Properties files and default values

The InfoSphere® MDM Reference Data Management Hub properties files instruct the system on how to apply security and other functions. The values that are listed are the default values for each file.

userRoles.properties

The userRoles.properties file contains the roles to be used and the high-level functions available for the role. The UserRoles = line defines the roles. The subsequent lines with the format role_name = function_name determine the user interface tabs to which the role grants access.

#-------------------------------------------------------------------------------
# OCO Source Materials
# 5747-SM3 
# © Copyright IBM Corp. 2011
# The source code for this program is not published or otherwise divested of its 
trade secrets, irrespective of what has been deposited with the U.S. Copyright 
Office.
#-------------------------------------------------------------------------------
UserRoles = Administrator, Data Steward, Data Integrator, *, Approver, Approver2,
 Custom

Administrator = MANAGED_SYSTEMS,DATA_TYPES
Approver = SETS,MAPPINGS
Approver2 = SETS,MAPPINGS
Data_Integrator = SETS,MANAGED_SYSTEMS
Data_Steward = SETS,MAPPINGS
Custom = CUSTOM_PAGE

acl.properties

The acl.properties file defines the permissions that are available in InfoSphere MDM Reference Data Management Hub for the different roles. There is a line for each type of entity and role combination that starts with <entity>_<role>. Each line lists permissions in the form <state>:<action> where state is the lifecycle state of the entity and action is the Create, Update, Delete, or lifecycle action. Actions are defined for each lifecycle state machine, and allow transition between states.

#-------------------------------------------------------------------------------
# IBM Confidential
# OCO Source Materials
# 5747-SM3 
# © Copyright IBM Corp. 2011
# The source code for this program is not published or otherwise di-vested of its 
trade secrets, irrespective of what has been deposited with the U.S. Copyright 
Office.
#-------------------------------------------------------------------------------
###Properties to check actions that can be performed on Entities based on the 
State that they are in ###

## Role = State:Action ##
RDValueSet_Data_Integrator = *:Create, Draft:Update , Rejected:Update , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Rejected:Re_work , 
Draft_-_2:Request_Approval
RDValueSet_Administrator = *:Create , Draft:Update , Draft:Delete , 
Pending_Approval:Update , Rejected:Update , Retired:Delete , Dropped:Delete , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Pending_Approval:Approve , 
Pending_Approval:Reject , Approved:Retire , Rejected:Re_work , Rejected:Drop , 
Retired:Drop , Draft_-_2:Request_Approval , Approved_-_2:Drop
RDValueSet_Approver = Draft:Update , Pending_Approval:Update , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Pending_Approval:Approve , 
Pending_Approval:Reject , Rejected:Re_work , Draft_-_2:Request_Approval , 
Approved_-_2:Drop , Pending_First_Approval:Approve , 
Pending_First_Approval:Reject
RDValueSet_Approver2 = Draft:Update , Pending_Approval:Update , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Pending_Approval:Approve , 
Pending_Approval:Reject , Rejected:Re_work , Draft_-_2:Request_Approval , 
Approved_-_2:Drop , Pending_Second_Approval:Approve , 
Pending_Second_Approval:Reject
RDValueSet_Data_Steward = *:Create , Draft:Update , Draft:Delete , 
Rejected:Update , Retired:Delete , Dropped:Delete , Active_Editable:Delete , 
Active_Editable:Update , Draft_-_2:Update , Draft_-_2:Delete , 
Draft:Request_Approval , Rejected:Re_work , Draft_-_2:Request_Approval , 
Approved_-_2:Drop
RDValueSet_All = *:Create , Draft:Update , Draft:Delete , 
Pending_Approval:Update , Rejected:Update , Retired:Delete , Dropped:Delete , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Pending_Approval:Approve , 
Pending_Approval:Reject , Approved:Retire , Rejected:Re_work , Rejected:Drop , 
Retired:Drop , Draft_-_2:Request_Approval , Approved_-_2:Drop

