B Oracle Mobile Cloud Service Environment Policies

This chapter lists the policies that you can configure for each of your environments (such as Development, Staging, and Production) in Oracle Mobile Cloud Service (MCS). Policies control a variety of things, including logging level, password expiration times, means for restricting user access, and proxies. Policies can affect all artifacts of a specific type within a particular environment when applied at the environment level, or they can affect an individual artifact in the environment in which the policies are set.

Note:

The scope value shown is the narrowest level at which the property can be set.

See Environments and Team Members to learn about environments and environment policies.

Environment Policies and Their Values

Environment policies determine the behavior of various aspects of Oracle Mobile Cloud Service (MCS). If you’re a mobile cloud administrator, you can view and modify the environment policies in the policies.properties file by exporting the file for a specific environment from the Administration page or by exporting the file when deploying an artifact. See Environment Policies.

Policy Description Type Default Value Scope / Affects

Analytics_ApiCallEventCollectionEnabled

Enables or disables automatic API call analytics event collection.

Boolean

true

Scope: Environment

Affects: Analytics

Asset_AllowPurge

Controls whether or not Draft or Published artifacts in the trash can be purged.

Valid values are:
  • All

  • None

  • Draft

  • Published

String

All

Scope: Environment

Affects: Realm, Mobile Backend, Custom API, API Implementation, Connector, and Collection

Asset_AllowTrash

Controls whether or not Draft or Published artifacts can be moved to the trash.

Valid values are:
  • All

  • None

  • Draft

  • Published

String

All

Scope: Environment

Affects: Realm, Mobile Backend, Custom API, API Implementation, Connector, and Collection

Asset_AllowUntrash

Controls whether or not Draft or Published artifacts can be restored from the trash.

Valid values are:
  • All

  • None

  • Draft

  • Published

String

All

Scope: Environment

Affects: Realm, Mobile Backend, Custom API, API Implementation, Connector, and Collection

Asset_DefaultInitialVersion

Sets the default version for all newly created assets.

String

1.0

Note: Generally, the default value should be used.

Scope: Environment

Affects: all artifacts that have versions

CCC_DefaultNodeConfiguration

Sets the default Node.js configuration used by the API implementation ( custom code).

Valid values are:

  • 0.10 - Node.js version 0.10.25 (the original configuration used by Mobile Cloud Service).

    "dependencies": { 
    "method-override": "2.2.0", 
    "express": "3.5.1", 
    "url":"0.7.9", 
    "path":"0.4.9", 
    "bluebird": "2.9.30", 
    "request": "2.34.0", 
    "https-proxy-agent": "0.3.5", 
    "http-proxy-agent": "0.2.6", 
    "agentkeepalive":"0.2.2" 
    }
  • 6.10 - Node.js version 6.9.1

    "dependencies": { 
    "method-override": "2.3.6", 
    "express": "4.14.0", 
    "bluebird": "3.4.6", 
    "request": "2.74.0", 
    "https-proxy-agent": "1.0.0", 
    "http-proxy-agent": "1.0.0", 
    "agentkeepalive":"3.1.0", 
    "body-parser": "1.15.2" 
    }

    The custom code implementation might override the default node configuration in its package.json:

    "oracleMobile" : { 
    "configuration" : { 
    "node" : "0.10" 
    } 
    }

    The node configuration in package.json always takes precedence over the default node configuration that’s specified in the policy.

    If the policy value is toggled at runtime, each API implementation that uses the default node configuration switches node configuration no later than its second REST request after the policy change.

String

0.10 for MCS upgrades.

6.10 for new instances of MCS.

Scope: Environment

Affects: Custom Code

CCC_LogBody

Determines whether to log the body of a request in custom code. Bodies will be logged in the following circumstances:

  • Logging level == FINEST or there is an uncaught exception.

  • This property is set to true.

Boolean

false

Scope: Mobile Backend

Affects: Custom Code

CCC_LogBodyMaxLength

Sets the maximum number of characters to log if the custom code is logging the request body.

Integer

512

Scope: Mobile Backend

Affects: Custom Code

CCC_MaxLoadPerCPU

Maximum one minute average load per processor (in nodejs: os.loadavg()[0] / os.cpus().length) allowed on custom code VM, or 0 to disable processor load checks.

When the load per processor exceeds this threshold:

  • Requests to custom code are rejected with status 500, Low Resources.

  • New nodejs containers are not created

  • Idle nodejs containers are closed faster than normal

Double

8

Scope: Environment

Affects: Custom Code

CCC_MinFreeMemoryMegabytes

Minimal megabytes of free memory (in nodejs: os.freemem()/(1024*1024)) allowed on custom code VM, or 0 to disable minimum free memory checks.

When free memory is below this threshold:

  • Requests to custom code are rejected with status 500, Low Resources.

  • New nodejs containers are not created

  • Idle nodejs containers are closed faster than normal

Integer

256

Scope: Environment

Affects: Custom Code

CCC_SendStackTraceWithError

Determines whether or not to send the stack trace from Node.js with the REST response from the custom code container indicating that there is a code problem.

