If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

MMM Configuration

In on-premise deployments, the following properties configure Metadata Management Module (MMM) and are provided in the mmm-backend/etc/application.properties file.

In addition, the following properties can be specified for MMM as well:

Basic settings

Property Data type Description

Property	Data type	Description
`server.port`	String	The number of the port where the Metadata Server is running. Default value: `8021`.

server.port

String

The number of the port where the Metadata Server is running.

Default value: 8021.

Keycloak authentication

Property Data type Description

Property	Data type	Description
`ataccama.authentication.keycloak.server-url`	String	The URL of the server where Keycloak is running. Default value: `http://localhost:8080/auth`.
`ataccama.authentication.keycloak.realm`	String	The name of the Keycloak realm. Default value: `ataccamaone`.
`ataccama.authentication.keycloak.admin.type`	String	The type of client token authentication. Valid values: `BASIC`, `SIGNED_JWT`, `SECRET_JWT`. Default value: `BASIC`.
`ataccama.authentication.keycloak.admin.client-id`	String	The client identifier used to verify the admin user’s authorization token. Default value: `mmm-admin-client`.
`ataccama.authentication.keycloak.admin.secret`	String	The secret key of the client identifier for the admin account. Secret keys can be generated using Keycloak. Used by `BASIC` and `SECRET_JWT` strategies. Default value: `mmm-admin-client-s3cret`.
`ataccama.authentication.keycloak.admin.key-store.file`	String	The password of the keystore used for `SIGNED_JWT` authentication.
`ataccama.authentication.keycloak.admin.key-store.format`	String	The type of the keystore used for `SIGNED_JWT` authentication. Possible values: `JKS`, `PKCS12`. Default value: `JKS`.
`ataccama.authentication.keycloak.admin.key-store.password`	String	The password of the keystore. Used for `SIGNED_JWT` authentication if the keystore is encrypted.
`ataccama.authentication.keycloak.admin.key-store.key-alias`	String	The private key name specified in the keystore used for `SIGNED_JWT` authentication. The default value is the client identifier.
`ataccama.authentication.keycloak.admin.key-store.key-password`	String	The password for the private key. Used if the private key is encrypted. The default value is the keystore password.
`ataccama.authentication.keycloak.admin.token-expiration`	String	Specifies for how long the JWT token used for authentication in Keycloak remains valid. Used for `SIGNED_JWT` and `SECRET_JWT` authentication strategies. Default value: `15s`. For a full list of accepted units, see Duration units.
`ataccama.authentication.keycloak.token.type`	String	The type of client token authentication. Valid values: `BASIC`, `SIGNED_JWT`, `SECRET_JWT`. Default value: `BASIC`.
`ataccama.authentication.keycloak.token.client-id`	String	The client identifier. Used to verify a user’s authorization token and to log in a user. Default value: `mmm-token-client`.
`ataccama.authentication.keycloak.token.secret`	String	The secret key of the client. Secret keys can be generated using Keycloak. Used by `BASIC` and `SECRET_JWT` strategies. Default value: `mmm-token-client-s3cret`.
`ataccama.authentication.keycloak.token.key-store.file`	String	Points to the keystore used for `SIGNED_JWT` authentication.
`ataccama.authentication.keycloak.token.key-store.format`	String	The type of the keystore used for `SIGNED_JWT` authentication. Possible values: `JKS`, `PKCS12`. Default value: `JKS`.
`ataccama.authentication.keycloak.token.key-store.password`	String	The password of the keystore. Used for `SIGNED_JWT` authentication if the keystore is encrypted.
`ataccama.authentication.keycloak.token.key-store.key-alias`	String	The private key name specified in the keystore used for `SIGNED_JWT` authentication. The default value is the client identifier.
`ataccama.authentication.keycloak.token.key-store.key-password`	String	The password for the private key. Used if the private key is encrypted. The default value is the keystore password.
`ataccama.authentication.keycloak.token.token-expiration`	String	Specifies for how long the JWT token used for authentication in Keycloak remains valid. Used for `SIGNED_JWT` and `SECRET_JWT` authentication strategies. Default value: `15s`. For a full list of accepted units, see Duration units.
`ataccama.authentication.keycloak.token.issuer`	String	Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer. Default value: `${ataccama.authentication.keycloak.server-url}/realms/${ataccama.authentication.keycloak.realm}`.
`ataccama.authentication.keycloak.token.audience`	String	The expected recipients of the JWT token. Used for validating the token.
`ataccama.authentication.keycloak.token.key-cache-ttl`	String	Defines for how long public keys retrieved from Keycloak are cached. Default value: `5m`. For a full list of accepted units, see Duration units.
`ataccama.authentication.keycloak.token.key-cache-min-time-between-request`	String	Defines the minimum time interval between two requests for retrieving new public keys from Keycloak. This helps prevent Denial-of-Service (DoS) attacks. Default value: `10s`. For a full list of accepted units, see Duration units.

ataccama.authentication.keycloak.server-url

String

The URL of the server where Keycloak is running.

Default value: http://localhost:8080/auth.

ataccama.authentication.keycloak.realm

String

The name of the Keycloak realm.

Default value: ataccamaone.

ataccama.authentication.keycloak.admin.type

String

The type of client token authentication. Valid values: BASIC, SIGNED_JWT, SECRET_JWT.

Default value: BASIC.

ataccama.authentication.keycloak.admin.client-id

String

The client identifier used to verify the admin user’s authorization token.

Default value: mmm-admin-client.

ataccama.authentication.keycloak.admin.secret

String

The secret key of the client identifier for the admin account. Secret keys can be generated using Keycloak. Used by BASIC and SECRET_JWT strategies.

Default value: mmm-admin-client-s3cret.

ataccama.authentication.keycloak.admin.key-store.file

String

The password of the keystore used for SIGNED_JWT authentication.

ataccama.authentication.keycloak.admin.key-store.format

String

The type of the keystore used for SIGNED_JWT authentication. Possible values: JKS, PKCS12.

Default value: JKS.

ataccama.authentication.keycloak.admin.key-store.password

String

The password of the keystore. Used for SIGNED_JWT authentication if the keystore is encrypted.

ataccama.authentication.keycloak.admin.key-store.key-alias

String

The private key name specified in the keystore used for SIGNED_JWT authentication.

The default value is the client identifier.

ataccama.authentication.keycloak.admin.key-store.key-password

String

The password for the private key. Used if the private key is encrypted.

The default value is the keystore password.

ataccama.authentication.keycloak.admin.token-expiration

String

Specifies for how long the JWT token used for authentication in Keycloak remains valid. Used for SIGNED_JWT and SECRET_JWT authentication strategies.

Default value: 15s. For a full list of accepted units, see Duration units.

ataccama.authentication.keycloak.token.type

String

The type of client token authentication. Valid values: BASIC, SIGNED_JWT, SECRET_JWT.

Default value: BASIC.

ataccama.authentication.keycloak.token.client-id

String

The client identifier. Used to verify a user’s authorization token and to log in a user.

Default value: mmm-token-client.

ataccama.authentication.keycloak.token.secret

String

The secret key of the client. Secret keys can be generated using Keycloak. Used by BASIC and SECRET_JWT strategies.

Default value: mmm-token-client-s3cret.

ataccama.authentication.keycloak.token.key-store.file

String

Points to the keystore used for SIGNED_JWT authentication.

ataccama.authentication.keycloak.token.key-store.format

String

The type of the keystore used for SIGNED_JWT authentication. Possible values: JKS, PKCS12.

Default value: JKS.

ataccama.authentication.keycloak.token.key-store.password

String

The password of the keystore. Used for SIGNED_JWT authentication if the keystore is encrypted.

ataccama.authentication.keycloak.token.key-store.key-alias

String

The private key name specified in the keystore used for SIGNED_JWT authentication.

The default value is the client identifier.

ataccama.authentication.keycloak.token.key-store.key-password

String

The password for the private key. Used if the private key is encrypted.

The default value is the keystore password.

ataccama.authentication.keycloak.token.token-expiration

String

Specifies for how long the JWT token used for authentication in Keycloak remains valid. Used for SIGNED_JWT and SECRET_JWT authentication strategies.

Default value: 15s. For a full list of accepted units, see Duration units.

ataccama.authentication.keycloak.token.issuer

String

Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer.

Default value: ${ataccama.authentication.keycloak.server-url}/realms/${ataccama.authentication.keycloak.realm}.

ataccama.authentication.keycloak.token.audience

String

The expected recipients of the JWT token. Used for validating the token.

ataccama.authentication.keycloak.token.key-cache-ttl

String

Defines for how long public keys retrieved from Keycloak are cached.

Default value: 5m. For a full list of accepted units, see Duration units.

ataccama.authentication.keycloak.token.key-cache-min-time-between-request

String

Defines the minimum time interval between two requests for retrieving new public keys from Keycloak. This helps prevent Denial-of-Service (DoS) attacks.