## Policy for Set Relationships
RDValueSetRelationship_Data_Integrator = Draft:Update , Rejected:Update , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Rejected:Re_work , Draft_-_2:Request_Approval
RDValueSetRelationship_Administrator = *:Create , Draft:Update , Draft:Delete , 
Pending_Approval:Update , Rejected:Update , Retired:Delete , Dropped:Delete , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Pending_Approval:Approve , 
Pending_Approval:Reject , Approved:Retire , Rejected:Re_work , Rejected:Drop , 
Retired:Drop , Draft_-_2:Request_Approval , Approved_-_2:Drop
RDValueSetRelationship_Approver = Draft:Update , Pending_Approval:Update , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Pending_Approval:Approve , 
Pending_Approval:Reject , Rejected:Re_work , Draft_-_2:Request_Approval , 
Approved_-_2:Drop , Pending_First_Approval:Approve , 
Pending_First_Approval:Reject
RDValueSetRelationship_Approver2 = Draft:Update , Pending_Approval:Update , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Pending_Approval:Approve , 
Pending_Approval:Reject , Rejected:Re_work , Draft_-_2:Request_Approval , 
Approved_-_2:Drop , Pending_Second_Approval:Approve , 
Pending_Second_Approval:Reject
RDValueSetRelationship_Data_Steward = *:Create , Draft:Update , Draft:Delete , 
Rejected:Update , Retired:Delete , Dropped:Delete , Active_Editable:Delete , 
Active_Editable:Update , Draft_-_2:Update , Draft_-_2:Delete , 
Draft:Request_Approval , Rejected:Re_work , Draft_-_2:Request_Approval , 
Approved_-_2:Drop
RDValueSetRelationship_All = *:Create , Draft:Update , Draft:Delete , 
Pending_Approval:Update , Rejected:Update , Retired:Delete , Dropped:Delete , 
Active_Editable:Delete , Active_Editable:Update , Draft_-_2:Update , 
Draft_-_2:Delete , Draft:Request_Approval , Pending_Approval:Approve , 
Pending_Approval:Reject , Approved:Retire , Rejected:Re_work , Rejected:Drop , 
Retired:Drop , Draft_-_2:Request_Approval , Approved_-_2:Drop

## Policy for Information Source
RDInformationSource_Data_Integrator = *:Create , *:Update , *:Delete
RDInformationSource_Administrator = *:Create , *:Update , *:Delete
RDInformationSource_Approver = *:Create , *:Update , *:Delete
RDInformationSource_Approver2 = *:Create , *:Update , *:Delete
RDInformationSource_Data_Steward = *:Create , *:Update , *:Delete
RDInformationSource_All = *:Create , *:Update , *:Delete

## Policy for Data Type
RDValueType_Data_Integrator = *:Create , *:Update , *:Delete
RDValueType_Administrator = *:Create , *:Update , *:Delete
RDValueType_Approver = *:Create , *:Update , *:Delete
RDValueType_Approver2 = *:Create , *:Update , *:Delete
RDValueType_Data_Steward = *:Create , *:Update , *:Delete
RDValueType_All = *:Create , *:Update , *:Delete

client.properties

The client.properties file contains the connection information for the InfoSphere MDM Reference Data Management Hub console to communicate with the hub component. If your server is deployed on a port other than 9080, you must update this properties file with the correct port information.

