`	String	`./log`	No	The path to the logging file.
`logging.config`	String	`classpath:logback-spring.xml`	No	The path to the custom logback configuration file.
`ataccama.logging.plainTextConsoleAppender`	Boolean	`true`	No	If set to `true`, logs are outputted as plain text in the console.
`ataccama.logging.jsonConsoleAppender`	Boolean	`false`	No	If set to `true`, logs are outputted in JSON format in the console.
`ataccama.logging.plainTextFileAppender`	Boolean	`false`	No	If set to `true`, logs are outputted as plain text in the log file.
`ataccama.logging.jsonFileAppender`	Boolean	`false`	No	If set to `true`, logs are outputted in JSON format in the log file.
`ataccama.one.mdm.db.logging.long-running-operation`	String	`10s`	No	The minimum duration of a logged SQL request. Shorter requests are excluded from the log. Accepted units: `ns` (nanoseconds), `us` (microseconds), `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours), `d` (days).
`ataccama.one.mdm.db.logging.show-parameters`	Boolean	`false`	No	If set to `true`, the SQL request parameters that are hidden by default and can contain sensitive data are shown. Should not be set to `true` on systems compliant with the PCI-DSS.
`logging.level.com.ataccama.mdm.persistence`	String	`INFO`	No	Defines the logging level: `INFO` - only logs long-running operations `DEBUG` - logs all SQL SELECT operations `WARN` - only logs failed SELECT operations

logging.level.root

String

INFO

The root logging level. Available values are INFO, WARN, ERROR, DEBUG, OFF.

logging.level.com.ataccama

String

INFO

The logging level for com.ataccama packages. Available values are INFO, WARN, ERROR, DEBUG.

logging.file.path

String

./log

The path to the logging file.

logging.config

String

classpath:logback-spring.xml

The path to the custom logback configuration file.

ataccama.logging.plainTextConsoleAppender

Boolean

true

If set to true, logs are outputted as plain text in the console.

ataccama.logging.jsonConsoleAppender

Boolean

false

If set to true, logs are outputted in JSON format in the console.

ataccama.logging.plainTextFileAppender

Boolean

false

If set to true, logs are outputted as plain text in the log file.

ataccama.logging.jsonFileAppender

Boolean

false

If set to true, logs are outputted in JSON format in the log file.

ataccama.one.mdm.db.logging.long-running-operation

String

10s

The minimum duration of a logged SQL request. Shorter requests are excluded from the log. Accepted units: ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), d (days).

ataccama.one.mdm.db.logging.show-parameters

Boolean

false

If set to true, the SQL request parameters that are hidden by default and can contain sensitive data are shown. Should not be set to true on systems compliant with the PCI-DSS.

logging.level.com.ataccama.mdm.persistence

String

INFO

Defines the logging level:

INFO - only logs long-running operations
DEBUG - logs all SQL SELECT operations
WARN - only logs failed SELECT operations

Logging Filters

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`logging.filter.on`	Boolean	`false`	No	To log requests made to MDM Server endpoints, set to `true`.
`logging.filter.url`	String	/	No	Used to filter logs by URL. If set to a specific endpoint, only traffic for that endpoint will be logged.
`logging.filter.includeHeaders`	Boolean	`false`	No	Defines if logs for MDM Server endpoints store the request’s HTTP headers. To log headers, set the value to `true`.
`logging.filter.includePayload`	Boolean	`true`	No	Defines if logs for MDM Server endpoints store the request’s payload. To log payloads, set the value to `true`.
`logging.filter.maxPayloadLength`	Number	`10000`	No	Sets the maximum length of the request’s payload expressed in characters. When the request’s payload exceeds this number, the payload is truncated and logs store only the characters within the limit.
`logging.filter.includeQueryString`	Boolean	`true`	No	Defines if logs for MDM Server endpoints store the query string parameters sent with the request. To log all string parameters, set the value to `true`.
`logging.filter.includeClientInfo`	Boolean	`true`	No	Defines if logs for MDM Server endpoints store information about the client that made the request. To log client information, set the value to `true`.
`logging.filter.maskedHeaders`	String	`host,authorization`	No	A list of HTTP headers that are masked in the logs. This is used to prevent leaking sensitive data, such as authentication tokens.
`logging.filter.allowRequestHeaderList`	String	/	No	A list of HTTP headers that will be logged (other headers will not be logged). Cannot be used together with `logging.filter.denyRequestHeaderList`.
`logging.filter.denyRequestHeaderList`	String	/	No	A list of HTTP headers that will not be logged (other headers will be logged). Cannot be used together with `logging.filter.allowRequestHeaderList`.

logging.filter.on

Boolean

false

To log requests made to MDM Server endpoints, set to true.

logging.filter.url

String

Used to filter logs by URL. If set to a specific endpoint, only traffic for that endpoint will be logged.

logging.filter.includeHeaders

Boolean

false

Defines if logs for MDM Server endpoints store the request’s HTTP headers. To log headers, set the value to true.

logging.filter.includePayload

Boolean

true

Defines if logs for MDM Server endpoints store the request’s payload. To log payloads, set the value to true.

logging.filter.maxPayloadLength

Number

10000

Sets the maximum length of the request’s payload expressed in characters. When the request’s payload exceeds this number, the payload is truncated and logs store only the characters within the limit.

logging.filter.includeQueryString

Boolean

true

Defines if logs for MDM Server endpoints store the query string parameters sent with the request. To log all string parameters, set the value to true.

logging.filter.includeClientInfo

Boolean

true

Defines if logs for MDM Server endpoints store information about the client that made the request. To log client information, set the value to true.

logging.filter.maskedHeaders

String

host,authorization

A list of HTTP headers that are masked in the logs. This is used to prevent leaking sensitive data, such as authentication tokens.

logging.filter.allowRequestHeaderList

String

A list of HTTP headers that will be logged (other headers will not be logged). Cannot be used together with logging.filter.denyRequestHeaderList.

logging.filter.denyRequestHeaderList

String

A list of HTTP headers that will not be logged (other headers will be logged). Cannot be used together with logging.filter.allowRequestHeaderList.