Default value: 10s. For a full list of accepted units, see Duration units.

gRPC Server

General settings

Property Data type Description

Property	Data type	Description
`ataccama.server.grpc.port`	Number	The number of the port where the gRPC server is running. Default value: `8521`.
`ataccama.server.grpc.max-message-size`	String	Limits the size of messages that the gRPC server can process. Default value: `1GB`. For a full list of accepted units, see Size units.

ataccama.server.grpc.port

Number

The number of the port where the gRPC server is running.

Default value: 8521.

ataccama.server.grpc.max-message-size

String

Limits the size of messages that the gRPC server can process.

Default value: 1GB. For a full list of accepted units, see Size units.

Authentication

Property Data type Description

Property	Data type	Description
`ataccama.authentication.grpc.basic.enable`	Boolean	Enables basic authentication on the gRPC Server. Default value: `true`.
`ataccama.authentication.grpc.bearer.enable`	Boolean	Enables bearer authentication on the gRPC Server. Default value: `true`.
`ataccama.authentication.grpc.internal.jwt.enable`	Boolean	Enables internal JWT token authentication on the gRPC Server. Default value: `true`.
`ataccama.authentication.grpc.mtls.enable`	Boolean	Enables mTLS authentication on the gRPC Server. Default value: `false`.

ataccama.authentication.grpc.basic.enable

Boolean

Enables basic authentication on the gRPC Server.

Default value: true.

ataccama.authentication.grpc.bearer.enable

Boolean

Enables bearer authentication on the gRPC Server.

Default value: true.

ataccama.authentication.grpc.internal.jwt.enable

Boolean

Enables internal JWT token authentication on the gRPC Server.

Default value: true.

ataccama.authentication.grpc.mtls.enable

Boolean

Enables mTLS authentication on the gRPC Server.

Default value: false.

TLS/mTLS

Property Data type Description

Property	Data type	Description
`ataccama.server.grpc.tls.enabled`	Boolean	Enables TLS authentication on the gRPC server. Default value: `false`.
`ataccama.server.grpc.tls.mTls`	String	Defines whether mutual TLS authentication is needed. Valid values: `NONE`, `OPTIONAL`, `REQUIRED`. When set to `OPTIONAL`, if the server receives an mTLS request, it attempts to authenticate the request using mTLS. Disabled by default.
`ataccama.server.grpc.tls.cert-chain`	String	The full path to the TLS certificate, for example, `file:/path/to/server.crt`.
`ataccama.server.grpc.tls.private-key`	String	The full path to the private key of the certificate, for example, `file:/path/to/server.key`.
`ataccama.server.grpc.tls.trust-cert-collection`	String	The full path to the public certificate of the root certificate authority, for example, `file:/path/to/rootCA.crt`.

ataccama.server.grpc.tls.enabled

Boolean

Enables TLS authentication on the gRPC server.

Default value: false.

ataccama.server.grpc.tls.mTls

String

Defines whether mutual TLS authentication is needed. Valid values: NONE, OPTIONAL, REQUIRED.

When set to OPTIONAL, if the server receives an mTLS request, it attempts to authenticate the request using mTLS. Disabled by default.

ataccama.server.grpc.tls.cert-chain

String

The full path to the TLS certificate, for example, file:/path/to/server.crt.

ataccama.server.grpc.tls.private-key

String

The full path to the private key of the certificate, for example, file:/path/to/server.key.

ataccama.server.grpc.tls.trust-cert-collection

String

The full path to the public certificate of the root certificate authority, for example, file:/path/to/rootCA.crt.

gRPC Client

General settings

Property Data type Description

Property	Data type	Description
`ataccama.client.grpc.properties.max-message-size`	String	Limits the size of messages that the gRPC client can process. Default value: `1GB`. For a full list of accepted units, see Size units.

ataccama.client.grpc.properties.max-message-size

String

Limits the size of messages that the gRPC client can process.

Default value: 1GB. For a full list of accepted units, see Size units.

TLS/mTLS

Property Data type Description

Property	Data type	Description
`ataccama.client.grpc.tls.enabled`	Boolean	Enables TLS authentication on the gRPC client. Default value: `false`.
`ataccama.client.grpc.tls.mTls`	Boolean	Enables mutual TLS authentication between the server and the client. Default value: `false`.
`ataccama.client.grpc.tls.cert-chain`	String	The full path to the TLS certificate, for example, `file:/path/to/client.crt`.
`ataccama.client.grpc.tls.private-key`	String	The full path to the private key of the certificate, for example, `file:/path/to/client.key`.
`ataccama.client.grpc.tls.trust-cert-collection`	String	The full path to the public certificate of the root certificate authority, for example, `file:/path/to/rootCA.crt`.

ataccama.client.grpc.tls.enabled

Boolean

Enables TLS authentication on the gRPC client.

Default value: false.

ataccama.client.grpc.tls.mTls

Boolean

Enables mutual TLS authentication between the server and the client.

Default value: false.

ataccama.client.grpc.tls.cert-chain

String

The full path to the TLS certificate, for example, file:/path/to/client.crt.

ataccama.client.grpc.tls.private-key

String

The full path to the private key of the certificate, for example, file:/path/to/client.key.

ataccama.client.grpc.tls.trust-cert-collection

String

The full path to the public certificate of the root certificate authority, for example, file:/path/to/rootCA.crt.

MMM general settings

Property Data type Description

Property	Data type	Description
`ataccama.one.mmm.permissions.apply`	Boolean	If set to `true`, the application uses permissions defined for the MMM module. If set to `false`, there are no restrictions.
`ataccama.one.mmm.api.introspection.caching.enabled`	Boolean	If set to `true`, the results of the `schema` field obtained by querying the introspection endpoint in the GraphQL API are cached. The `schema` field contains the resources used in the API schema.
`ataccama.one.mmm.compare.session.mark-use`	String	Defines how often a compare session should be marked as still in use. A compare session is created when a user chooses to compare two nodes and can be accessed in subsequent requests but not indefinitely. The time interval specified here should be significantly lower than the expiration period. Default value: `1m`. For a full list of accepted units, see Duration units.
`ataccama.one.mmm.compare.session.expiration`	String	Defines the time period after which a compare session is considered expired starting from the last time the session was in use. Expired sessions are pruned according to the pruning schedule. Default value: `12h`. For a full list of accepted units, see Duration units.
`ataccama.one.compare.session.pruning.after`	String	Defines the time period after which a compare session is pruned from the database starting from the last time the session was in use. The time interval specified here must be greater than the expiration period. Default value: `24h`. For a full list of accepted units, see Duration units.
`ataccama.one.mmm.compare.pruning.interval`	String	Defines how often the server attempts pruning compare sessions from the database. Default value: `15m`. For a full list of accepted units, see Duration units.
`ataccama.one.mmm.migration.detection.interval`	String	Defines how often the server attempts to detect new migration requests. Default value: `10s`. For a full list of accepted units, see Duration units.
`ataccama.one.mmm.migration.read-only`	String	Defines for how long a node remains read-only if a new MMD model is published. After this period expires, the migration of database schemas starts, which makes the application temporarily unavailable. The time interval specified here needs to be long enough so that all running database transactions can be successfully completed. Default value: `120s`. For a full list of accepted units, see Duration units.
`ataccama.one.mmm.migration.migrate-using-upgrade-runner`	Boolean	Determines whether migration is performed using the new upgrade runner (`true`) or the previous migration method (`false`). Default value: `true`.
`ataccama.one.mmm.core.export-data`	Boolean	Exposes the HTTP endpoint for exporting MMM data. The user must have the `MMM_export` role assigned. If set to `false`, exporting is not enabled. Default value: `false`.

ataccama.one.mmm.permissions.apply

Boolean

If set to true, the application uses permissions defined for the MMM module. If set to false, there are no restrictions.

ataccama.one.mmm.api.introspection.caching.enabled

Boolean

If set to true, the results of the schema field obtained by querying the introspection endpoint in the GraphQL API are cached. The schema field contains the resources used in the API schema.

ataccama.one.mmm.compare.session.mark-use

String

Defines how often a compare session should be marked as still in use. A compare session is created when a user chooses to compare two nodes and can be accessed in subsequent requests but not indefinitely.

The time interval specified here should be significantly lower than the expiration period.

Default value: 1m. For a full list of accepted units, see Duration units.

ataccama.one.mmm.compare.session.expiration

String

Defines the time period after which a compare session is considered expired starting from the last time the session was in use.

Expired sessions are pruned according to the pruning schedule.

Default value: 12h. For a full list of accepted units, see Duration units.

ataccama.one.compare.session.pruning.after

String

Defines the time period after which a compare session is pruned from the database starting from the last time the session was in use.

The time interval specified here must be greater than the expiration period.

Default value: 24h. For a full list of accepted units, see Duration units.

ataccama.one.mmm.compare.pruning.interval

String

Defines how often the server attempts pruning compare sessions from the database.

Default value: 15m. For a full list of accepted units, see Duration units.

ataccama.one.mmm.migration.detection.interval

String

Defines how often the server attempts to detect new migration requests.