Boolean

false

Scope: Mobile Backend

Affects: Custom Code

Connectors_Endpoint

Stores the endpoint URL of the particular connector instance.

Set this policy when deploying to another environment by uncommenting the policy.

String

There is no default value for this policy.

The initial value is set when the connector is created.

Scope: Connector

Affects: Connectors

Connector_ICS_Connections

Identifies the JSON document representing connections to each configured ICS instance.

String

null

Scope: Environment

Affects: ICS Connector

Database_CreateTablesPolicy

Controls whether the Database API can create, alter, or drop tables implicitly (implicitOnly) using the operations and JSON from custom code calls.

Setting this policy to explicitOnly enables these operations using the Database Management Service API (and prohibits operations enabled by implicitOnly).

Setting the policy to allow enables calls from custom code that perform implicit operations.

Setting this policy to none curtails implicit table creation, deletion, and updates.

String

allow

Scope: Environment

Affects: Database Service

Database_MaxRows

Sets the maximum number of rows that can be returned by a single database query.

Integer

1000

Scope: Environment

Affects: Database Service

Database_QueryTimeout

Sets the number of seconds to wait for a database query to return before canceling it.

Integer

20

Scope: Environment

Affects: Database Service

Diagnostics_AverageRequestTimeErrorThreshold

Sets the threshold for the average time spent servicing a request. If the average time spent servicing a request equals or exceeds this threshold, then the health of the system is considered severe (red).

Set this value higher than the one set for the Diagnostics_AverageRequestTimeWarningThreshold policy, which sets the adverse level of system health.

Double

6000.0

Scope: Environment

Affects: Administration Console

Diagnostics_AverageRequestTimeWarningThreshold

Sets the threshold for the average time spent servicing a request. If the time spent servicing a request equals or exceeds this threshold, then the health of the system is considered adverse (amber).

Double

3000.0

Scope: Environment

Affects: Administration Console

Diagnostics_ExcludedHttpHeadersInLogs

Creates a list of headers that shouldn’t be logged with each API request in the API History log file.

String

Authorization header, cookie name

Scope: Environment

Affects: Administration Console

Diagnostics_LongRequestCountErrorThreshold

Sets the threshold for the number of long-running requests. If the number of long-running requests exceeds this threshold, then the system health is considered severe (red).

Set this value higher than the one set for the Diagnostics_LongRequestCountWarningThreshold policy, which sets the adverse level of system health.

Integer

10

Scope: Environment

Affects: Administration Console

Diagnostics_LongRequestCountWarningThreshold

Sets the threshold for the number of long-running requests. If the number of long-running requests exceeds this threshold, then the system health is considered adverse (amber). A long-running request to an endpoint server has a duration that’s greater than (or equal to) 8 seconds (8000 ms).

Integer

0

Scope: Environment

Affects: Administration Console

Diagnostics_LongRequestThreshold

Sets the threshold for the amount of time spent on a request to an endpoint server. If a request to an endpoint server has a duration that is greater than (or equal to) 8 seconds (8000 ms), then it's considered a long-running request.

Integer

8000

Scope: Environment

Affects: Administration Console

Diagnostics_PendingRequestErrorThreshold

Sets the threshold of the proportion of pending requests. If the proportion of pending requests (which is expressed as a percentage) equals or exceeds this threshold, then the system health is considered severe (red).

The value should be higher than the one set for the Diagnostics_PendingRequestWarningThreshold policy, which sets the adverse level of system health.

Double

30

Generally, the default value should be used.

Scope: Environment

Affects: Administration Console

Diagnostics_PendingRequestWarningThreshold

Sets the threshold of the proportion of pending requests. If the proportion of pending requests (which is expressed as a percentage) equals or exceeds this threshold, then the system health is considered adverse (amber).

Pending requests represent the ratio of in-flight requests to the number of active requests, successful requests, and failed requests within the last minute.

Double

15

Scope: Environment

Affects: Administration Console

Diagnostics_RequestCountErrorThreshold

Sets the threshold of the proportion of failed requests. If the number of failed requests (including unserviceable requests) equals or exceed this threshold, then the system health is considered severe (red).

The value should be higher than the one set for the Diagnostics_RequestCountErrorThreshold policy, which sets the adverse level of system health.

Integer

10

Scope: Environment

Affects: Administration Console

Diagnostics_RequestCountWarningThreshold

Sets the threshold of the proportion of failed requests. If the number of failed requests (including unserviceable requests) equals or exceeds this threshold, then the system health is considered adverse (amber).

Integer

0

Scope: Environment

Affects: Administration Console

Logging_Level

Sets the logging level.

Integer

800

Scope: Mobile Backend

Affects: Custom APIs, Storage

Network_HttpConnectTimeout

Sets the amount of time spent in milliseconds (ms) connecting to the remote URL.

The value should be less than the value of Network_HttpRequestTimeout.

Set this policy when deploying to another environment by uncommenting the policy.

Integer

There is no default value for this policy.

The initial value is set when the connector is created.