Endpoints for Monitoring

To set up monitoring for MDM, specify the following properties. For more information, see Monitoring Configuration.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`management.endpoints.enabled-by-default`	Boolean	`false`	No	Enables all actuator endpoints. If set to `false`, it is possible to configure individually which endpoints should be enabled.
`management.endpoint.info.enabled`	Boolean	`true`	No	Enables`/info` monitoring endpoint.
`management.endpoint.health.enabled`	Boolean	`true`	No	Enables `/health` monitoring endpoint.
`management.endpoint.prometheus.enabled`	Boolean	`true`	No	Enables `/prometheus` monitoring endpoint.
`management.endpoints.web.exposure.include`	String	`health,info,prometheus`	No	A comma-separated list of exposed actuator endpoints that should provide information about the application. These endpoints track the following: `health` - The health status of the application. `info` - Other information about the application. `prometheus` - Provides all metrics from the application in a format that Prometheus can scrape.
`management.endpoint.health.show-details`	String	`always`	No	Specifies how much information is provided by the `health` monitoring endpoint. The following values are available: `never` - Health details are never displayed to any user. `when-authorized` - Only authorized users have access to health information. `always` - All users can see health details.
`management.endpoint.health.show-components`	String	`always`	No	Specifies how much detail the `health` monitoring endpoint provides about the application components. You can also define which components are shown. The following values are available: `never` - Component information is never displayed to any user. `when-authorized` - Only authorized users have access to information about components. `always` - All users can see component details.
`management.endpoint.health.status.order`	String	`down,out-of-service,reloading,unknown,up`	No	A comma-separated list that determines how the `/actuator/health` monitoring endpoint prioritizes application health statuses.
`management.info.git.mode`	String	`full`	No	Configures how much information the `/actuator/info` monitoring endpoint retrieves from Git about the application source code repository. To show all available information from the `git.properties` file, set the value to `full`. To display only basic information, such as the name of the branch, the commit identifier, and the time the commit was made, set the value to `simple`.
`management.endpoint.health.probes.enabled`	Boolean	`true`	No	Enables `/actuator/health/liveness` and `/actuator/health/readiness` endpoints.
`management.endpoint.health.group.liveness.include`	String	`diskSpace,ping`	No	Defines which components are covered by the liveness probe. These components are a subset of `/health` components.
`management.endpoint.health.group.readiness.include`	String	`db`	No	Defines which components are covered by the readiness probe. These components are a subset of `/health` components.
`ataccama.authentication.http.public-endpoint-restriction-filter`	String	/	No	Specifies restricted endpoints that cannot be accessed. Accepts a list of URL patterns as a value.
`ataccama.authentication.http.public-endpoints.<key>.endpoint-filter`	String	`/actuator/health/liveness,/actuator/health/readiness`	No	Specifies public endpoints that are excluded from authentication. Accepts a list of URL patterns as a value. The `<key>` serves for identification only. By default, the key name is `actuator`.
`ataccama.authentication.http.acl.endpoints.<key>.endpoint-filter`	String	`/actuator/info,/actuator/health,/actuator/prometheus`	No	Specifies ACL-secured endpoints. Accepts a list of URL strings (not patterns) as a value. The `<key>` serves for identification only. By default, the key name is `actuator`.
`ataccama.authentication.http.acl.endpoints.<key>.allowed-roles`	String	`ONE_PLATFORM_MONITORING`	No	A comma-separated list of user roles allowed to access the ACL-secured endpoints. The `<key>` serves for identification only. By default, the key name is `actuator`.
`management.metrics.web.server.request.autotime.enabled`	Boolean	`false`	No	Enables timing metrics to all Spring endpoints.

management.endpoints.enabled-by-default

Boolean

false

Enables all actuator endpoints. If set to false, it is possible to configure individually which endpoints should be enabled.

management.endpoint.info.enabled

Boolean

true

Enables`/info` monitoring endpoint.

management.endpoint.health.enabled

Boolean

true

Enables /health monitoring endpoint.

management.endpoint.prometheus.enabled

Boolean

true

Enables /prometheus monitoring endpoint.

management.endpoints.web.exposure.include

String

health,info,prometheus

A comma-separated list of exposed actuator endpoints that should provide information about the application. These endpoints track the following:

health - The health status of the application.
info - Other information about the application.
prometheus - Provides all metrics from the application in a format that Prometheus can scrape.

management.endpoint.health.show-details

String

always

Specifies how much information is provided by the health monitoring endpoint. The following values are available:

never - Health details are never displayed to any user.
when-authorized - Only authorized users have access to health information.
always - All users can see health details.

management.endpoint.health.show-components

String

always

Specifies how much detail the health monitoring endpoint provides about the application components. You can also define which components are shown. The following values are available:

never - Component information is never displayed to any user.
when-authorized - Only authorized users have access to information about components.
always - All users can see component details.

management.endpoint.health.status.order

String

down,out-of-service,reloading,unknown,up

A comma-separated list that determines how the /actuator/health monitoring endpoint prioritizes application health statuses.

management.info.git.mode

String

full

Configures how much information the /actuator/info monitoring endpoint retrieves from Git about the application source code repository. To show all available information from the git.properties file, set the value to full. To display only basic information, such as the name of the branch, the commit identifier, and the time the commit was made, set the value to simple.

management.endpoint.health.probes.enabled

Boolean

true

Enables /actuator/health/liveness and /actuator/health/readiness endpoints.

management.endpoint.health.group.liveness.include

String

diskSpace,ping

Defines which components are covered by the liveness probe. These components are a subset of /health components.

management.endpoint.health.group.readiness.include

String

db

Defines which components are covered by the readiness probe. These components are a subset of /health components.

ataccama.authentication.http.public-endpoint-restriction-filter

String

Specifies restricted endpoints that cannot be accessed. Accepts a list of URL patterns as a value.

ataccama.authentication.http.public-endpoints.<key>.endpoint-filter

String

/actuator/health/liveness,/actuator/health/readiness

Specifies public endpoints that are excluded from authentication. Accepts a list of URL patterns as a value. The <key> serves for identification only. By default, the key name is actuator.

ataccama.authentication.http.acl.endpoints.<key>.endpoint-filter

String

/actuator/info,/actuator/health,/actuator/prometheus

Specifies ACL-secured endpoints. Accepts a list of URL strings (not patterns) as a value. The <key> serves for identification only. By default, the key name is actuator.

ataccama.authentication.http.acl.endpoints.<key>.allowed-roles

String

ONE_PLATFORM_MONITORING

A comma-separated list of user roles allowed to access the ACL-secured endpoints. The <key> serves for identification only. By default, the key name is actuator.

management.metrics.web.server.request.autotime.enabled

Boolean

false

Enables timing metrics to all Spring endpoints.