Default value: 10s. For a full list of accepted units, see Duration units.

ataccama.one.mmm.migration.read-only

String

Defines for how long a node remains read-only if a new MMD model is published. After this period expires, the migration of database schemas starts, which makes the application temporarily unavailable.

The time interval specified here needs to be long enough so that all running database transactions can be successfully completed.

Default value: 120s. For a full list of accepted units, see Duration units.

ataccama.one.mmm.migration.migrate-using-upgrade-runner

Boolean

Determines whether migration is performed using the new upgrade runner (true) or the previous migration method (false).

Default value: true.

ataccama.one.mmm.core.export-data

Boolean

Exposes the HTTP endpoint for exporting MMM data.

The user must have the MMM_export role assigned. If set to false, exporting is not enabled.

Default value: false.

MMM database

Property Data type Description

Property	Data type	Description
`spring.datasource.url`	String	A JDBC connection string pointing to the MMM database. Default value: `jdbc:postgresql://localhost:5432/mmm?currentSchema=public`.
`spring.datasource.username`	String	The username for the MMM database. Default value: `one`.
`spring.datasource.password`	String	The password for the MMM database. Default value: `one`. Encrypted version of the same value: `crypted:AES:vTlfhBo/yc94VNQ/tqAHtIzMTnEenM7WW0GAXGle4xQ=`.
`spring.datasource.hikari.maximumPoolSize`	Number	The maximum number of connections, both active and idle, that can be kept in the connection pool. Default value: `30`.
`spring.datasource.hikari.leak-detection-threshold`	Number	Defines for how long a connection can remain unoccupied outside of the connection pool before a possible connection leak is logged. Expressed in milliseconds. Default value: `600000`.

spring.datasource.url

String

A JDBC connection string pointing to the MMM database.

Default value: jdbc:postgresql://localhost:5432/mmm?currentSchema=public.

spring.datasource.username

String

The username for the MMM database.

Default value: one.

spring.datasource.password

String

The password for the MMM database.

Default value: one.

Encrypted version of the same value: crypted:AES:vTlfhBo/yc94VNQ/tqAHtIzMTnEenM7WW0GAXGle4xQ=.

spring.datasource.hikari.maximumPoolSize

Number

The maximum number of connections, both active and idle, that can be kept in the connection pool.

Default value: 30.

spring.datasource.hikari.leak-detection-threshold

Number

Defines for how long a connection can remain unoccupied outside of the connection pool before a possible connection leak is logged. Expressed in milliseconds.

Default value: 600000.

MMM backup database

The following properties are used for metadata backup and restore purposes. If the properties are not specified, the values are instead derived from the properties spring.datasource.url and ataccama.one.mmm.backup.postgres.database-name.

Setting these properties is preferable only in cases when they cannot be computed from the former configuration.

Property Data type Description

Property	Data type	Description
`ataccama.one.mmm.backup.postgres.database-name`	String	The name of the database used for backing up MMM data if PostgreSQL is used. If not set, the name is created by adding a prefix to the name of the MMM database. Default value: `backup_mmm`.
`ataccama.one.mmm.backup.postgres.url`	String	A JDBC connection string pointing to the MMM backup database if PostgreSQL is used. If not set, the default URL is created based on the URL of the MMM database (`spring.datasource.url`). Default value: `jdbc:postgresql://localhost:5432/backup_mmm?currentSchema=public`.
`ataccama.one.mmm.backup.postgres.username`	String	The username for the MMM backup database if PostgreSQL is used. If not set, the username for connecting to the MMM database is used instead (`spring.datasource.username`). Default value: `one`.
`ataccama.one.mmm.backup.postgres.password`	String	The password for the MMM backup database if PostgreSQL is used. If not set, the password for connecting to the MMM database is used instead (`spring.datasource.password`). Default value: `one`.

ataccama.one.mmm.backup.postgres.database-name

String

The name of the database used for backing up MMM data if PostgreSQL is used. If not set, the name is created by adding a prefix to the name of the MMM database.

Default value: backup_mmm.

ataccama.one.mmm.backup.postgres.url

String

A JDBC connection string pointing to the MMM backup database if PostgreSQL is used. If not set, the default URL is created based on the URL of the MMM database (spring.datasource.url).

Default value: jdbc:postgresql://localhost:5432/backup_mmm?currentSchema=public.

ataccama.one.mmm.backup.postgres.username

String

The username for the MMM backup database if PostgreSQL is used. If not set, the username for connecting to the MMM database is used instead (spring.datasource.username).

Default value: one.

ataccama.one.mmm.backup.postgres.password

String

The password for the MMM backup database if PostgreSQL is used. If not set, the password for connecting to the MMM database is used instead (spring.datasource.password).

Default value: one.

High availability

Currently, high availability (HA) in MMM functions in active/passive mode, which means that it includes one active instance and multiple passive instances on standby. As such, the high availability setup does not increase the throughput; it only increases availability.

The high availability setup is intended mainly for self-managed deployments.

In order to use high availability in MMM, the following requirements must be in place:

A dedicated database for HA synchronization (by default: mmm_ha).
An additional port must be open for monitoring (by default: 8024).
Multiple MMM instances must be set up with a load balancer pointing to the new health monitoring endpoint.

The following properties are used to enable and configure the HA mode in MMM.

Property Data type Description

Property	Data type	Description
`ataccama.one.mmm.ha.enabled`	Boolean	Enables the high availability setup in MMM. Default value: `false`.
`ataccama.one.mmm.ha.datasource.url`	String	A JDBC connection string pointing to the high availability database. Default value: `jdbc:postgresql://localhost:5431/mmm_ha?currentSchema=public`.
`ataccama.one.mmm.ha.datasource.username`	String	The username for the high availability database. Default value: `one`.
`ataccama.one.mmm.ha.datasource.password`	String	The password for the high availability database. Default value: `one`.
`ataccama.one.mmm.ha.distributed-leader.initial-sleep`	String	The initial sleep period before a new leader election begins. If the value is set differently on each instance, this can be used to prioritize which instance becomes active provided that there are no issues preventing that. Default value: `0s`. For a full list of accepted units, see Duration units.
`ataccama.one.mmm.ha.distributed-leader.election-interval`	String	Specifies how often a new active leader is elected. This affects how quickly a failed instance can be recognized and handled. The time until a new leader is elected must be shorter or equal than the sum of this interval (`distributed-leader.election-interval`) and the heartbeat timeout configured for failed instances (`ataccama.distributed-lock.heartbeat.timeout.dead`). Default value: `30s`. For a full list of accepted units, see Duration units.

ataccama.one.mmm.ha.enabled

Boolean

Enables the high availability setup in MMM.

Default value: false.

ataccama.one.mmm.ha.datasource.url

String

A JDBC connection string pointing to the high availability database.

Default value: jdbc:postgresql://localhost:5431/mmm_ha?currentSchema=public.

ataccama.one.mmm.ha.datasource.username

String

The username for the high availability database.

Default value: one.

ataccama.one.mmm.ha.datasource.password

String

The password for the high availability database.

Default value: one.

ataccama.one.mmm.ha.distributed-leader.initial-sleep

String

The initial sleep period before a new leader election begins. If the value is set differently on each instance, this can be used to prioritize which instance becomes active provided that there are no issues preventing that.

Default value: 0s. For a full list of accepted units, see Duration units.

ataccama.one.mmm.ha.distributed-leader.election-interval

String

Specifies how often a new active leader is elected. This affects how quickly a failed instance can be recognized and handled.

The time until a new leader is elected must be shorter or equal than the sum of this interval (distributed-leader.election-interval) and the heartbeat timeout configured for failed instances (ataccama.distributed-lock.heartbeat.timeout.dead).

Default value: 30s. For a full list of accepted units, see Duration units.