#-------------------------------------------------------------------------------
# IBM Confidential
# OCO Source Materials
# 5747-SM3 
# © Copyright IBM Corp. 2011
# The source code for this program is not published or otherwise di-vested of its 
trade secrets, irrespective of what has been deposited with the U.S. Copyright 
Office.
#-------------------------------------------------------------------------------
# The following source code ("Code") may only be used in accordance with the terms
# and conditions of the license agreement you have with IBM Corporation. The Code 
# is provided to you on an "AS IS" basis, without warranty of any kind.  
# SUBJECT TO ANY STATUTORY WARRANTIES WHICH CAN NOT BE EXCLUDED, IBM MAKES NO 
# WARRANTIES OR CONDITIONS EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED 
# TO, THE IMPLIED WARRANTIES OR CONDITIONS OF MERCHANTABILITY, FITNESS FOR A 
# PARTICULAR PURPOSE, AND NON-INFRINGEMENT, REGARDING THE CODE. IN NO EVENT WILL 
# IBM BE LIABLE TO YOU OR ANY PARTY FOR ANY DIRECT, INDIRECT, SPECIAL OR OTHER 
# CONSEQUENTIAL DAMAGES FOR ANY USE OF THE CODE, INCLUDING, WITHOUT LIMITATION, 
# LOSS OF, OR DAMAGE TO, DATA, OR LOST PROFITS, BUSINESS, REVENUE, GOODWILL, OR 
# ANTICIPATED SAVINGS, EVEN IF IBM HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH 
# DAMAGES. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR LIMITATION OF 
# INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THE ABOVE LIMITATION OR EXCLUSION MAY 
# NOT APPLY TO YOU.
<!-- Begin Business -->
BusinessServiceURL=http://localhost:9080/BusinessServicesWS_HTTPRouter/services/
BusinessPort
<!-- End Business -->
<!-- Begin AdminCodeType -->
AdminCodeTypeServiceURL=http://localhost:9080/DWLAdminServicesWS_HTTPRouter/
services/AdminCodeTypePort
<!-- End AdminCodeType -->
<!-- Begin CodeType -->
CodeTypeServiceURL=http://localhost:9080/DWLCommonServicesWS_HTTPRouter/services/
CodeTypePort
<!-- End CodeType -->
<!-- Begin OperationalCodeType -->
OperationalCodeTypeServiceURL=http://localhost:9080/DWLCommonServicesWS_HTTPRouter/
services/OperationalCodeTypePort
<!-- End OperationalCodeType -->
<!-- Begin RDM -->
RDMServiceURL=http://localhost:9080/RDMWS_HTTPRouter/services/RDMPort
<!-- End RDM -->
<!-- Begin Category -->
CategoryServiceURL=http://localhost:9080/DWLBusinessServicesWS_HTTPRouter/services/
CategoryPort
<!-- End Category -->
<!-- Begin Grouping -->
GroupingServiceURL=http://localhost:9080/DWLBusinessServicesWS_HTTPRouter/services/
GroupingPort
<!-- End Grouping -->
<!-- Begin Hierarchy -->
HierarchyServiceURL=http://localhost:9080/DWLBusinessServicesWS_HTTPRouter/services/
HierarchyPort
<!-- End Hierarchy -->
<!-- Begin Task -->
TaskServiceURL=http://localhost:9080/DWLBusinessServicesWS_HTTPRouter/services/
TaskPort
<!-- End Task -->

# WAS
serverType=WAS

security=None

defaults.properties

The defaults.properties file contains:

  • default values used in the user interface for date and time formats
  • the character that is used in comma-separated values (CSV) files to separate values
  • default start and end dates that are used in sets, mappings, set values, and import or export wizards
#-------------------------------------------------------------------------------
# IBM Confidential
# OCO Source Materials
# 5747-SM3 
# © Copyright IBM Corp. 2011
# The source code for this program is not published or otherwise di-vested of its 
trade secrets, irrespective of what has been deposited with the U.S. Copyright 
Office.
#-------------------------------------------------------------------------------
#
#
# 
# This file can be used to set various application defaults, including effective 
and expiry dates for RDM objects (set, set values, mappings, value mappings, etc).
# Effective date (if set) can be "current", any valid date as per the "dateFormat" 
or left blank. Expiry date can either be left blank or set to any valid date.
# Effective or expiry dates specified in the import file during a mapping or set 
import, shall take precedence over the defaults specified in this property file.
#
#end_date = 9999-12-31
#start_date = 1800-01-01
end_date =
start_date = current
dateFormat = yyyy-MM-dd
timeStampFormat = yyyy-MM-dd'T'HH:mm:ssz
fieldSeparator = ,
MAX_VALUES_PER_REQUEST = 250
ui_warnings_flag = false

groups.properties

The groups.properties file is used to identify when groups defined in WebSphere® or an external LDAP repository should be used to define the ownership groups within InfoSphere MDM Reference Data Management Hub.

Each line in the RDMClientEAR/RestAPI.war/WEB-INF/classes/groups.properties file contains a key-value pair for each group name specific to the InfoSphere MDM Reference Data Management Hub. Each key represents the group within the InfoSphere MDM Reference Data Management Hub application (for example, to display it in the user interface and persist in the database).