MDM Admin Center Permissions

The following properties configure MDM Admin Center permissions.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.mdm.admin-center.read-only.required-roles`	String	`MDM_user`	No	A comma-separated list of roles with read-only permissions to the MDM Admin Center.
`ataccama.one.mdm.admin-center.read-only.match-if-empty`	Boolean	`true`	No	Specifies if read-only access is given to any user in case the list of roles with read-only permissions is empty.
`ataccama.one.mdm.admin-center.full-access.required-roles`	String	`MDM_admin`	No	Specifies roles with full access to the MDM Admin Center.
`ataccama.one.mdm.admin-center.full-access.match-if-empty`	Boolean	`false`	No	Specifies if full access is given to any user in case the list of roles with full access is empty.
`ataccama.one.mdm.admin-center.manager.required-roles`	String	`MDM_admin`	No	Specifies roles with manager access to the MDM Admin Center.
`ataccama.one.mdm.admin-center.manager.match-if-empty`	Boolean	`false`	No	Specifies if manager access is given to any user in case the list of roles with manager access is empty.

ataccama.one.mdm.admin-center.read-only.required-roles

String

MDM_user

A comma-separated list of roles with read-only permissions to the MDM Admin Center.

ataccama.one.mdm.admin-center.read-only.match-if-empty

Boolean

true

Specifies if read-only access is given to any user in case the list of roles with read-only permissions is empty.

ataccama.one.mdm.admin-center.full-access.required-roles

String

MDM_admin

Specifies roles with full access to the MDM Admin Center.

ataccama.one.mdm.admin-center.full-access.match-if-empty

Boolean

false

Specifies if full access is given to any user in case the list of roles with full access is empty.

ataccama.one.mdm.admin-center.manager.required-roles

String

MDM_admin

Specifies roles with manager access to the MDM Admin Center.

ataccama.one.mdm.admin-center.manager.match-if-empty

Boolean

false

Specifies if manager access is given to any user in case the list of roles with manager access is empty.

MDM HTTP Server

The following properties configure the MDM HTTP server.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.server.http.default.port`	Number	`8051`	Yes	The number of the default server port.
`ataccama.server.http.{listener_name}.path.exclude`	String	/	No	Specifies the paths that are not available on the defined listener port.
`ataccama.server.http.{listener_name}.path.include`	String	/	No	Specifies the paths available on the defined port (for example, HA Admin Console, see HA Admin Console, or REST API, see REST API).
`ataccama.server.http.{listener_name}.port`	Number	/	No	Defines the port for other added custom listener.

ataccama.server.http.default.port

Number

8051

Yes

The number of the default server port.

ataccama.server.http.{listener_name}.path.exclude

String

Specifies the paths that are not available on the defined listener port.

ataccama.server.http.{listener_name}.path.include

String

Specifies the paths available on the defined port (for example, HA Admin Console, see HA Admin Console, or REST API, see REST API).

ataccama.server.http.{listener_name}.port

Number

Defines the port for other added custom listener.

MDM Auditing

Use the following properties to configure auditing.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.mdm.audit.enabled`	Boolean	`true`	No	Enables the event log.
`ataccama.one.mdm.audit.writters`	String	`nmeAuditLogWriter,semanticLogWriter`	No	A comma-separated list of audit writers. Permitted values are `nmeAuditLogWriter` (logging events into database) and `semanticLogWriter` (logging events into server console).
`ataccama.one.mdm.audit.nme.table`	String	`EVENT_LOG`	No	The name of the event log table. It is prefixed with the `I_` prefix (according to how persistence is implemented in NME).
`ataccama.one.mdm.audit.nme.sequence`	String	`EVENT_LOG_SEQ`	No	The name of the ID generator sequence.
`ataccama.one.mdm.audit.nme.mapping.id`	String	`id*`	No	The name of the event log entry ID field. It is generated automatically.
`ataccama.one.mdm.audit.nme.mapping.msg`	String	`msg*`	No	The name of the event log `message` field.
`ataccama.one.mdm.audit.nme.mapping.username`	String	`username*`	No	The name of the event log `username` field.
`ataccama.one.mdm.audit.nme.mapping.entity`	String	`entity*`	No	The name of the event log `entity` field.
`ataccama.one.mdm.audit.nme.mapping.date`	String	`date*`	No	The name of the event log `date` field.
`ataccama.one.mdm.audit.nme.mapping.operation`	String	`operation*`	No	The name of the event log `operation` field.
`ataccama.one.mdm.audit.nme.mapping.type`	String	`type*`	No	The name of the event log `type` field.
`ataccama.one.mdm.audit.nme.mapping.entity_id`	String	`entity_id*`	No	The name of the event log `entity_id` field.

ataccama.one.mdm.audit.enabled

Boolean

true

Enables the event log.

ataccama.one.mdm.audit.writters

String

nmeAuditLogWriter,semanticLogWriter

A comma-separated list of audit writers. Permitted values are nmeAuditLogWriter (logging events into database) and semanticLogWriter (logging events into server console).

ataccama.one.mdm.audit.nme.table

String

EVENT_LOG

The name of the event log table. It is prefixed with the I_ prefix (according to how persistence is implemented in NME).

ataccama.one.mdm.audit.nme.sequence

String

EVENT_LOG_SEQ

The name of the ID generator sequence.

ataccama.one.mdm.audit.nme.mapping.id

String

id*

The name of the event log entry ID field. It is generated automatically.

ataccama.one.mdm.audit.nme.mapping.msg

String

msg*

The name of the event log message field.

ataccama.one.mdm.audit.nme.mapping.username

String

username*

The name of the event log username field.

ataccama.one.mdm.audit.nme.mapping.entity

String

entity*

The name of the event log entity field.

ataccama.one.mdm.audit.nme.mapping.date

String

date*

The name of the event log date field.

ataccama.one.mdm.audit.nme.mapping.operation

String

operation*

The name of the event log operation field.

ataccama.one.mdm.audit.nme.mapping.type

String

type*

The name of the event log type field.

ataccama.one.mdm.audit.nme.mapping.entity_id

String

entity_id*

The name of the event log entity_id field.

Default value used if no mapping properties are defined.