DPM and Executor

Property Data type Description

Property	Data type	Description
`ataccama.client.connection.dpm.host`	String	The IP address or the hostname of the server where DPM is running. Default value: `localhost`.
`ataccama.client.connection.dpm.grpc.port`	Number	The port where DPM is running. Default value: `8531`.
`plugin.dpm.ataccama.one.executor.subscription.retry.initial-interval-ms`	Number	The initial interval between reconnection attempts, expressed in milliseconds. The total time between retries is calculated as the product of the initial interval in milliseconds and the interval multiplier exponentiated by the number of the retry attempt (initialIntervalMs * intervalMultiplier ^ attemptNumber). Default value: `500`.
`plugin.dpm.ataccama.one.executor.subscription.retry.interval-multiplier`	Number	The multiplier of the initial time interval between reconnection attempts. The total time between retries is calculated as the product of the initial interval in milliseconds and the interval multiplier exponentiated by the number of the retry attempt (initialIntervalMs * intervalMultiplier ^ attemptNumber). Default value: `1.5`.
`plugin.dpm.ataccama.one.executor.subscription.valid-after-ms`	Number	The time interval after which the connection is considered stable and the retry policy is reset. A connection is considered stable if there are no errors communicating with DPM during this period. Expressed in milliseconds. Default value: `5000`.
`plugin.dpm.ataccama.one.executor.async.pool.size.max`	Number	The maximum number of threads that can be used for processing events coming from DPM. Default value: `5`.
`plugin.dpm.ataccama.one.executor.async.pool.size.core`	Number	The minimum number of threads that need to be kept alive at all times. These threads are dedicated only to processing events coming from DPM. Default value: `2`.
`ataccama.authentication.internal.jwt.generator.tokenExpiration`	String	Defines the amount of time after which the token generated by the internal JWT generator expires. If the token expires too fast, this can lead to the following error: “UNAUTHENTICATED: Expired JWT”. Keep in mind that extending the validity of the JWT token can potentially lead to security issues as the subscription can remain active even after the token has been revoked. Default value: `15s`. For a full list of accepted units, see Duration units.
`ataccama.authentication.internal.jwt.generator.streamingTokenExpiration`	String	Defines the amount of time after which the streaming token generated by the internal JWT generator expires. If the token expires too fast, this can lead to the following error: “UNAUTHENTICATED: Expired JWT”. Keep in mind that extending the validity of the JWT token can potentially lead to security issues as the subscription can remain active even after the token has been revoked. Default value: `4h`. For a full list of accepted units, see Duration units.

ataccama.client.connection.dpm.host

String

The IP address or the hostname of the server where DPM is running.

Default value: localhost.

ataccama.client.connection.dpm.grpc.port

Number

The port where DPM is running.

Default value: 8531.

plugin.dpm.ataccama.one.executor.subscription.retry.initial-interval-ms

Number

The initial interval between reconnection attempts, expressed in milliseconds.

The total time between retries is calculated as the product of the initial interval in milliseconds and the interval multiplier exponentiated by the number of the retry attempt (initialIntervalMs * intervalMultiplier ^ attemptNumber).

Default value: 500.

plugin.dpm.ataccama.one.executor.subscription.retry.interval-multiplier

Number

The multiplier of the initial time interval between reconnection attempts.

Default value: 1.5.

plugin.dpm.ataccama.one.executor.subscription.valid-after-ms

Number

The time interval after which the connection is considered stable and the retry policy is reset. A connection is considered stable if there are no errors communicating with DPM during this period. Expressed in milliseconds.

Default value: 5000.

plugin.dpm.ataccama.one.executor.async.pool.size.max

Number

The maximum number of threads that can be used for processing events coming from DPM.

Default value: 5.

plugin.dpm.ataccama.one.executor.async.pool.size.core

Number

The minimum number of threads that need to be kept alive at all times. These threads are dedicated only to processing events coming from DPM.

Default value: 2.

ataccama.authentication.internal.jwt.generator.tokenExpiration

String

Defines the amount of time after which the token generated by the internal JWT generator expires. If the token expires too fast, this can lead to the following error: “UNAUTHENTICATED: Expired JWT”.

Keep in mind that extending the validity of the JWT token can potentially lead to security issues as the subscription can remain active even after the token has been revoked.

Default value: 15s. For a full list of accepted units, see Duration units.

ataccama.authentication.internal.jwt.generator.streamingTokenExpiration

String

Defines the amount of time after which the streaming token generated by the internal JWT generator expires. If the token expires too fast, this can lead to the following error: “UNAUTHENTICATED: Expired JWT”.

Keep in mind that extending the validity of the JWT token can potentially lead to security issues as the subscription can remain active even after the token has been revoked.

Default value: 4h. For a full list of accepted units, see Duration units.

Job processing

Property Data type Description

Property	Data type	Description
`ataccama.one.job.cancel.async.pool.size.max`	Number	The maximum number of threads that can be used for job canceling requests in case the dedicated queue is full. Default value: `4`.
`ataccama.one.job.cancel.async.pool.size.core`	Number	The minimum number of threads that need to be kept alive at all times unless the timeout is configured. These threads are used only for job canceling requests. Default value: `2`.
`ataccama.one.job.cancel.async.pool.size.queue`	Number	The number of requests that the queue for job canceling requests can contain. Once the limit is reached, the number of threads in the pool increases to the maximum thread count. Default value: `10`.
`ataccama.one.job.cancel.async.pool.core.timeout.enabled`	Boolean	Enables timeout for core threads in the pool for job canceling requests. In this case, the pool prioritizes starting core threads over adding requests to the pool queue. Default value: `true`.
`plugin.jobs.ataccama.one.recovery.strategy`	String	Determines whether running jobs that were started in a previous session should be recovered or canceled on the application start. In other words, the property adds a possibility to disable disaster recovery for jobs. The following options are available: `CANCEL`: All unfinished jobs are canceled on the application start. `RECOVERY`: Jobs that can be completed are allowed to finish while the others are canceled. Default value: `CANCEL`.

ataccama.one.job.cancel.async.pool.size.max

Number

The maximum number of threads that can be used for job canceling requests in case the dedicated queue is full.

Default value: 4.

ataccama.one.job.cancel.async.pool.size.core

Number

The minimum number of threads that need to be kept alive at all times unless the timeout is configured. These threads are used only for job canceling requests.

Default value: 2.

ataccama.one.job.cancel.async.pool.size.queue

Number

The number of requests that the queue for job canceling requests can contain. Once the limit is reached, the number of threads in the pool increases to the maximum thread count.

Default value: 10.

ataccama.one.job.cancel.async.pool.core.timeout.enabled

Boolean

Enables timeout for core threads in the pool for job canceling requests. In this case, the pool prioritizes starting core threads over adding requests to the pool queue.

Default value: true.

plugin.jobs.ataccama.one.recovery.strategy

String

Determines whether running jobs that were started in a previous session should be recovered or canceled on the application start. In other words, the property adds a possibility to disable disaster recovery for jobs.

The following options are available:

CANCEL: All unfinished jobs are canceled on the application start.
RECOVERY: Jobs that can be completed are allowed to finish while the others are canceled.

Default value: CANCEL.

Monitoring projects

Property Data type Description

Property	Data type	Description
`plugin.monitoring-project.ataccama.one.retention-check.enabled`	Boolean	If set to `true`, monitoring project results are removed automatically after the set retention period expires. For more information about custom retention configuration, which is managed through the web application, see Monitoring Project Results, Reports, and Notifications. Default: `true`.
`plugin.monitoring-project.ataccama.one.retention-check.interval`	String	Sets how often the the application should check for results older than the defined retention period. Default value: `1h`. For a full list of accepted units, see Duration units.
`plugin.monitoring-project.ataccama.one.dq-processing-parallelism`	Number	Decides the maximum number of DPEs that are utilized by a single monitoring project DQ job. Default value: `1`.
`plugin.monitoring-project.ataccama.one.rule-suggestions-enabled`	Boolean	Decides if rule suggestions are enabled in monitoring projects. Default value: `true`.

plugin.monitoring-project.ataccama.one.retention-check.enabled

Boolean

If set to true, monitoring project results are removed automatically after the set retention period expires.

For more information about custom retention configuration, which is managed through the web application, see Monitoring Project Results, Reports, and Notifications.

Default: true.

plugin.monitoring-project.ataccama.one.retention-check.interval

String

Sets how often the the application should check for results older than the defined retention period.

Default value: 1h. For a full list of accepted units, see Duration units.

plugin.monitoring-project.ataccama.one.dq-processing-parallelism

Number

Decides the maximum number of DPEs that are utilized by a single monitoring project DQ job.

Default value: 1.

plugin.monitoring-project.ataccama.one.rule-suggestions-enabled

Boolean

Decides if rule suggestions are enabled in monitoring projects.

Default value: true.

Relationships graph

Property Data type Description

Property	Data type	Description
`plugin.relationships-graph.ataccama.one.relationships.external.enabled`	String	Enables using external lineage for relationship graphs.
`plugin.relationships-graph.ataccama.one.relationships.external.url`	String	A JDBC connection string pointing to the external lineage database. Default value: `jdbc:postgresql://localhost:5432/mmm?currentSchema=public`.
`plugin.relationships-graph.ataccama.one.relationships.external.driver`	String	The JDBC driver class name for the external lineage database. The driver must be on the application classpath. Default value: `org.postgresql.Driver`.
`plugin.relationships-graph.ataccama.one.relationships.external.user`	String	The username for the external lineage database. Default value: `one`.
`plugin.relationships-graph.ataccama.one.relationships.external.password`	String	The password for the external lineage database. Default value: `one`.
`plugin.relationships-graph.ataccama.one.relationships.external.table.catalog-items`	String	The name of the table containing external catalog items. Default value: `external_lineage.catalog_item`.
`plugin.relationships-graph.ataccama.one.relationships.external.table.attributes`	String	The name of the table containing external attributes. Default value: `external_lineage.attribute`.
`plugin.relationships-graph.ataccama.one.relationships.external.table.edges`	String	The name of the table containing external edges. Default value: `external_lineage.edge`.

plugin.relationships-graph.ataccama.one.relationships.external.enabled

String

Enables using external lineage for relationship graphs.

plugin.relationships-graph.ataccama.one.relationships.external.url

String

A JDBC connection string pointing to the external lineage database.

