User Community Service Desk Downloads
If you can't find the product or version you're looking for, visit support.ataccama.com/downloads

RDM Application Properties

This article is intended to serve as a reference point for RDM configuration. As such, it provides an overview of the available properties and, when applicable, refers users to more comprehensive sources. The properties described here are defined in the rdm/etc/application.properties file.

For each property, you will find information about the required data type, its default value, and a short description. The Mandatory column specifies whether a property is required for the application to run and function as expected.

RDM properties

Use the following properties to configure server settings for RDM, specify the type of the repository, and the path to the license.

Name Data type Default value Mandatory Description

server.port

Number

8060

Yes

The number of the port where the RDM application is running.

server.servlet.context-path

String

/

Yes

The context path to the RDM application server. It is root by default.

ataccama.one.rdm.id

String

rdm

No

The RDM application ID. If not set, canonical_hostname:context_path is used.

ataccama.one.rdm.repository

String

database

Yes

The type of RDM repository. If set to database, the configuration set in the database is used.

ataccama.one.rdm.application.url

String

localhost:8060

Yes

The URL of the RDM application.

The value should not contain the HTTP protocol as it is often reused in some other properties.

ataccama.one.rdm.license-folder

String

/home/user.name/

Yes

The path to the folder that contains the license. By default, the application searches for the license in the home directory of the user.

ataccama.one.rdm.server.url

String

http://localhost:8061

Yes

The URL of the RDM (runtime) server.

ataccama.one.rdm.environment

String

""

No

The name of the environment used (available values are dev, prod). Can be used as a variable in email templates.

ataccama.one.rdm.max.config.file.size.kb

Number

1000

No

The maximum size of the project configuration file that can be imported to RDM. Expressed in kilobytes.

ataccama.one.rdm.features.environment.reset.enabled

Boolean

false

No

If set to true, the Reset RDM option is available in RDM Admin Console. This option allows users with an admin role to control how the environment is reset.

If selected, the configuration and the available data are deleted and the application is restarted in the default state (that is, without any data or configuration). As such, it is particularly useful for Custom Cloud non-production environments.

RDM data connection

Use the following properties to configure the connection to the RDM storage database. See Encrypt Passwords for information about how to encrypt passwords.

Name Data type Default value Mandatory Description

ataccama.one.rdm.datasource.rdm-data.url

String

/

Yes

The URL of the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.jdbcUrl

String

/

Yes

The JDBC URL of the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.username

String

/

Yes

The username for the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.password

String

/

Yes

The password for the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.driverClassName

String

/

Yes

The driver class name for the RDM storage database.

ataccama.one.rdm.datasource.rdm-data.continue-on-error

Boolean

true

No

When set to true, if the initial attempt to connect to the database fails, repeated attempts are made until connection is established.

ataccama.one.rdm.datasource.rdm-data.waiting.timeout

String

120s

No

Timeout for database connection attempts in seconds.

ataccama.one.rdm.datasource.rdm-data.waiting.interval

String

10s

No

Interval between connection attempts in seconds.

Optimize PostgreSQL database performance

To optimize the performance of the PostgreSQL database and improve the speed at which RDM is able to import tables, apply the following settings to your PostgreSQL instance:

ALTER DATABASE rdm SET work_mem = '50MB';
ALTER DATABASE rdm SET enable_nestloop to 'off';
ALTER DATABASE rdm SET maintenance_work_mem to '500MB';

This applies to self-managed deployments. No action is required for cloud environments.

RDM metadata connection

The following properties configure the connection to the database where RDM metadata is stored. See Encrypt Passwords for information about how to encrypt passwords.

Name Data type Default value Mandatory Description

ataccama.one.rdm.datasource.rdm-repo.url

String

/

Yes

The URL of the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.jdbcUrl

String

/

Yes

The JDBC URL of the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.username

String

/

Yes

The username for the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.password

String

/

Yes

The password for the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.driverClassName

String

/

Yes

The driver class name for the RDM metadata database.

ataccama.one.rdm.datasource.rdm-repo.continue-on-error

Boolean

true

No

When set to true, if the initial attempt to connect to the database fails, repeated attempts are made until connection is established.

ataccama.one.rdm.datasource.rdm-repo.waiting.timeout

String

120s

No

Timeout for database connection attempts in seconds.

ataccama.one.rdm.datasource.rdm-repo.waiting.interval

String

10s

No

Interval between connection attempts in seconds.

Keycloak

The following properties configure Keycloak. See Encrypt Passwords for information about how to encrypt passwords.