HA Configuration

To enable high availability (HA) mode, specify the following properties. For more information about HA, see High Availability Overview.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.mdm.ha.implementation`	String	`db`	No	The HA implementation setting. The default value selects the database locking. Setting the value to `zookeeper` is possible but unsupported.
`ataccama.one.mdm.ha.revoke-leadership-on-disconnect-timeout`	String	`15s`	No	Specifies the timeout in the case of disconnection from the cloud. Can be used only if the `ataccama.one.mdm.ha.implementation` property is set to `zookeeper`. The minimum value is `3s`.
`ataccama.one.mdm.ha.max-active-to-passive-switching-time`	String	`20s`	No	Defines the maximum time interval that the safety watchdog waits for switching from active to passive state of `mdm_ha_node`. Accepted units: `ns` (nanoseconds), `us` (microseconds), `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours), `d` (days).
`ataccama.one.mdm.ha.load-balancer.port`	Number	`8058`	No	The number of the port where the HA load balancer is running.
`ataccama.one.mdm.ha.local-target-server.name`	String	`default`	No	The name of the server where the MDM server instance is running.
`ataccama.one.mdm.ha.local-target-server.port`	String	`${ataccama.server.http.${ataccama.one.mdm.ha.local-target-server.name}.port}`	No	The name of the port where the MDM server instance is running.
`ataccama.one.mdm.ha.server-name`	String	`mdm-server_1`	No	The name of the server where the MDM server instance is running.
`ataccama.one.mdm.ha.allow-disconnect-button`	Boolean	`false`	No	Enables the Disconnect button in the HA console.
`ataccama.one.mdm.ha.load-balancer.server`	String	`0.0.0.0`	No	The IP address of the server where HA load balancer is running.
`ataccama.one.mdm.ha.load-balancer.hostname`	String	`<assigned automatically>`	No	Visible in the HA console. Overrides the `ataccama.one.mdm.ha.server-name` if defined.
`ataccama.one.mdm.ha.db.name`	String	`mdc_db`	No	The name of the HA database.
`ataccama.one.mdm.ha.db.table-prefix`	String	`ha_`	No	The table prefix for Lock and HA node.
`ataccama.one.mdm.ha.db.lock-key`	String	`MDM_LEADER_INSTANCE`	No	The key for the HA leader instance.
`ataccama.one.mdm.ha.db.heartbeat.interval`	Number	`5000`	No	Specifies how often the HA tables are updated. Accepted units: `ns` (nanoseconds), `us` (microseconds), `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours), `d` (days). If not specified, the unit is `ms`.
`ataccama.one.mdm.ha.db.heartbeat.expiration`	Number	`30000`	No	Defines the time interval after which expired entries are removed from the HA tables. Accepted units: `ns` (nanoseconds), `us` (microseconds), `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours), `d` (days). If not specified, the unit is `ms`.
`ataccama.one.mdm.ha.db.heartbeat.ttl`	Number	`30000`	No	Defines the time interval after which entries are marked as expired. Accepted units: `ns` (nanoseconds), `us` (microseconds), `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours), `d` (days). If not specified, the unit is `ms`.
`ataccama.one.mdm.ha.db.election.interval`	Number	`5000`	No	Defines the time interval after which the leadership election workflow is called. Accepted units: `ns` (nanoseconds), `us` (microseconds), `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours), `d` (days). If not specified, the unit is `ms`.
`ataccama.one.mdm.ha.db.election.startup-timeout`	String	`${random.int(10000)}`	No	Specifies the start delay of the leadership election workflow. Expressed in `ms`.
`ataccama.one.mdm.ha.rw-additional-timeout`	Number	`3000ms`	No	Specifies the additional delay in the case of switching from passive mode to active. The whole delay is `ataccama.one.mdm.ha.max-active-to-passive-switching-time` + `ataccama.one.mdm.ha.rw-additional-timeout`.
`ataccama.one.mdm.ha.close-additional-timeout`	Number	`4s`	No	Specifies the delay before HA is closed. Accepted units: `ns` (nanoseconds), `us` (microseconds), `ms` (milliseconds), `s` (seconds), `m` (minutes), `h` (hours), `d` (days).

ataccama.one.mdm.ha.implementation

String

db

The HA implementation setting. The default value selects the database locking. Setting the value to zookeeper is possible but unsupported.

ataccama.one.mdm.ha.revoke-leadership-on-disconnect-timeout

String

15s

Specifies the timeout in the case of disconnection from the cloud. Can be used only if the ataccama.one.mdm.ha.implementation property is set to zookeeper. The minimum value is 3s.

ataccama.one.mdm.ha.max-active-to-passive-switching-time

String

20s

Defines the maximum time interval that the safety watchdog waits for switching from active to passive state of mdm_ha_node. Accepted units: ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), d (days).

ataccama.one.mdm.ha.load-balancer.port

Number

8058

The number of the port where the HA load balancer is running.

ataccama.one.mdm.ha.local-target-server.name

String

default

The name of the server where the MDM server instance is running.

ataccama.one.mdm.ha.local-target-server.port

String

${ataccama.server.http.${ataccama.one.mdm.ha.local-target-server.name}.port}

The name of the port where the MDM server instance is running.

ataccama.one.mdm.ha.server-name

String

mdm-server_1

The name of the server where the MDM server instance is running.

ataccama.one.mdm.ha.allow-disconnect-button

Boolean

false

Enables the Disconnect button in the HA console.

ataccama.one.mdm.ha.load-balancer.server

String

0.0.0.0

The IP address of the server where HA load balancer is running.

ataccama.one.mdm.ha.load-balancer.hostname

String

<assigned automatically>

Visible in the HA console. Overrides the ataccama.one.mdm.ha.server-name if defined.

ataccama.one.mdm.ha.db.name

String

mdc_db

The name of the HA database.

ataccama.one.mdm.ha.db.table-prefix

String

ha_

The table prefix for Lock and HA node.

ataccama.one.mdm.ha.db.lock-key

String

MDM_LEADER_INSTANCE

The key for the HA leader instance.

ataccama.one.mdm.ha.db.heartbeat.interval

Number

5000

Specifies how often the HA tables are updated. Accepted units: ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), d (days). If not specified, the unit is ms.

ataccama.one.mdm.ha.db.heartbeat.expiration

Number

30000

Defines the time interval after which expired entries are removed from the HA tables. Accepted units: ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), d (days). If not specified, the unit is ms.

ataccama.one.mdm.ha.db.heartbeat.ttl

Number

30000

Defines the time interval after which entries are marked as expired. Accepted units: ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), d (days). If not specified, the unit is ms.

ataccama.one.mdm.ha.db.election.interval

Number

5000

Defines the time interval after which the leadership election workflow is called. Accepted units: ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), d (days). If not specified, the unit is ms.

ataccama.one.mdm.ha.db.election.startup-timeout

String

${random.int(10000)}

Specifies the start delay of the leadership election workflow. Expressed in ms.

ataccama.one.mdm.ha.rw-additional-timeout

Number

3000ms

Specifies the additional delay in the case of switching from passive mode to active. The whole delay is ataccama.one.mdm.ha.max-active-to-passive-switching-time + ataccama.one.mdm.ha.rw-additional-timeout.

ataccama.one.mdm.ha.close-additional-timeout

Number

4s

Specifies the delay before HA is closed. Accepted units: ns (nanoseconds), us (microseconds), ms (milliseconds), s (seconds), m (minutes), h (hours), d (days).