Default value: jdbc:postgresql://localhost:5432/mmm?currentSchema=public.

plugin.relationships-graph.ataccama.one.relationships.external.driver

String

The JDBC driver class name for the external lineage database. The driver must be on the application classpath.

Default value: org.postgresql.Driver.

plugin.relationships-graph.ataccama.one.relationships.external.user

String

The username for the external lineage database.

Default value: one.

plugin.relationships-graph.ataccama.one.relationships.external.password

String

The password for the external lineage database.

Default value: one.

plugin.relationships-graph.ataccama.one.relationships.external.table.catalog-items

String

The name of the table containing external catalog items.

Default value: external_lineage.catalog_item.

plugin.relationships-graph.ataccama.one.relationships.external.table.attributes

String

The name of the table containing external attributes.

Default value: external_lineage.attribute.

plugin.relationships-graph.ataccama.one.relationships.external.table.edges

String

The name of the table containing external edges.

Default value: external_lineage.edge.

RDM connection

Property Data type Description

Property	Data type	Description
`plugin.rdmconfig.ataccama.one.rdm.url`	String	The URL of the RDM GraphQL endpoint that is used for deploying configuration to RDM. Default value: `http://localhost:8060/graphql`.

plugin.rdmconfig.ataccama.one.rdm.url

String

The URL of the RDM GraphQL endpoint that is used for deploying configuration to RDM.

Default value: http://localhost:8060/graphql.

Profiling plugin

Property Data type Description

Property	Data type	Description
`plugin.profiling.ataccama.one.profiling.value-count-limit`	Number	The total number of values for count statistics that should be stored. Applies separately to each of the following categories: frequency analysis performed on attribute level, and the related frequency groups, masks, and patterns. Default value: `40`. The maximum allowed value is `1000`, but the default one should not be increased by much to avoid performance issues.
`plugin.profiling.ataccama.one.profiling.batch-size`	Number	The number of catalog items for which metadata is retrieved in a single batch for preprocessing purposes. Before profiling starts, catalog item metadata needs to be imported, which is done in batches. A higher value improves profiling performance but can lead to issues with insufficient memory. Default value: `50`.

plugin.profiling.ataccama.one.profiling.value-count-limit

Number

The total number of values for count statistics that should be stored. Applies separately to each of the following categories: frequency analysis performed on attribute level, and the related frequency groups, masks, and patterns.

Default value: 40.

The maximum allowed value is 1000, but the default one should not be increased by much to avoid performance issues.

plugin.profiling.ataccama.one.profiling.batch-size

Number

The number of catalog items for which metadata is retrieved in a single batch for preprocessing purposes.

Before profiling starts, catalog item metadata needs to be imported, which is done in batches. A higher value improves profiling performance but can lead to issues with insufficient memory.

Default value: 50.

Drillthrough

Drillthrough data refers to invalid samples (data) and results of DQ (failed rules and explanations).

Property Data type Description

plugin.dqeval.ataccama.one.drillthrough-cache-expiration-min

Number

Defines how long the drillthrough cache stores data. Expressed in minutes.

Default value: 60.

plugin.dqeval.ataccama.one.drillthrough-cache-size-mb

Number

Configures the size of the drillthrough in-memory cache. Expressed in megabytes.

Default value: 50.

plugin.dqeval.ataccama.one.drillthrough.retention-period

String

Defines for how long drillthrough data is stored. By default, it is never removed.

Drillthrough data might be stored in the cache even after it is removed from the Object Storage. This depends on the value set for the property drillthrough-cache-expiration-min.

Default value: forever (an internal constant). For a full list of accepted units, see Duration units.

plugin.dqeval.ataccama.one.drillthrough.cleanup-interval

String

Configures how often drillthroughs are removed. Should be configured with regard to drillthrough.retention-period.

Default value: 1d. For a full list of accepted units, see Duration units.

plugin.dqeval.ataccama.one.drillthrough.bucket

String

The name of the bucket in the Object Storage where drillthroughs are stored.

The same bucket must be configured for DPM.

Default value: drillthrough.

plugin.dq-eval.ataccama.one.drillthrough-encryption

Boolean

Enables records encryption of invalid samples in shared file system.

Default value: true.

ONE Object Storage

The following section contains only MMM-specific ONE Object Storage properties. For more information about how to set up ONE Object Storage and an overview of the properties shared with DPM and DPE modules, refer to ONE Object Storage Configuration.

Property Data type Description

Property	Data type	Description
`plugin.object-storage.ataccama.one.load-upload-dir`	String	A relative path to the folder containing files that should be uploaded to the object storage.
`plugin.object-storage.ataccama.one.load-upload-url`	String	A URL pointing to the ZIP file that should be used for data import.
`plugin.object-storage.ataccama.one.on-error`	String	Defines how the application behaves in case of an issue with data import. Available options are as follows: `FAIL`: Data import finishes with an error if the ZIP file is missing. `SET_TO_NULL`: The missing file is ignored and its URL is set to `null`. Default value: `FAIL`.

plugin.object-storage.ataccama.one.load-upload-dir

String

A relative path to the folder containing files that should be uploaded to the object storage.

plugin.object-storage.ataccama.one.load-upload-url

String

A URL pointing to the ZIP file that should be used for data import.

plugin.object-storage.ataccama.one.on-error

String

Defines how the application behaves in case of an issue with data import.

Available options are as follows:

FAIL: Data import finishes with an error if the ZIP file is missing.
SET_TO_NULL: The missing file is ignored and its URL is set to null.

Default value: FAIL.

Lookups

Property Data type Description

Property	Data type	Description
`plugin.lookup-management.ataccama.one.upload-job.cleanup-interval`	String	Configures how often to cancel lookup upload jobs that have exceeded the timeout defined in the `upload-job.timeout` property. Default value: `10m`. For a full list of accepted units, see Duration units.
`plugin.lookup-management.ataccama.one.upload-job.timeout`	String	The expiration timeout for lookup upload jobs. Jobs older that this are canceled based on the frequency defined in the `upload-job.cleanup-interval` property. Default value: `60m`. For a full list of accepted units, see Duration units.

plugin.lookup-management.ataccama.one.upload-job.cleanup-interval

String

Configures how often to cancel lookup upload jobs that have exceeded the timeout defined in the upload-job.timeout property.

Default value: 10m. For a full list of accepted units, see Duration units.

plugin.lookup-management.ataccama.one.upload-job.timeout

String

The expiration timeout for lookup upload jobs. Jobs older that this are canceled based on the frequency defined in the upload-job.cleanup-interval property.

Default value: 60m. For a full list of accepted units, see Duration units.

Core settings

Property Data type Description

Property	Data type	Description
`ataccama.one.mmm.core.load-dir-basic-data`	String	Points to the folder containing the basic data that should be loaded into the application on startup. Default value: `data/basic`.
`ataccama.one.mmm.core.load-dir-demo-data`	String	Points to the folder containing the demo data that should be loaded into the application on startup. Default value: `data/demo`.

ataccama.one.mmm.core.load-dir-basic-data

String

Points to the folder containing the basic data that should be loaded into the application on startup.

Default value: data/basic.

ataccama.one.mmm.core.load-dir-demo-data

String

Points to the folder containing the demo data that should be loaded into the application on startup.

Default value: data/demo.

Notifications

Property Data type Description

Property	Data type	Description
`plugin.notification.ataccama.one.notification.subscription.buffer.size`	Number	The maximum number of notifications per GraphQL subscription that are cached on the backend before they are sent to the frontend. Default value: `100`.

plugin.notification.ataccama.one.notification.subscription.buffer.size

Number

The maximum number of notifications per GraphQL subscription that are cached on the backend before they are sent to the frontend.

Default value: 100.

SQL catalog items

Property Data type Description

Property	Data type	Description
`plugin.virtual-catalog.ataccama.one.virtual-catalog.dsl-query-catalog-items.api.enforcer.enable`	Boolean	Controls whether the SQL catalog items feature is available in the application. Enforces capability 'dsl-query-catalog-items' on generic API level. Default value: `true`.

plugin.virtual-catalog.ataccama.one.virtual-catalog.dsl-query-catalog-items.api.enforcer.enable

Boolean

Controls whether the SQL catalog items feature is available in the application. Enforces capability 'dsl-query-catalog-items' on generic API level.

Default value: true.