Name Data type Default value Mandatory Description

ataccama.authentication.keycloak.server-url

String

http://localhost:8080/auth

Yes

The URL of the server where Keycloak is running.

ataccama.authentication.keycloak.realm

String

ataccamaone

Yes

The name of the Keycloak realm.

ataccama.authentication.keycloak.admin.client-id

String

/

Yes

The client identifier used to verify the admin user’s authorization token.

ataccama.authentication.keycloak.admin.secret

String

/

Yes

The secret key of the client identifier for the admin account. Secret keys can be generated using Keycloak. Used by BASIC and SECRET_JWT strategies.

ataccama.authentication.keycloak.token.client-id

String

/

Yes

The client identifier. Used to verify a user’s authorization token and to log in a user.

ataccama.authentication.keycloak.token.secret

String

/

Yes

The secret key of the client. Secret keys can be generated using Keycloak. Used for BASIC and SECRET_JWT strategies.

ataccama.authentication.keycloak.token.issuer

String

/

Yes

Specifies the issuer of the JWT token. Typically, Keycloak uses the URL of the realm as the token issuer.

ataccama.authentication.keycloak.public.client-id

String

/

Yes

Keycloak public client ID for web application browsing.

ataccama.client.connection.keycloak.http.enabled

Boolean

true

Yes

Specifies whether the HTTP protocol is being used with Keycloak.

ataccama.client.connection.keycloak.http.tls.enabled

Boolean

false

Yes

Specifies whether the TLS protocol is being used with Keycloak.

ataccama.one.rdm.user-synchronization-schedule

String

/

No

The schedule for automatic synchronization of user or role mapping with Keycloak. The value is a Cron expression that consists of six fields representing, in this order, second, minute, hour, day, month, weekday. For more information, see the official Spring documentation.

SSL

Use these properties to set up SSL.

Name Data type Default value Mandatory Description

server.ssl.enabled

Boolean

true

No

Enables SSL.

server.ssl.key-store

String

/

No

The full path to the keystore.

server.ssl.key-store-password

String

/

No

The password for decrypting the keystore. Used if the keystore is encrypted (recommended).

server.ssl.key-password

String

/

No

The password for the private key. Used if the private key is encrypted.

server.ssl.trust-store

String

/

No

The full path to the truststore.

server.ssl.trust-store-password

String

/

No

The password for the trusstore. Used if the truststore is encrypted.

The following properties specify the links to other applications.

Name Data type Default value Mandatory Description

ataccama.one.rdm.mdm.link

String

http://localhost:8051/

No

The URL for the MDM link.

ataccama.one.rdm.catalog.link

String

http://localhost:8020

No

The URL for the link to the catalog (MMM) application.

Logging

The following properties configure logging. Logging levels can also be set via LOG_PATH.

Name Data type Default value Mandatory Description

ataccama.logging.plainTextConsoleAppender

Boolean

true

No

If set to true, logs are outputted as plain text in the console.

ataccama.logging.jsonConsoleAppender

Boolean

false

No

If set to true, logs are outputted in JSON format in the console.

ataccama.logging.plainTextFileAppender

Boolean

false

No

If set to true, logs are outputted as plain text in the log file.

ataccama.logging.jsonFileAppender

Boolean

true

No

If set to true, logs are outputted in JSON format in the log file.

logging.file.path

String

${ataccama.path.root}/log

No

The location of the log folder. This value can be updated using the system property LOG_PATH, which can be used for further logging configuration.

logging.level.root

String

INFO

No

The root logging level. Available values are INFO, WARN, ERROR, DEBUG, OFF.

logging.level.com.ataccama

String

INFO

No

The logging level for`com.ataccama` packages. Available values are INFO, WARN, ERROR, DEBUG.

logging.level.com.ataccama.rdm

String

INFO

No

The logging level for RDM packages. Available values are INFO, WARN, ERROR, DEBUG.

Endpoints for monitoring

The following properties configure endpoints for monitoring. For more information, see Monitoring Configuration.

Name Data type Default value Mandatory Description

management.endpoints.enabled-by-default

Boolean

false

No

Enables all actuator endpoints. If set to false, it is possible to configure individually which endpoints should be enabled.

management.endpoint.info.enabled

Boolean

true

No

Enables /info monitoring endpoint.

management.endpoint.health.enabled

Boolean

true

No

Enables /health monitoring endpoint.

management.endpoint.prometheus.enabled

Boolean

true

No

Enables /prometheus monitoring endpoint.

management.endpoints.web.exposure.include

String

health,info,prometheus

No

A comma-separated list of exposed actuator endpoints that should provide information about the application.