AI Matching

If you want to generate a new key, you need to provide new sets of keys for both Matching Manager microservice and Matching Worker microservice, and the Matching Worker microservice has to be connected to the MDM Server. If you are not using AI Matching, remove or comment out the properties.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.platform.deployments.ai.uri`	String	`localhost:8640`	Yes	The number of the port where AI Matching microservices are running.
`ataccama.one.platform.deployments.ai.module`	String	`ai`	Yes	The name of the module type.
`ataccama.one.platform.deployments.ai.environment`	String	`dev`	Yes	The name of the environment.
`ataccama.one.platform.deployments.ai.security.jwt-keys.key1.name`	String	`AI`	Yes	The name of the public key.
`ataccama.one.platform.deployments.ai.security.jwt-keys.key1.fingerprint`	String	/	Yes	The key identifier (`kid`) value from the file containing the Public and Private Keypair.
`ataccama.one.platform.deployments.ai.security.jwt-keys.key1.content`	String	/	Yes	The value of the public key. Must use JSON syntax and be provided on a single line.
`ataccama.one.platform.deployments.ai.security.jwt-keys.key1.isRevoked`	Boolean	`false`	Yes	Specifies if the public key is valid. If set to `true`, the key is rejected.
`ataccama.one.platform.deployments.ai.security.roles`	String	`IMPERSONATION`	Yes	The user role used to create the service identity during authentication.

ataccama.one.platform.deployments.ai.uri

String

localhost:8640

Yes

The number of the port where AI Matching microservices are running.

ataccama.one.platform.deployments.ai.module

String

ai

Yes

The name of the module type.

ataccama.one.platform.deployments.ai.environment

String

dev

Yes

The name of the environment.

ataccama.one.platform.deployments.ai.security.jwt-keys.key1.name

String

AI

Yes

The name of the public key.

ataccama.one.platform.deployments.ai.security.jwt-keys.key1.fingerprint

String

Yes

The key identifier (kid) value from the file containing the Public and Private Keypair.

ataccama.one.platform.deployments.ai.security.jwt-keys.key1.content

String

Yes

The value of the public key. Must use JSON syntax and be provided on a single line.

ataccama.one.platform.deployments.ai.security.jwt-keys.key1.isRevoked

Boolean

false

Yes

Specifies if the public key is valid. If set to true, the key is rejected.

ataccama.one.platform.deployments.ai.security.roles

String

IMPERSONATION

Yes

The user role used to create the service identity during authentication.

DPM Setup

If your product suite includes ONE, configure DPM using the following properties. The JWT secret and the accompanying properties for DPM that are used for communication with ONE can be found in the /opt/ataccama/one/mmm-backend/etc/application.properties configuration file. If you want to generate a new key for the connection between DPM and MDM, follow the instructions in How to Generate JWT Keys.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.platform.deployments.dpm.uri`	String	`localhost:8031`	No	The number of the port where DPM is running.
`ataccama.one.platform.deployments.dpm.module`	String	`dpm`	No	The name of the module type.
`ataccama.one.platform.deployments.dpm.environment`	String	`dev`	No	The name of the environment.
`ataccama.one.platform.deployments.dpm.security.jwt-keys.key1.name`	String	`dpm`	No	The name of the public key.
`ataccama.one.platform.deployments.dpm.security.jwt-keys.key1.fingerprint`	String	/	No	The key identifier (`kid`) value from the file containing the Public and Private Keypair.
`ataccama.one.platform.deployments.dpm.security.jwt-keys.key1.content`	String	/	No	The value of the public key. The value must use JSON syntax and be provided on a single line.
`ataccama.one.platform.deployments.dpm.security.jwt-keys.key1.isRevoked`	Boolean	`false`	No	Specifies if the public key is valid. If set to `true`, the key is rejected.
`ataccama.one.platform.deployments.dpm.security.roles`	String	`IMPERSONATION`	No	The user role used to create the service identity during authentication.

ataccama.one.platform.deployments.dpm.uri

String

localhost:8031

The number of the port where DPM is running.

ataccama.one.platform.deployments.dpm.module

String

dpm

The name of the module type.

ataccama.one.platform.deployments.dpm.environment

String

dev

The name of the environment.

ataccama.one.platform.deployments.dpm.security.jwt-keys.key1.name

String

dpm

The name of the public key.

ataccama.one.platform.deployments.dpm.security.jwt-keys.key1.fingerprint

String

The key identifier (kid) value from the file containing the Public and Private Keypair.

ataccama.one.platform.deployments.dpm.security.jwt-keys.key1.content

String

The value of the public key. The value must use JSON syntax and be provided on a single line.

ataccama.one.platform.deployments.dpm.security.jwt-keys.key1.isRevoked

Boolean

false

Specifies if the public key is valid. If set to true, the key is rejected.

ataccama.one.platform.deployments.dpm.security.roles

String

IMPERSONATION

The user role used to create the service identity during authentication.

MDM gRPC Server

The following property configures the MDM gRPC server.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.server.grpc.port`	Number	`8551`	Yes	The number of the port where the gRPC server is running. Authentication depends on the Keycloak configuration.

ataccama.server.grpc.port

Number

8551

Yes

The number of the port where the gRPC server is running. Authentication depends on the Keycloak configuration.

Configuration Service

The following property sets whether the Configuration Service is used.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.config-service.runtime`	String	`off`	Yes	Enables using the Configuration Service. Valid values: `off`, `optional`, `mandatory`. If set to `mandatory`, the module fails when there is an error connecting to the Configuration Service.

ataccama.config-service.runtime

String

off

Yes

Enables using the Configuration Service. Valid values: off, optional, mandatory. If set to mandatory, the module fails when there is an error connecting to the Configuration Service.

Service Private Key

Provide the service private key for MDM using the following property. The key must be set if your instance uses any of the following modules: Configuration Service, AI Matching, ONE Platform.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.authentication.internal.jwt.generator.key`	String	/	No	The key generated for internal JWT authentication.

ataccama.authentication.internal.jwt.generator.key

String

The key generated for internal JWT authentication.

GraphQL and CORS

Set these properties if you use GraphQL and CORS. Otherwise, you can remove or comment them out.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.webserver.gql.default-allow`	Boolean	`true`	No	If set to `true`, all roles are allowed to access the MDM GraphQL endpoint.
`graphql.servlet.mapping`	String	`/api/graphql/mda`	No	MDM uses the custom servlet mapping `/api/graphql/mda` instead of the default `/graphql`.
`graphql.servlet.exceptionHandlersEnabled`	Boolean	`true`	No	If set to `true`, additional data is printed to error output.
`graphql.servlet.async-mode-enabled`	Boolean	`false`	No	Enables asynchronous mode. Must be set to `false` to keep track of the currently logged-in user and the correlation ID that is used for auditing and logging purposes.
`graphql.servlet.cors.allowed-origins`	String	`*`	No	Specifies all origins allowed for all GraphQL tools.
`graphql.servlet.cors.allowed-headers`	String	`*`	No	Specifies all headers allowed (`content-type`, `authorization` are required).
`graphql.servlet.actuator-metrics`	Boolean	`true`	No	If set to`true`, the GraphQL metric is exposed to the actuator.
`management.endpoints.web.cors.allowed-origins`	String	`*`	No	Specifies all origins allowed for the management endpoint.
`management.endpoints.web.cors.allowed-headers`	String	`*`	No	Specifies all headers allowed.
`management.endpoints.web.cors.allowed-methods`	String	`*`	No	Specifies the HTTP methods allowed.