Thread monitor

Property Data type Description

Property	Data type	Description
`ataccama.thread-monitor.enabled`	Boolean	Enables the thread monitor. If set to `false`, the other properties configuring the thread monitor have no effect. Default value: `true`.
`ataccama.thread-monitor.detection-thread-interval`	String	Sets how often long running threads are sampled. The relevant statistics are periodically printed. Default value: `30s`. For a full list of accepted units, see Duration units.
`ataccama.thread-monitor.metrics.enabled`	Boolean	Exposes the thread monitor metrics. Default: `true`.
`ataccama.thread-monitor.stack-trace-formatter.include`	String	A comma-separated list of regular expressions that are applied to stack trace elements. Only the matched elements are printed to the stack trace log. Default value: `.\\.ataccama\\..`.
`ataccama.thread-monitor.stack-trace-formatter.exclude`	String	A comma-separated list of regular expressions that are applied to stack trace elements. The matched elements are not printed to the stack trace log. Default value: `com\\.ataccama\\.lib\\.threadutil.*`.
`ataccama.thread-monitor.pool-config.default.enabled`	Boolean	Enables long running thread detection for the (default) pool. Default settings can be overridden for a specific pool. Default value: `true`.
`ataccama.thread-monitor.pool-config.default.long-running-limit`	String	Defines the threshold for long running threads. All threads running longer than the limit are considered as long running and reported. Default settings can be overridden for a specific pool. Default value: `30s`. For a full list of accepted units, see Duration units.
`ataccama.thread-monitor.pool-config.default.log-details`	Boolean	Enables logging all details for the thread pool, including the stack trace of long running threads. Default settings can be overridden for a specific pool. Default value: `true`.

ataccama.thread-monitor.enabled

Boolean

Enables the thread monitor. If set to false, the other properties configuring the thread monitor have no effect.

Default value: true.

ataccama.thread-monitor.detection-thread-interval

String

Sets how often long running threads are sampled. The relevant statistics are periodically printed.

Default value: 30s. For a full list of accepted units, see Duration units.

ataccama.thread-monitor.metrics.enabled

Boolean

Exposes the thread monitor metrics.

Default: true.

ataccama.thread-monitor.stack-trace-formatter.include

String

A comma-separated list of regular expressions that are applied to stack trace elements. Only the matched elements are printed to the stack trace log.

Default value: .*\\.ataccama\\..*.

ataccama.thread-monitor.stack-trace-formatter.exclude

String

A comma-separated list of regular expressions that are applied to stack trace elements. The matched elements are not printed to the stack trace log.

Default value: com\\.ataccama\\.lib\\.threadutil.*.

ataccama.thread-monitor.pool-config.default.enabled

Boolean

Enables long running thread detection for the (default) pool. Default settings can be overridden for a specific pool.

Default value: true.

ataccama.thread-monitor.pool-config.default.long-running-limit

String

Defines the threshold for long running threads. All threads running longer than the limit are considered as long running and reported. Default settings can be overridden for a specific pool.

Default value: 30s. For a full list of accepted units, see Duration units.

ataccama.thread-monitor.pool-config.default.log-details

Boolean

Enables logging all details for the thread pool, including the stack trace of long running threads. Default settings can be overridden for a specific pool.

Default value: true.

GraphQL

Property Data type Description

Property	Data type	Description
`graphql.experimental.validation.enabled`	Boolean	If set to `true`, GraphQL experimental validation is enabled. This replaces a part of the standard GraphQL query validation with an experimental one in order to improve performance.
`logging.filter.on`	Boolean	To log requests made to GraphQL endpoints, set to `true`. Default value: `false`.
`logging.filter.url`	String	Used to filter logs by the URL. If set to `/graphql`, only GraphQL traffic is logged. Default value: `/graphql`.
`logging.filter.includeHeaders`	Boolean	Defines if logs for GraphQL endpoints store the request’s HTTP headers. To log headers, set the value to `true`. Default value: `false`.
`logging.filter.includePayload`	Boolean	Defines if logs for GraphQL endpoints store the request’s payload. To log payloads, set the value to `true`. Default value: `true`.
`logging.filter.maxPayloadLength`	Number	Sets the maximum length of the request’s payload expressed in characters. When the request’s payload exceeds this number, the payload is truncated and logs store only the characters within the limit. Default value: `10000`.
`logging.filter.includeQueryString`	Boolean	Defines if logs for GraphQL endpoints store the query string parameters sent with the request. To log query string parameters, set the value to `true`. Default value: `true`.
`logging.filter.includeClientInfo`	Boolean	Defines if logs for GraphQL endpoints store information about the client that made the request. To log client information, set the value to `true`. Default value: `true`.
`logging.filter.maskedHeaders`	String	A list of HTTP headers that are masked in the logs. This is used to prevent leaking sensitive data, such as authentication tokens. Default value: `host,authorization`.
`logging.level.com.ataccama.one.metadata.graphql.config.SensitiveDataRedactingRequestResponseLoggingInstrumentation`	String	Configures the logging level for GraphQL requests and responses. To enable logging, must be set to `DEBUG`.
`ataccama.one.mmm.api.introspection.enabled`	Boolean	Enables introspection in GraphQL. When enabled, the introspection can be allowed for users (configured based on the type of user and role) and for headers. At least one user or header configuration must match for introspection to be allowed. See the following introspection properties for the configuration options. Default value: `false`.
`ataccama.one.mmm.api.introspection.users`	String	Defines the type of user that can use introspection in GraphQL. You can set this property to one of the following options: `users=NONE`: Introspection cannot be used by any user. `users=AUTHENTICATED`: Introspection can be used by any authenticated user. `users=MATCHING_ROLES`: Introspection can be used by users with at least one of the roles listed in the following `introspection.roles` property. `users=ALL`: Introspection can be used by any user. This includes unauthenticated users or those that failed authentication.
`ataccama.one.mmm.api.introspection.roles`	String	Defines which roles can use introspection in GraphQL if the `introspection.users` property is set to `users=MATCHING_ROLES`. For example, `ataccama.one.mmm.api.introspection.roles=MMM_admin`.
`ataccama.one.mmm.api.introspection.headers`	String	Defines the headers under which introspection is allowed for a specific request. Note that configuring headers typically requires that the user cannot specify the header (stripped by ingress). For example, `ataccama.one.mmm.api.introspection.headers=X-Allow-Introspection`.
`ataccama.one.mmm.api.logging.request`	Boolean	If set to `true`, GraphQL requests are logged in the MMM log. This is useful for debugging purposes and includes requests with sensitive information, such as passwords and secrets.
`ataccama.one.mmm.api.logging.requestDetail.query`	Boolean	Enables logging query parts. Applies only if GraphQL requests are logged as well (`ataccama.one.mmm.api.logging.request=true`).
`ataccama.one.mmm.api.logging.requestDetail.variables`	Boolean	Enables logging query variables. Applies only if GraphQL requests are logged as well (`ataccama.one.mmm.api.logging.request=true`).
`ataccama.one.mmm.api.logging.requestDetail.operationName`	Boolean	Enables logging the operation names. Applies only if GraphQL requests are logged as well (`ataccama.one.mmm.api.logging.request=true`).
`ataccama.one.mmm.api.logging.response`	Boolean	If set to `true`, GraphQL responses are logged in the MMM log. This is useful for debugging purposes and includes responses with sensitive information, such as passwords and secrets.
`ataccama.one.mmm.api.logging.responseDetail.result`	Boolean	Enables logging result parts. Applies only if GraphQL responses are logged as well (`ataccama.one.mmm.api.logging.response=true`).
`ataccama.one.mmm.api.logging.responseDetail.stacktrace`	Boolean	Enables logging the stack trace if an exception is thrown. Applies only if GraphQL responses are logged as well (`ataccama.one.mmm.api.logging.response=true`).
`ataccama.one.mmm.api.logging.sensitive-pattern`	String	A regular expression pattern used for masking sensitive information in MMM logs related to GraphQL. When there is a match, that field is redacted from the GraphQL request or response.
`ataccama.one.mmm.graphql.metrics.response.enabled`	Boolean	If set to `true`, metrics are calculated per GraphQL request. Default value: `false`.
`ataccama.one.mmm.graphql.metrics.response.with-annotation`	Boolean	If set to `true`, collecting metrics is required for GraphQL annotation. Default value: `true`.
`ataccama.one.mmm.graphql.metrics.response.field-level`	String	Determines whether fields are measured. Can be overridden in GraphQL annotation unless it is disabled. Possible values: `enabled` (all fields are measured), `disabled` (fields are not measured). Default value: `disabled`.
`ataccama.one.mmm.graphql.metrics.actuator`	Boolean	If set to `true`, the GraphQL Prometheus metric is exposed to the actuator. Default value: `true`.

graphql.experimental.validation.enabled

Boolean

If set to true, GraphQL experimental validation is enabled. This replaces a part of the standard GraphQL query validation with an experimental one in order to improve performance.

logging.filter.on

Boolean

To log requests made to GraphQL endpoints, set to true. Default value: false.

logging.filter.url

String

Used to filter logs by the URL. If set to /graphql, only GraphQL traffic is logged.

Default value: /graphql.

logging.filter.includeHeaders

Boolean

Defines if logs for GraphQL endpoints store the request’s HTTP headers. To log headers, set the value to true.

Default value: false.

logging.filter.includePayload

Boolean

Defines if logs for GraphQL endpoints store the request’s payload. To log payloads, set the value to true.