The value is the actual groupName string as defined in the IBM® WebSphere registry (or an external LDAP repository connected to WebSphere in stand-alone or federated mode). 

#-------------------------------------------------------------------------------
# IBM Confidential
# OCO Source Materials
# 5747-SM3 
# © Copyright IBM Corp. 2011
# The source code for this program is not published or otherwise di-vested of its 
trade secrets, irrespective of what has been deposited with the U.S. Copyright 
Office.
#-------------------------------------------------------------------------------
#
crm=crm
enterprise=enterprise
mdm=mdm

Example: A user belongs to a group name that is represented as cn=mdm,o=defaultWIMFileBasedRealm in the WebSphere registry (or external LDAP repository). You want to use the name "mdm" as the relevant group name within the InfoSphere MDM Reference Data Management Hub application (for example, to display it in the user interface). Add the following line to the groups.properties file:

mdm=cn=mdm,o=defaultWIMFileBasedRealm

For modifying a group name, you must first add a key-value pair for the new group name to the groups.properties file. Change the ownerships from the old group name to the new group name in the InfoSphere MDM Reference Data Management Hub user interface. Directly modifying a group name mapping in the groups.properties file might render the objects defined under the previous group name, inaccessible to the new group.

Example: A group called "mdm" was defined in the groups.properties file with key mdm and value cn=mdm,o=defaultWIMFileBasedRealm as follows:

mdm=cn=mdm,o=defaultWIMFileBasedRealm

To modify the application-specific group name from "mdm" to "mdm_ui" without breaking the existing references, add a line for the new group name without removing the old group name:

mdm=cn=mdm,o=defaultWIMFileBasedRealm
mdm_ui=cn=mdm,o=defaultWIMFileBasedRealm

Restart the server. Use the InfoSphere MDM Reference Data Management Hub console to change all required ownerships in the existing objects from mdm to mdm_ui. Doing so makes existing objects accessible to the new group.

logging.properties

The logging.properties file is used to log errors and events generated by the system.

#-------------------------------------------------------------------------------
# IBM Confidential
# OCO Source Materials
# 5747-SM3 
# © Copyright IBM Corp. 2011
# The source code for this program is not published or otherwise di-vested of its 
trade secrets, irrespective of what has been deposited with the U.S. Copyright 
Office.
#-------------------------------------------------------------------------------
com.rest.rdm.services.handlers = java.util.logging.ConsoleHandler, 
java.util.logging.FileHandler
com.rest.rdm.services.level = ALL

java.util.logging.ConsoleHandler.level = INFO
java.util.logging.ConsoleHandler.formatter = com.rest.rdm.utils.logging.
ConsoleFormatter

java.util.logging.FileHandler.formatter = com.rest.rdm.utils.logging.
SimpleFileFormatter
java.util.logging.FileHandler.level = ALL
java.util.logging.FileHandler.pattern = /logFile%g.log
java.util.logging.FileHandler.limit = 1000000
java.util.logging.FileHandler.count = 5

rdm_security.properties

The rdm_security.properties file can be used to configure a minimal level of application security for InfoSphere MDM Reference Data Management Hub server against some well-known vulnerabilities (such as cross-site request forgery). Turning on (true) source validation forces the application to verify that the referer header in the request is the same as the host from which the request originated. The source validation property can be turned off (false). A fixed referer can be provided (such as localhost) by setting the override_referer flag to true and providing a fixed_referer value.

#---------------------------------------------------------------------
# IBM Confidential
# OCO Source Materials
# 5747-SM3 
# © Copyright IBM Corp. 2011
# The source code for this program is not published or otherwise di-vested of its 
trade secrets, irrespective of what has been deposited with the U.S. Copyright 
Office.
#-------------------------------------------------------------------------------
#
source_validation=true
override_referer=false
fixed_referer=localhost

permission.properties

To set permissions to control users' ability to view and edit fields within reference data sets or mappings, you add rows to permissions-specific properties files.