ataccama.one.webserver.gql.default-allow

Boolean

true

If set to true, all roles are allowed to access the MDM GraphQL endpoint.

graphql.servlet.mapping

String

/api/graphql/mda

MDM uses the custom servlet mapping /api/graphql/mda instead of the default /graphql.

graphql.servlet.exceptionHandlersEnabled

Boolean

true

If set to true, additional data is printed to error output.

graphql.servlet.async-mode-enabled

Boolean

false

Enables asynchronous mode. Must be set to false to keep track of the currently logged-in user and the correlation ID that is used for auditing and logging purposes.

graphql.servlet.cors.allowed-origins

String

*

Specifies all origins allowed for all GraphQL tools.

graphql.servlet.cors.allowed-headers

String

*

Specifies all headers allowed (content-type, authorization are required).

graphql.servlet.actuator-metrics

Boolean

true

If set to`true`, the GraphQL metric is exposed to the actuator.

management.endpoints.web.cors.allowed-origins

String

*

Specifies all origins allowed for the management endpoint.

management.endpoints.web.cors.allowed-headers

String

*

Specifies all headers allowed.

management.endpoints.web.cors.allowed-methods

String

*

Specifies the HTTP methods allowed.

External Drivers Folder

You can specify the location of external drivers using the following property.

Name Data Type Default Value Mandatory Description

Name	Data Type	Default Value	Mandatory	Description
`ataccama.one.mdm.external.drivers.paths`	String	`./lib-ext`	No	A comma-separated list of paths to the directories with additional, non-standard drivers (relative to `user.dir`).

ataccama.one.mdm.external.drivers.paths

String

./lib-ext

A comma-separated list of paths to the directories with additional, non-standard drivers (relative to user.dir).

Client Security Headers

You can configure MDM Server security by adding response headers (security headers) to HTTP responses from the server.

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`one.security.header.content-security-policy.connect-src`	String	`'self' ${ataccama.authentication.keycloak.server-url}`	No	Specifies allowed connections. We strongly recommend using the default value.
`one.security.header.content-security-policy.script-src`	String	`* 'unsafe-inline' 'unsafe-eval'`	No	Specifies allowed script sources. We strongly recommend using the default value.
`one.security.header.content-security-policy.img-src`	String	`'self' data:`	No	Specifies allowed image sources. We strongly recommend using the default value.
`one.security.header.X-Frame-Options`	String	`deny`	No	Protects against clickjacking. If set to `deny`, iframes are disabled.
`one.security.header.X-Permitted-Cross-Domain-Policies`	String	`none`	No	Specifies if cross-domain requests from Flash and PDF documents are allowed.
`one.security.header.Referrer-Policy:`	String	`strict-origin`	No	Defines how much referrer information (sent with the Referer header) should be included with requests. If set to `strict-origin`, only the origin is sent.
`one.security.header.X-XSS-Protection`	String	`1; mode=block`	No	Protects against cross-site scripting attacks. If set to `block`, the page doesn’t load when an attack is detected.
`one.security.header.X-Content-Type-Options`	String	`nosniff`	No	Protects against MIME sniffing.

one.security.header.content-security-policy.connect-src

String

'self' ${ataccama.authentication.keycloak.server-url}

Specifies allowed connections. We strongly recommend using the default value.

one.security.header.content-security-policy.script-src

String

* 'unsafe-inline' 'unsafe-eval'

Specifies allowed script sources. We strongly recommend using the default value.

one.security.header.content-security-policy.img-src

String

'self' data:

Specifies allowed image sources. We strongly recommend using the default value.

one.security.header.X-Frame-Options

String

deny

Protects against clickjacking. If set to deny, iframes are disabled.

one.security.header.X-Permitted-Cross-Domain-Policies

String

none

Specifies if cross-domain requests from Flash and PDF documents are allowed.

one.security.header.Referrer-Policy:

String

strict-origin

Defines how much referrer information (sent with the Referer header) should be included with requests. If set to strict-origin, only the origin is sent.

one.security.header.X-XSS-Protection

String

1; mode=block

Protects against cross-site scripting attacks. If set to block, the page doesn’t load when an attack is detected.

one.security.header.X-Content-Type-Options

String

nosniff

Protects against MIME sniffing.

Request Response Time Logging

Use the following properties to log the response time of the MDM Server.

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`request-response-time-logger.filter.enabled`	Boolean	`false`	No	To log request response time, set to `true`.
`request-response-time-logger.filter.name`	String	/	No	Name of the logger that will appear in the log.
`request-response-time-logger.filter.level`	String	`DEBUG`	No	Defines the logging level: `OFF` - logs nothing `FATAL` - logs fatal errors only `WARNING` - logs warning messages only `INFO` - logs informative messages only `DEBUG` - logs debug messages only `ALL` - logs all events
`request-response-time-logger.filter.headers`	String	/	No	Comma-separated list of sub-elements containing HTTP header names that will be printed together with the log message.
`request-response-time-logger.filter.appendClientInfo`	Boolean	`false`	No	If set to `true`, the message will include client IP address and port.
`request-response-time-logger.filter.urlPatterns`	String	/	No	List of URL patterns where the filter will be registered.

request-response-time-logger.filter.enabled

Boolean

false

To log request response time, set to true.

request-response-time-logger.filter.name

String

Name of the logger that will appear in the log.

request-response-time-logger.filter.level

String

DEBUG

Defines the logging level:

OFF - logs nothing
FATAL - logs fatal errors only
WARNING - logs warning messages only
INFO - logs informative messages only
DEBUG - logs debug messages only
ALL - logs all events

request-response-time-logger.filter.headers

String

Comma-separated list of sub-elements containing HTTP header names that will be printed together with the log message.

request-response-time-logger.filter.appendClientInfo

Boolean

false

If set to true, the message will include client IP address and port.

request-response-time-logger.filter.urlPatterns

String

List of URL patterns where the filter will be registered.

Reply with Headers

Use the following properties to include additional HTTP headers from the request in the server response.

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`reply-with-headers.filter.enabled`	Boolean	`false`	No	If set to `true`, the filter is enabled.
`reply-with-headers.filter.headers`	String		No	Comma-separated list of additional headers to be included in the response.
`reply-with-headers.filter.urlPatterns`	String		No	List of URL patterns where the filter will be registered.

reply-with-headers.filter.enabled

Boolean

false

If set to true, the filter is enabled.

reply-with-headers.filter.headers

String

Comma-separated list of additional headers to be included in the response.

reply-with-headers.filter.urlPatterns

String

List of URL patterns where the filter will be registered.