These endpoints track the following:

  • health - The health status of the application.

  • info - Other information about the application.

  • prometheus - Provides all metrics from the application in a format that Prometheus can scrape.

management.endpoint.health.show-details

String

always

No

Specifies how much information is provided by the health monitoring endpoint. The following values are available:

  • never - Health details are never displayed to any user.

  • when-authorized - Only authorized users have access to health information.

  • always - All users can see health details.

management.endpoint.health.show-components

String

always

No

Specifies how much detail the health monitoring endpoint provides about the application components. You can also define which components are shown. The following values are available:

  • never - Component information is never displayed to any user.

  • when-authorized - Only authorized users have access to information about components.

  • always - All users can see component details.

management.endpoint.health.status.order

String

down,out-of-service,reloading,unknown,up

No

A comma-separated list that determines how the /health monitoring endpoint prioritizes application health statuses.

management.info.git.mode

String

full

No

Configures how much information the /info monitoring endpoint retrieves from Git about the application source code repository. To show all available information from the git.properties file, set the value to full. To display only basic information, such as the name of the branch, the commit identifier, and the time the commit was made, set the value to simple.

management.endpoint.health.probes.enabled

Boolean

true

No

Enables /health/liveness and /health/readiness endpoints.

management.endpoint.health.group.liveness.include

String

diskSpace,ping

No

Defines which components are covered by the liveness probe. These components are a subset of /health components.

management.endpoint.health.group.readiness.include

String

db

No

Defines which components are covered by the readiness probe. These components are a subset of /health components.

ataccama.authentication.http.acl.endpoints.prometheus.endpoint-filter

String

/actuator/prometheus

No

Enables ACL-based authentication on the selected endpoint. The same filter can be enabled on other endpoints.

ataccama.authentication.http.acl.endpoints.prometheus.allowed-roles

String

ONE_PLATFORM_MONITORING

No

Allows access to the endpoint defined in the endpoint-filter property for the selected user roles.

management.metrics.web.server.auto-time-requests

Boolean

false

No

Enables the timing metrics to all Spring endpoints.

Static configuration

Use the following properties to set static configuration.

Name Data type Default value Mandatory Description

ataccama.one.rdm.static-config.username-case-insensitive

Boolean

false

Yes

If set to true, the username is case insensitive.

ataccama.one.rdm.static-config.start-empty

Boolean

false

Yes

If set to true, RDM starts with the default empty configuration. Otherwise, it waits for the user to upload a configuration.

ataccama.one.rdm.static-config.io-mnrefs-strategy

Boolean

DEFAULT

No

Persistence strategy for storing MN reference values. The following values are available:

  • DEFAULT (backward compatible and recommended) - Uses full quoting of MN reference values when storing values to the database.

  • SIMPLE - Uses simplified quoting of the values when possible (for single-key MN reference relationships). This mode is not recommended unless it is required for a specific integration.

Once the value is set, it cannot be changed otherwise the MN reference data would have to be reprocessed.

ataccama.one.rdm.app-login-role

String

RDM

Yes

The name of role that is required to successfully log in to RDM. When not defined, any user can access the application. In such a case a warning is reported to the backend log. If the defined role does not exist in Keycloak, an error is reported to the log and no user can log in to the application.

ataccama.one.rdm.group-regex-filter

String

RDM.*

Yes

Prefix for additional RDM roles with app-login-role. The roles are visible on the Permissions tab.

ataccama.one.rdm.user-regex-filter

String

(^(?!service-account-).*|service-account-.*rdm.*

No

Filters RDM service accounts so that technical users not related to RDM are hidden in the web app. If a username matches this regular expression, it is loaded to RDM and shown on the Permissions tab.

If set to "" (empty string), all users are shown.

ataccama.one.rdm.system-group-name

String

RDM_admin

Yes

The system group name for RDM. Users with this role can perform system-related operations and have higher privileges than regular users (for example, they can see all tables).

ataccama.one.rdm.permissions-group-name

String

""

No

The name of the role with access to the Permissions tab in RDM. When empty, the system-group-name role is used to determine access to the permissions.

spring.datasource.maxActive

Number

20

No

The maximum number of active connections that can be allocated from the datasource pool at the same time.

spring.datasource.maxIdle

Number

10

No

The maximum number of connections that should be kept in the pool at all times. Idle connections are checked periodically (if enabled) and connections that have been idle for longer than minEvictableIdleTimeMillis will be released.

spring.datasource.maxWait

Number

-1

No

The maximum time interval that the pool waits (when there are no available connections) for a connection to be returned before throwing an exception. Expressed in ms. If set to -1, the waiting time is not limited.