The properties files are at RDMClientEAR.ear/RestAPI.war/WEB-INF/classes/. Changes to these files require redeployment of the RDMClient application in IBM WebSphere Application Server.
  • To set permissions for all reference data sets, mappings, reference values, and mappings values, you create or change the permission.properties file.
  • To set permissions for specific reference data sets, you create a file that is called SET_<set_name>.properties. Permissions that are set in this file override any permissions that were set in the file permission.properties.
  • To set permissions for specific mappings, you create a file that is called MAPPING_<map_name>.properties. Permissions that are set in this file override any permissions that were set in the file permission.properties.

The properties files must consist of rows of key-value pairs, where the key is a string that is constructed from the following elements:

[OBJECT_TYPE]_[STATE]_[ROLE]_[GROUP]_[LEVEL]
  • [OBJECT_TYPE]_[STATE] determines which entity is affected.
  • [ROLE]_[GROUP] determines which user is affected.
  • [LEVEL] determines which visibility level is assigned.
OBJECT_TYPE
The OBJECT_TYPE element varies, depending on the entity you want to control.
SET
This object type can be used in the permission.properties file and any SET_<set_name>.properties file. It is used to indicate that the field you want to control is a set-level property field.
MAPPING
This object type can be used in the permission.properties file and any MAPPING_<map_name>.properties file. It is used to indicate that the field you want to control is property field for a mapping.
VALUE
This object type can be used in the permission.properties file and any SET_<set_name>.properties file. It is used to indicate that the field you want to control is a value-level property field for a reference data set.
VALUE_MAPPING
This object type can be used in the permission.properties file and any MAPPING_<map_name>.properties file. It is used to indicate that the field you want to control is a value-level property field for a mapping.
STATE
The state of the set or mapping for which you want to control access. The valid states for the object depend on the lifecycle process that the object uses. For example, if the set for which you want to control access uses the Two Step Approval process, an applicable state is Pending First Approval. In the properties file, you designate the state in uppercase letters with underscores in place of spaces: PENDING_FIRST_APPROVAL.
ROLE
The user role for which you want to specify or restrict access. If the group element is specified, all users of the specified role within the designated group are affected. If the group element is omitted, all users with this role are affected, regardless of their groups.
GROUP
The owner group for which you want to specify or restrict access. This element is optional.
LEVEL
The permission level that you want to control. There are three levels of permissions. The precedence priority is VISIBLE > HIDDEN > READ_ONLY.
VISIBLE
The specified fields are visible and editable to users in the entity and group specified. You use this permission level to override any field that was previously set as hidden.
HIDDEN
The specified fields are hidden from users in the designated owner groups, regardless of their roles.
READ_ONLY
The specified fields are visible but not editable by users in the entity and group that is specified, regardless of the users' roles.

The value portion of the key-value pairs is used to specify the field or fields whose access you want to control. Multiple fields are comma-separated. Use an asterisk (*) to indicate that all fields are affected.

The following row hides the Code property for all Data Stewards regardless of their group for any reference value whose set is in the Draft state:

VALUE_DRAFT_DATA_STEWARD_HIDDEN = Code

If the preceding row is added to the permission.properties file, it can be overridden for a particular reference data set. To do so, add the following row to the SET_<set_name>.properties file:

VALUE_DRAFT_DATA_STEWARD_ENTERPRISE_VISIBLE = Code

The preceding example grants visibility and edit permissions to Data Stewards in the Enterprise groups for the data set <set_name>. Access for all other Data Stewards is governed by the permissions that are set in the permission.properties file.

Alternately, you can grant visibility to Data Stewards in all groups for a particular reference data set and keep it hidden from Data Stewards for other data sets. To do so, add the following row to the SET_<set_name>.properties file:

VALUE_DRAFT_DATA_STEWARD_READ_ONLY = Code

The following row hides all properties for all Data Stewards in the Enterprise group for any reference value whose set is in the Draft state:

VALUE_DRAFT_DATA_STEWARD_ENTERPRISE_HIDDEN=*

If the preceding row is added to the permission.properties file, the restriction applies to all sets. If it is added to a specific SET_<set_name>.properties file, the restriction applies only to that set.

Related tasks:
Creating custom groups in InfoSphere MDM Reference Data Management Hub
Creating roles
Associating groups and roles
Assigning users to groups in InfoSphere MDM Reference Data Management Hub
Configuring application defaults
Setting field-level permissions

Last updated: 22 Mar 2017