Retry Connection Functionality

Use the following properties to configure repeated attempts for initial connection to critical components.

Retry Default Configuration

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`resilience4j.retry.configs.default.maxAttempts`	Number	`3`	Yes	The maximum number of attempts (including the initial call as the first attempt).
`resilience4j.retry.configs.default.waitDuration`	Number	`1000`	Yes	A fixed wait duration between retry attempts (in milliseconds).
`resilience4j.retry.configs.default.retryExceptions`	String	`java.lang.Exception`	Yes	Configures a list of Throwable classes that are recorded as a failure and thus are retried.

resilience4j.retry.configs.default.maxAttempts

Number

3

Yes

The maximum number of attempts (including the initial call as the first attempt).

resilience4j.retry.configs.default.waitDuration

Number

1000

Yes

A fixed wait duration between retry attempts (in milliseconds).

resilience4j.retry.configs.default.retryExceptions

String

java.lang.Exception

Yes

Configures a list of Throwable classes that are recorded as a failure and thus are retried.

MDM-MMM Retry Setup

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`resilience4j.retry.configs.mdm-mmm.maxAttempts`	Number	`3`	Yes	The maximum number of attempts (including the initial call as the first attempt).
`resilience4j.retry.configs.mdm-mmm.waitDuration`	Number	`5000`	Yes	A fixed wait duration between retry attempts (in milliseconds).
`resilience4j.retry.configs.mdm-mmm.retryExceptions`	String	`java.lang.Exception`	Yes	Configures a list of Throwable classes that are recorded as a failure and thus are retried.

resilience4j.retry.configs.mdm-mmm.maxAttempts

Number

3

Yes

The maximum number of attempts (including the initial call as the first attempt).

resilience4j.retry.configs.mdm-mmm.waitDuration

Number

5000

Yes

A fixed wait duration between retry attempts (in milliseconds).

resilience4j.retry.configs.mdm-mmm.retryExceptions

String

java.lang.Exception

Yes

Configures a list of Throwable classes that are recorded as a failure and thus are retried.

MDM-AI Retry Setup

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`resilience4j.retry.configs.mdm-ai.maxAttempts`	Number	`3`	Yes	The maximum number of attempts (including the initial call as the first attempt).
`resilience4j.retry.configs.mdm-ai.waitDuration`	Number	`5000`	Yes	A fixed wait duration between retry attempts (in milliseconds).
`resilience4j.retry.configs.mdm-ai.retryExceptions`	String	`java.lang.Throwable`	Yes	Configures a list of Throwable classes that are recorded as a failure and thus are retried.

resilience4j.retry.configs.mdm-ai.maxAttempts

Number

3

Yes

The maximum number of attempts (including the initial call as the first attempt).

resilience4j.retry.configs.mdm-ai.waitDuration

Number

5000

Yes

A fixed wait duration between retry attempts (in milliseconds).

resilience4j.retry.configs.mdm-ai.retryExceptions

String

java.lang.Throwable

Yes

Configures a list of Throwable classes that are recorded as a failure and thus are retried.

MDM-Keycloak Retry Setup

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`resilience4j.retry.configs.mdm-keycloak.maxAttempts`	Number	`3`	Yes	The maximum number of attempts (including the initial call as the first attempt).
`resilience4j.retry.configs.mdm-keycloak.waitDuration`	Number	`5000`	Yes	A fixed wait duration between retry attempts (in milliseconds).
`resilience4j.retry.configs.mdm-keycloak.retryExceptions`	String	`java.lang.Throwable`	Yes	Configures a list of Throwable classes that are recorded as a failure and thus are retried.

resilience4j.retry.configs.mdm-keycloak.maxAttempts

Number

3

Yes

The maximum number of attempts (including the initial call as the first attempt).

resilience4j.retry.configs.mdm-keycloak.waitDuration

Number

5000

Yes

A fixed wait duration between retry attempts (in milliseconds).

resilience4j.retry.configs.mdm-keycloak.retryExceptions

String

java.lang.Throwable

Yes

Configures a list of Throwable classes that are recorded as a failure and thus are retried.

Retry Instances

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`resilience4j.retry.instances.mdm-mmm.baseConfig`	String	` mdm-mmm`	Yes	Internal reference to MMM resilience4j setup. Not user-configurable.
`resilience4j.retry.instances.mdm-ai.baseConfig`	String	`mdm-ai`	Yes	Internal reference to AI resilience4j setup. Not user-configurable.
`resilience4j.retry.instances.mdm-keycloak.baseConfig`	String	`mdm-keycloak`	Yes	Internal reference to Keycloak resilience4j setup. Not user-configurable.

resilience4j.retry.instances.mdm-mmm.baseConfig

String

` mdm-mmm`

Yes

Internal reference to MMM resilience4j setup. Not user-configurable.

resilience4j.retry.instances.mdm-ai.baseConfig

String

mdm-ai

Yes

Internal reference to AI resilience4j setup. Not user-configurable.

resilience4j.retry.instances.mdm-keycloak.baseConfig

String

mdm-keycloak

Yes

Internal reference to Keycloak resilience4j setup. Not user-configurable.

Data Source Configuration

The following properties define the internal data source configuration. Infrastractural data sources are defined in MDM Server application.properties and project-specific data sources are defined in mdmRuntime.config. See Data Sources Connection. Data sources that are defined in MDM Server application.properties are: mdc_db, eh_db, log_db, it_db, mda_cache, esb_db, external.

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`ataccama.one.mdm.datasource.mdc_db.url`	String	`jdbc:postgresql://localhost:5432/mdc`	No	URL for the MDM persistence database connection.
`ataccama.one.mdm.datasource.mdc_db.waiting.timeout`	String	`5m`	No	Timeout for reconnection attempts to the MDM persistence database (in minutes).
`ataccama.one.mdm.datasource.mdc_db.waiting.interval`	String	`5s`	No	Interval for reconnection attempts to the MDM persistence database (in seconds).
`ataccama.one.mdm.datasource.mdc_db.username`	String	`mdc`	No	Username for the MDM persistence database connection.
`ataccama.one.mdm.datasource.mdc_db.password`	String	`mdc`	No	Password for the MDM persistence database connection.
`ataccama.one.mdm.datasource.{additional_data_source_name}.url`	String		No	URL for additional data source connections.
`ataccama.one.mdm.datasource.{additional_data_source_name}.waiting.timeout`	String		No	Timeout for reconnection attempts (in minutes).
`ataccama.one.mdm.datasource.{additional_data_source_name}.waiting.interval`	String		No	Interval for reconnection attempts (in seconds).
`ataccama.one.mdm.datasource.{additional_data_source_name}.username`	String		No	Username for additional data source connections.
`ataccama.one.mdm.datasource.{additional_data_source_name}.password`	String		No	Password for additional data source connections.