Default value: true.

logging.filter.maxPayloadLength

Number

Sets the maximum length of the request’s payload expressed in characters. When the request’s payload exceeds this number, the payload is truncated and logs store only the characters within the limit.

Default value: 10000.

logging.filter.includeQueryString

Boolean

Defines if logs for GraphQL endpoints store the query string parameters sent with the request. To log query string parameters, set the value to true.

Default value: true.

logging.filter.includeClientInfo

Boolean

Defines if logs for GraphQL endpoints store information about the client that made the request. To log client information, set the value to true.

Default value: true.

logging.filter.maskedHeaders

String

A list of HTTP headers that are masked in the logs. This is used to prevent leaking sensitive data, such as authentication tokens.

Default value: host,authorization.

logging.level.com.ataccama.one.metadata.graphql.config.SensitiveDataRedactingRequestResponseLoggingInstrumentation

String

Configures the logging level for GraphQL requests and responses. To enable logging, must be set to DEBUG.

ataccama.one.mmm.api.introspection.enabled

Boolean

Enables introspection in GraphQL. When enabled, the introspection can be allowed for users (configured based on the type of user and role) and for headers.

At least one user or header configuration must match for introspection to be allowed. See the following introspection properties for the configuration options.

Default value: false.

ataccama.one.mmm.api.introspection.users

String

Defines the type of user that can use introspection in GraphQL.

You can set this property to one of the following options:

users=NONE: Introspection cannot be used by any user.
users=AUTHENTICATED: Introspection can be used by any authenticated user.
users=MATCHING_ROLES: Introspection can be used by users with at least one of the roles listed in the following introspection.roles property.
users=ALL: Introspection can be used by any user. This includes unauthenticated users or those that failed authentication.

ataccama.one.mmm.api.introspection.roles

String

Defines which roles can use introspection in GraphQL if the introspection.users property is set to users=MATCHING_ROLES. For example, ataccama.one.mmm.api.introspection.roles=MMM_admin.

ataccama.one.mmm.api.introspection.headers

String

Defines the headers under which introspection is allowed for a specific request. Note that configuring headers typically requires that the user cannot specify the header (stripped by ingress). For example, ataccama.one.mmm.api.introspection.headers=X-Allow-Introspection.

ataccama.one.mmm.api.logging.request

Boolean

If set to true, GraphQL requests are logged in the MMM log. This is useful for debugging purposes and includes requests with sensitive information, such as passwords and secrets.

ataccama.one.mmm.api.logging.requestDetail.query

Boolean

Enables logging query parts. Applies only if GraphQL requests are logged as well (ataccama.one.mmm.api.logging.request=true).

ataccama.one.mmm.api.logging.requestDetail.variables

Boolean

Enables logging query variables. Applies only if GraphQL requests are logged as well (ataccama.one.mmm.api.logging.request=true).

ataccama.one.mmm.api.logging.requestDetail.operationName

Boolean

Enables logging the operation names. Applies only if GraphQL requests are logged as well (ataccama.one.mmm.api.logging.request=true).

ataccama.one.mmm.api.logging.response

Boolean

If set to true, GraphQL responses are logged in the MMM log. This is useful for debugging purposes and includes responses with sensitive information, such as passwords and secrets.

ataccama.one.mmm.api.logging.responseDetail.result

Boolean

Enables logging result parts. Applies only if GraphQL responses are logged as well (ataccama.one.mmm.api.logging.response=true).

ataccama.one.mmm.api.logging.responseDetail.stacktrace

Boolean

Enables logging the stack trace if an exception is thrown. Applies only if GraphQL responses are logged as well (ataccama.one.mmm.api.logging.response=true).

ataccama.one.mmm.api.logging.sensitive-pattern

String

A regular expression pattern used for masking sensitive information in MMM logs related to GraphQL. When there is a match, that field is redacted from the GraphQL request or response.

ataccama.one.mmm.graphql.metrics.response.enabled

Boolean

If set to true, metrics are calculated per GraphQL request.

Default value: false.

ataccama.one.mmm.graphql.metrics.response.with-annotation

Boolean

If set to true, collecting metrics is required for GraphQL annotation.

Default value: true.

ataccama.one.mmm.graphql.metrics.response.field-level

String

Determines whether fields are measured. Can be overridden in GraphQL annotation unless it is disabled. Possible values: enabled (all fields are measured), disabled (fields are not measured).

Default value: disabled.

ataccama.one.mmm.graphql.metrics.actuator

Boolean

If set to true, the GraphQL Prometheus metric is exposed to the actuator.

Default value: true.

User Provider plugin

Property Data type Description

Property	Data type	Description
`plugin.user-provider.ataccama.one.user-synchronization-schedule`	String	A cron expression used to schedule user synchronization between Keycloak and MMM. Disabled by default (`-`). Cron expressions in Spring format use six space-separated fields representing the following: second, minute, hour, day of the month, month, and day of the week. For example, to run the synchronization every day at midnight, set the property to `0 0 0 ? * *`. For more information, see CronExpression documentation. Default value: `-`.
`plugin.user-provider.ataccama.one.repeated-user-synchronization-timeout`	String	Configures the minimum period of time between two user synchronization attempts. If user synchronization is invoked immediately after the previous synchronization, the second invocation is skipped as it is considered unnecessary. Default value: `2m`. For a full list of accepted units, see Duration units.
`plugin.user-provider.ataccama.one.user-synchronization-enabled-on-startup`	Boolean	Enables user synchronization with the identity provider (IDP) on application startup. Default value: `true`.
`plugin.user-provider.ataccama.one.synchronization-unique-key`	String	Defines how user synchronization is handled after migrating from one instance of Keycloak to another. By default, users are synchronized by the Keycloak identifier. However, new identifiers are assigned after migration. The following options are available for merging users: `PERSON_UNIQUE_USERNAME`: Users are merged if their usernames match. `PERSON_UNIQUE_EMAIL`: Users are merged if their emails match. `PERSON_UNIQUE_USER_ID`: Users are merged if their Keycloak identifiers match. Default value: `PERSON_UNIQUE_USER_ID`.

plugin.user-provider.ataccama.one.user-synchronization-schedule

String

A cron expression used to schedule user synchronization between Keycloak and MMM. Disabled by default (-).

Cron expressions in Spring format use six space-separated fields representing the following: second, minute, hour, day of the month, month, and day of the week. For example, to run the synchronization every day at midnight, set the property to 0 0 0 ? * *. For more information, see CronExpression documentation.

Default value: -.

plugin.user-provider.ataccama.one.repeated-user-synchronization-timeout

String

Configures the minimum period of time between two user synchronization attempts. If user synchronization is invoked immediately after the previous synchronization, the second invocation is skipped as it is considered unnecessary.

Default value: 2m. For a full list of accepted units, see Duration units.

plugin.user-provider.ataccama.one.user-synchronization-enabled-on-startup

Boolean

Enables user synchronization with the identity provider (IDP) on application startup.

Default value: true.

plugin.user-provider.ataccama.one.synchronization-unique-key

String

Defines how user synchronization is handled after migrating from one instance of Keycloak to another. By default, users are synchronized by the Keycloak identifier. However, new identifiers are assigned after migration.

The following options are available for merging users:

PERSON_UNIQUE_USERNAME: Users are merged if their usernames match.
PERSON_UNIQUE_EMAIL: Users are merged if their emails match.
PERSON_UNIQUE_USER_ID: Users are merged if their Keycloak identifiers match.

Default value: PERSON_UNIQUE_USER_ID.

Flow events

The following properties configure how many flow events can be processed simultaneously. Flow events are events that are used internally in documentation flows and monitoring projects (for example, they are raised when profiling is finished).

Property Data type Description

Property	Data type	Description
`plugin.flow.ataccama.one.async.pool.size.core`	Number	The initial number of threads in the flow event handler thread pool. Default value: `2`.
`plugin.flow.ataccama.one.async.pool.size.max`	Number	The maximum number of threads in the flow event handler thread pool. New threads are spawned only when the queue size exceeds its capacity. Default value: `5`.
`plugin.flow.ataccama.one.async.queue.capacity`	Number	The number of tasks that the flow event handler thread pool queue can contain. New threads are added only if the queue size is greater than this threshold. If no new threads can be created, the event handler can be rejected. Default value: `Integer.MAX_VALUE`.

plugin.flow.ataccama.one.async.pool.size.core

Number

The initial number of threads in the flow event handler thread pool.

Default value: 2.

plugin.flow.ataccama.one.async.pool.size.max

Number

The maximum number of threads in the flow event handler thread pool. New threads are spawned only when the queue size exceeds its capacity.

Default value: 5.

plugin.flow.ataccama.one.async.queue.capacity

Number

The number of tasks that the flow event handler thread pool queue can contain. New threads are added only if the queue size is greater than this threshold. If no new threads can be created, the event handler can be rejected.

Default value: Integer.MAX_VALUE.