Mail settings

The following properties configure mail settings. If workflows are used in the project, these properties are mandatory.

Name Data type Default value Mandatory Description

spring.mail.host

String

/

No

The hostname of the mail server.

spring.mail.port

Number

/

No

The number of the the mail server port.

spring.mail.username

String

/

No

The username used to authenticate to the mail server.

spring.mail.password

String

/

No

The password used to authenticate to the mail server.

spring.mail.default-encoding

String

/

No

The default encoding of the emails.

spring.mail.properties.mail.transport.protocol

String

/

No

Specifies the protocol used to send emails.

spring.mail.properties.mail.smtp.port

Number

/

No

The number of the SMTP port.

spring.mail.properties.mail.smtp.auth

Boolean

/

No

Enables the SMTP authentication.

spring.mail.properties.mail.smtp.starttls.enable

Boolean

/

No

Enables STARTTLS for SMTP.

spring.mail.properties.mail.smtp.starttls.required

String

/

No

Specifies whether the STARTTLS is required for SMTP.

Client security headers

You can configure RDM Webapp security by adding response headers (security headers) to HTTP responses from the web application.

Name Data type Default value Mandatory Description

one.security.header.content-security-policy.connect-src

String

self' ${ataccama.authentication.keycloak.server-url}

No

Specifies allowed connections. We strongly recommend using the default value.

one.security.header.content-security-policy.script-src

String

self' 'unsafe-eval' 'sha256-XI/joSm13E0tRqSDZUO5DZQUbuNxa2lnkOORub88i8U=' 'sha256-7qt6iyJjmGKP6A18nPa5hTNifcr+JTAgPsN9Qpn+QgM='

No

Specifies allowed script sources. We strongly recommend using the default value.

one.security.header.content-security-policy.img-src

String

self' data:

No

Specifies allowed image sources. We strongly recommend using the default value.

internal.encryption.keystore

String

/

No

The path to the internal keystore.

internal.encryption.keystore.password

String

/

No

The password for the internal keystore.

internal.encryption.keystore.passwordFile

String

/

No

The path to the password file for the internal keystore.

properties.encryption.keystore

String

/

No

The path to the properties keystore.

properties.encryption.keystore.password

String

/

No

The password for the properties keystore.

properties.encryption.keystore.passwordFile

String

/

No

The path to the password file for the properties keystore.

one.security.header.X-Frame-Options

String

deny

No

Protects against clickjacking. If set to deny, iframes are disabled.

one.security.header.X-Permitted-Cross-Domain-Policies

String

none

No

Specifies if cross-domain requests from Flash and PDF documents are allowed.

one.security.header.Referrer-Policy:

String

strict-origin

No

Defines how much referrer information (sent with the Referer header) should be included with requests. If set to strict-origin, only the origin is sent.

one.security.header.X-XSS-Protection

String

1; mode=block

No

Protects against cross-site scripting attacks. If set to block, the page does not load when an attack is detected.

one.security.header.X-Content-Type-Options

String

nosniff

No

Protects against MIME sniffing.

Retry for Keycloak connection to RDM

If the initial connection to Keycloak fails, the RDM webapp can try to connect repeatedly before startup.

Name Data type Default value Mandatory Description

ataccama.one.rdm.retry.keycloak.max-attempts

Number

999999999

No

Maximal number of connection attempts.

ataccama.one.rdm.retry.keycloak.wait-duration

String

10s

No

Interval between attempts in seconds.

Rate limiter

For more details, see Rate Limiter.

Name Data type Default value Mandatory Description

resilience4j.ratelimiter.instances.apiRateLimit.limit-for-period

Number

5

No

The maximum allowed number of operations within a defined time period. For example, if you set the value to 10, a user can perform a maximum of 10 operations within the time period specified by the limit-refresh-period property.

resilience4j.ratelimiter.instances.apiRateLimit.limit-refresh-period

String

5s

No

The time period after which the limit for the number of operations is refreshed. For example, if you set the value to 1s, the limit for the number of operations is refreshed every second.

resilience4j.ratelimiter.instances.apiRateLimit.timeout-duration

String

5s

No

Specifies how long to wait for a request to be processed before it’s considered a failure. If this period elapses, the request is considered unsuccessful.

Was this page useful?