ataccama.one.mdm.datasource.mdc_db.url

String

jdbc:postgresql://localhost:5432/mdc

URL for the MDM persistence database connection.

ataccama.one.mdm.datasource.mdc_db.waiting.timeout

String

5m

Timeout for reconnection attempts to the MDM persistence database (in minutes).

ataccama.one.mdm.datasource.mdc_db.waiting.interval

String

5s

Interval for reconnection attempts to the MDM persistence database (in seconds).

ataccama.one.mdm.datasource.mdc_db.username

String

mdc

Username for the MDM persistence database connection.

ataccama.one.mdm.datasource.mdc_db.password

String

mdc

Password for the MDM persistence database connection.

ataccama.one.mdm.datasource.{additional_data_source_name}.url

String

URL for additional data source connections.

ataccama.one.mdm.datasource.{additional_data_source_name}.waiting.timeout

String

Timeout for reconnection attempts (in minutes).

ataccama.one.mdm.datasource.{additional_data_source_name}.waiting.interval

String

Interval for reconnection attempts (in seconds).

ataccama.one.mdm.datasource.{additional_data_source_name}.username

String

Username for additional data source connections.

ataccama.one.mdm.datasource.{additional_data_source_name}.password

String

Password for additional data source connections.

The {additional_data_source_name} part in the configuration can only be selected from the following options:

eh_db
log_db
it_db
mda_cache
esb_db
external

History plugin configuration

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`ataccama.one.mdm.config. historyConfigFile`	String	`nme-history.gen.xml`	Yes	XML file containing the definition of the history model: entities and columns.
`ataccama.one.mdm.nme.history. persistence.class`	String	`com.ataccama.nme.persistence. vldb.VldbPersistenceFactory`	Yes	Persistence where historical data is permanently stored.
`ataccama.one.mdm.nme.history. storage-directory`	String	`../storage/history`	Yes	Directory where events are temporarily stored before publishing to the history persistence.
`ataccama.one.mdm.nme.history.persistence.dataSource`	String	`mdc_db`	Yes	Database where the history configuration table is created.
`ataccama.one.mdm.nme.history.persistence.prefix`	String	`H_`	Yes	Prefix used for history tables.

ataccama.one.mdm.config. historyConfigFile

String

nme-history.gen.xml

Yes

XML file containing the definition of the history model: entities and columns.

ataccama.one.mdm.nme.history. persistence.class

String

com.ataccama.nme.persistence. vldb.VldbPersistenceFactory

Yes

Persistence where historical data is permanently stored.

ataccama.one.mdm.nme.history. storage-directory

String

../storage/history

Yes

Directory where events are temporarily stored before publishing to the history persistence.

ataccama.one.mdm.nme.history.persistence.dataSource

String

mdc_db

Yes

Database where the history configuration table is created.

ataccama.one.mdm.nme.history.persistence.prefix

String

H_

Yes

Prefix used for history tables.

API Endpoint Required Role Configuration

You can configure required roles for MDM API endpoints by adding the following properties. For more information about how to authenticate API requests, see API Requests Authentication.

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`ataccama.authentication.http.acl.endpoints.onlineServices.endpoint-filter=/soapServices/**`	String	/	No	`<API-endpoint>` specifies the API endpoint. For example, `onlineServices`.
`ataccama.authentication.http.acl.onlineServices.actuator.allowed-roles=<MY_REQUIRED_ROLE>`	String	/	No	`<MY_REQUIRED_ROLE>` is a comma-separated list of user roles allowed to access the ACL-secured endpoint.

ataccama.authentication.http.acl.endpoints.onlineServices.endpoint-filter=/soapServices/**

String

<API-endpoint> specifies the API endpoint. For example, onlineServices.

ataccama.authentication.http.acl.onlineServices.actuator.allowed-roles=<MY_REQUIRED_ROLE>

String

<MY_REQUIRED_ROLE> is a comma-separated list of user roles allowed to access the ACL-secured endpoint.

Version Check

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`ataccama.one.mdm.version.check`	Boolean	`true`	No	When set to `true`, the MDM Version Check is enabled (see MDM Version Check).

ataccama.one.mdm.version.check

Boolean

true

When set to true, the MDM Version Check is enabled (see MDM Version Check).

Database Performance

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`ataccama.one.mdm.performance.datasource`	String	`mdc_db`	No	Specifies the database for storing performance data (query tuning parameters and database statistics).

ataccama.one.mdm.performance.datasource

String

mdc_db

Specifies the database for storing performance data (query tuning parameters and database statistics).

Git Operations

Name Data Type Default value Mandatory Description

Name	Data Type	Default value	Mandatory	Description
`ataccama.one.mdm.server.git.enabled`	Boolean	`false`	No	Enables Git operations.
`ataccama.one.mdm.server.git.repository`	String	/	Yes	Remote URL to Git repository.
`ataccama.one.mdm.server.git.protocol`	String	/	Yes	Git protocol (HTTP, HTTPS, SSH).
`ataccama.one.mdm.server.git.branch`	String	/	Yes	Branch name. Either branch name or tag name needs to be specified.
`ataccama.one.mdm.server.git.tag`	String	/	Yes	Tag name. Either branch name or tag name needs to be specified.
`ataccama.one.mdm.server.git.destination`	String	/	Yes	Path to MDM Server configuration.
`ataccama.one.mdm.server.git.timeout`	String	'5m'	No	Timeout for remote operations.
`ataccama.one.mdm.server.git.sshKey`	String	/	No	SSH key used for authentication in SSH-based Git operations.
`ataccama.one.mdm.server.git.username`	String	/	No	The username used for HTTP and HTTPS authentication.
`ataccama.one.mdm.server.git.password`	String	/	No	The password used for HTTP and HTTPS authentication.

ataccama.one.mdm.server.git.enabled

Boolean

false

Enables Git operations.

ataccama.one.mdm.server.git.repository

String

Yes

Remote URL to Git repository.

ataccama.one.mdm.server.git.protocol

String

Yes

Git protocol (HTTP, HTTPS, SSH).

ataccama.one.mdm.server.git.branch

String

Yes

Branch name. Either branch name or tag name needs to be specified.

ataccama.one.mdm.server.git.tag

String

Yes

Tag name. Either branch name or tag name needs to be specified.

ataccama.one.mdm.server.git.destination

String

Yes

Path to MDM Server configuration.

ataccama.one.mdm.server.git.timeout

String

'5m'

Timeout for remote operations.

ataccama.one.mdm.server.git.sshKey

String

SSH key used for authentication in SSH-based Git operations.

ataccama.one.mdm.server.git.username

String

The username used for HTTP and HTTPS authentication.

ataccama.one.mdm.server.git.password

String

The password used for HTTP and HTTPS authentication.

Was this page useful?