External events

Property Data type Description

Property	Data type	Description
`plugin.external-events.ataccama.one.externalevents.worker-pool-size`	Number	The number of threads used for processing external events. Default value: `4`.
`plugin.external-events.ataccama.one.externalevents.cleanup-interval`	String	Configures how often old subscriptions are checked for and deleted. Default value: `10m`. For a full list of accepted units, see Duration units.
`plugin.external-events.ataccama.one.externalevents.subscribers-retention-period`	String	Defines for how long offline subscriptions are retained. The longer the period, the more historical events are stored, which allows clients to occasionally reconnect. On the other hand, retaining a large number of one-time subscriptions that have not been fully unsubscribed increases the amount of data kept in the internal database. Default value: `72h`. For a full list of accepted units, see Duration units.
`plugin.external-events.ataccama.one.externalevents.subscriber-count-limit`	Number	The maximum number of subscribers that can be registered simultaneously. When the limit has been reached, new subscriptions are automatically rejected. Default value: `1000`.
`plugin.external-events.ataccama.one.externalevents.subscriber-message-count-limit`	Number	The number of events that can be stored for each subscriber. Once the limit is reached, the oldest events are discarded. Default value: `1000000`.

plugin.external-events.ataccama.one.externalevents.worker-pool-size

Number

The number of threads used for processing external events.

Default value: 4.

plugin.external-events.ataccama.one.externalevents.cleanup-interval

String

Configures how often old subscriptions are checked for and deleted.

Default value: 10m. For a full list of accepted units, see Duration units.

plugin.external-events.ataccama.one.externalevents.subscribers-retention-period

String

Defines for how long offline subscriptions are retained.

The longer the period, the more historical events are stored, which allows clients to occasionally reconnect. On the other hand, retaining a large number of one-time subscriptions that have not been fully unsubscribed increases the amount of data kept in the internal database.

Default value: 72h. For a full list of accepted units, see Duration units.

plugin.external-events.ataccama.one.externalevents.subscriber-count-limit

Number

The maximum number of subscribers that can be registered simultaneously. When the limit has been reached, new subscriptions are automatically rejected.

Default value: 1000.

plugin.external-events.ataccama.one.externalevents.subscriber-message-count-limit

Number

The number of events that can be stored for each subscriber. Once the limit is reached, the oldest events are discarded.

Default value: 1000000.

Scheduler

Property Data type Description

Property	Data type	Description
`plugin.scheduler.ataccama.one.async.pool.size.core`	Number	The initial number of threads in the scheduler thread pool. Default value: `5`.
`plugin.scheduler.ataccama.one.async.pool.size.max`	Number	The maximum number of threads in the scheduler thread pool. New threads are spawned only when the queue size exceeds its capacity. Default value: `10`.
`plugin.scheduler.ataccama.one.async.queue.capacity`	Number	The number of tasks that the executor queue can contain. New threads are added only if the queue size is greater than this threshold. If no new threads can be created, jobs can be rejected. Default value: `10`.

plugin.scheduler.ataccama.one.async.pool.size.core

Number

The initial number of threads in the scheduler thread pool.

Default value: 5.

plugin.scheduler.ataccama.one.async.pool.size.max

Number

The maximum number of threads in the scheduler thread pool. New threads are spawned only when the queue size exceeds its capacity.

Default value: 10.

plugin.scheduler.ataccama.one.async.queue.capacity

Number

The number of tasks that the executor queue can contain. New threads are added only if the queue size is greater than this threshold. If no new threads can be created, jobs can be rejected.

Default value: 10.

Components

Property Data type Description

Property	Data type	Description
`plugin.components.dqc.version`	String	The version of components that MMM generates for ONE Desktop. Used in component rules, virtual catalog items, monitoring and post-processing plans. Default value: `13.0.0.devel`.

plugin.components.dqc.version

String

The version of components that MMM generates for ONE Desktop. Used in component rules, virtual catalog items, monitoring and post-processing plans.

Default value: 13.0.0.devel.

Audit

Property Data type Description

Property	Data type	Description
`ataccama.audit.enabled`	Boolean	Enables auditing.
`ataccama.audit.spring.datasource.jdbcUrl`	String	A JDBC connection string pointing to the database where audit logs are stored. Default value: `jdbc:postgresql://localhost:5432/audit`.
`ataccama.audit.spring.datasource.username`	String	The username for the audit database. Default value: `one`.
`ataccama.audit.spring.datasource.password`	String	The password for the audit database. Default value: `one`.

ataccama.audit.enabled

Boolean

Enables auditing.

ataccama.audit.spring.datasource.jdbcUrl

String

A JDBC connection string pointing to the database where audit logs are stored.

Default value: jdbc:postgresql://localhost:5432/audit.

ataccama.audit.spring.datasource.username

String

The username for the audit database.

Default value: one.

ataccama.audit.spring.datasource.password

String

The password for the audit database.

Default value: one.

SMTP server

Property Data type Description

plugin.email.spring.mail.host

String

The URL or the hostname where the SMTP server is running.

Default value: localhost.

plugin.email.spring.mail.port

Number

The port where the SMTP server is running.

Default value: 5025.

plugin.email.spring.mail.username

String

The username for the SMTP server.

Default value: smtp-user.

plugin.email.spring.mail.password

String

The password for the SMTP server.

Default value: smtp-pass.

plugin.email.spring.mail.properties.mail.smtp.auth

Boolean

Enables authentication on the SMTP server.

Default value: false.

plugin.email.spring.mail.properties.mail.smtp.starttls.enable

Boolean

Enables TLS authentication on the SMTP server.

Default value: false.

plugin.email.ataccama.one.address

String

The sender address.

Default value: noreply@ataccama.com.

plugin.email.ataccama.one.base.url

String

The base URL for generating links in emails.

Default value: http://localhost:8020.

The default is environment-specific. Make sure to edit the value for production settings.

plugin.email.ataccama.enabled

Boolean

Must be set to true to enable email notifications.

Default value: false.

Anomaly Detector

Property Data type Description

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.anomaly-detector.host

String

The IP address or the hostname of the server where the Anomaly Detector microservice is running.

Default value: localhost.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.anomaly-detector.port

Number

The number of the gRPC port where the Anomaly Detector microservice is running.

Default value: 8547.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.anomaly-detector.execution-interval

String

Defines how often the Anomaly Detection plugin checks the queue for new anomaly detection jobs.

We do not recommend modifying this property.

Default value: 3s. For a full list of accepted units, see Duration units.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.anomaly-detector.request-timeout

String

Configures after which amount of time a request sent to the Anomaly Detector expires.

Default value: 3s. For a full list of accepted units, see Duration units.

plugin.anomaly-detection.ataccama.one.anomaly-detection.metrics.enabled

Boolean

Enables collecting metrics on Anomaly Detection.

Default value: true.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.async.pool.size.max

Number

The maximum number of threads that can be used for storing anomaly detection results.

Default value: 5.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.async.pool.size.core

Number

The minimum number of threads that need to be kept alive at all times. These threads are dedicated only to storing anomaly detection results.

Default value: 2.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.scheduled.pool.size

Number

The number of threads used for scheduled processing of anomaly detection queues.

Default value: 3.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.history-size-limit

Number

The maximum number of profiles on which anomaly detection can run.

Default value: 100.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.history-size-min.size

Number

The minimum number of profiles on which anomaly detection is run. In case the total number of available profiles is lower than or equal to this value, anomaly detection is skipped.

Default value: 2.

plugin.anomaly-detection.ataccama.one.aicore.anomaly-detection.response-wait-timeout

String

Defines for how long the plugin waits for the response streams from the Anomaly Detector to finish before the job fails.

Default value: 40s. For a full list of accepted units, see Duration units.

Term Suggestions

Property Data type Description

Property	Data type	Description
`plugin.term-suggestions.ataccama.one.term-suggestions.enabled`	Boolean	If set to `true`, Term Suggestions are enabled. Default value: `true`.
`ataccama.client.connection.term-suggestions.host`	String	The IP address or the hostname of the server where the Term Suggestions microservices are running. Default value: `localhost`.
`ataccama.client.connection.term-suggestions.grpc.port`	Number	The number of the gRPC port where the Term Suggestions microservices are running. Default value: `8544`.

plugin.term-suggestions.ataccama.one.term-suggestions.enabled

Boolean

If set to true, Term Suggestions are enabled.

Default value: true.

ataccama.client.connection.term-suggestions.host

String

The IP address or the hostname of the server where the Term Suggestions microservices are running.

Default value: localhost.

ataccama.client.connection.term-suggestions.grpc.port

Number

The number of the gRPC port where the Term Suggestions microservices are running.

Default value: 8544.

Accepted units

Duration

Accepted units for time duration are as follows:

ns (nanoseconds)
us (microseconds)
ms (milliseconds)
s (seconds)
m (minutes)
h (hours)
d (days)

Size

Accepted units for file or message size are as follows:

B (bytes)
KB (kilobytes)
MB (megabytes)
GB (gigabytes)
TB (terabytes)

Was this page useful?