Scope: Environment, Mobile Backend, Connector, Fully-Qualified Connector

Affects: Connectors

Network_HttpReadTimeout

Sets the maximum time (in milliseconds) spent waiting to read data.

The value should be less than the value of Network_HttpRequestTimeout.

Set this policy when deploying to another environment by uncommenting the policy.

Integer

There is no default value for this policy.

The initial value is set when the connector is created.

Scope: Environment, Mobile Backend, Connector, Fully-Qualified Connector

Affects: Connectors

Network_HttpRequestTimeout

Sets the amount of time in milliseconds (ms) on an HTTP request before it times out.

Set this policy when deploying to another environment.

Integer

40,000 ms

Scope: Environment

Affects: Custom APIs

Notifications_DeviceCountWarningThreshold

Defines the threshold level (percentage) of messages sent successfully without returning an error.

If the proportion of messages accepted by the service provider is below the threshold, then a warning is displayed. The default value is 70.0 (70%).

Set this policy per environment as needed.

Double

70.0

Note: For testing purposes only, consider setting this value to 100.0 (100%).

Scope: Environment

Affects: Notifications

Routing_BindAPIToImpl

Determines which core service to use to resolve the API request.

For connectors, set this policy when deploying to another environment by uncommenting the policy.

String

There is no default value for this policy.

Scope: API

Affects: Custom APIs, Connectors

Routing_BindAPIToMock

Resolves the API request to a mock service instead of the implementation that’s bound to the API.

Boolean

false

Note: Do not modify this policy.

Scope: Fully-Qualified API

Affects: Mobile Backends, Custom APIs

Routing_DefaultImplementation

Specifies the default implementation for the initially created API (that is, the mock service).

String

MockService/1.0

Note: Do not modify this policy.

Scope: Environment

Affects: Custom APIs

Routing_RouteToBackend

Reroutes mobile API calls made to a mobile backend to the target mobile backend specified.

Allows backend fixes (fixes that require a new mobile backend) to be delivered to the mobile app without requiring the mobile app to be recompiled.

String

There is no default value for this policy.

Scope: Mobile Backend

Affects: Dispatcher

Security_AllowOrigin

Enables Cross Origin Resource Sharing (CORS) from HTML5 clients on an external domain.

Supported values are:
  • disallow

  • url1, url2, url3

    By providing URLs as values, specifies a whitelist of URLs from which cross-site requests to MCS APIs can be made. If the origin of the cross-site request matches one of the patterns in the whitelist, the request is allowed. Otherwise, access is restricted.

The wildcard character, *, can be used when providing URL values. However, there are rules for its use. See Securing Cross-Site Requests to MCS APIs for detailed information.

String

disallow

Note: When dealing with browser-based applications, it’s highly recommended that cross-site access to MCS APIs either be restricted completely, or be restricted to trusted origins where legitimate applications are known to be hosted to prevent vulnerability to cross-site attacks (e.g., Cross-Site Request Forgery).

Scope: Environment

Affects: All cross origin calls to a given environment

Security_ExposeHeaders

Provides a means for browsers to access the server whitelist headers. By default, Cross Origin Resource Sharing (CORS) disallows accessing returned headers by the browser.

Applies to HTML5 clients accessing a given resource from an external domain.

String

""

Indicates that no response headers are to be exposed to the browser.

Scope: Environment

Affects: All cross origin calls to a given environment

Security_IdentityProviders

Stores identity providers configuration.

String

Facebook identity provider configuration

Scope: Environment

Affects: Security

Security_IgnoreHostnameVerification

Disables the SSL host name verification.

To be applied to connectors (in development environments) that call outbound services using SSL certificates with an invalid or incomplete hostname.

Boolean

false

Scope: Environment

Affects: REST, SOAP, ICS, and Fusion Applications Connectors

Security_OwsmPolicy

Sets the security policy used for outbound security.

For connectors, set this policy when deploying to another environment by uncommenting the policy.

Object

There is no default value for this policy.

The initial value is set when the connector is created.

Scope: Connector

Affects: Connectors

Security_SsoRedirectWhitelist

Lists the URL patterns for the SSO redirct_uri parameter values that are permitted.

String

disallow

Scope: Environment, Mobile Backend

Affects: SSO Token Relay

Security_TokenExchangeTimeoutPolicy

Defines the policy that governs the expiration time for MCS-issued tokens generated as a result of token exchange.

Valid values are:

  • FromTimeoutSecs - MCS-issued token expiry time is governed by the Security_TokenExchangeTimeoutSecs policy.

  • FromExternalToken - MCS-issued token expiry time is set to the same time as the external token expiry time.

  • FromExternalTokenLimitedByTimeoutSecs - MCS-issued token expiry time is set to the value determined from the Security_TokenExchangeTimeoutSecs policy or the external token expiry time, whichever comes first.

String

FromTimeoutSecs

Scope: Environment

Affects: SSO Token Exchange

Security_TokenExchangeTimeoutSecs

Sets the token expiration time for SSO login.

Integer

216000 s

Scope: Environment

Affects: SSO Token Relay

Security_TransportSecurityProtocols

Specifies a list of the TLS/SSL protocols that should be used for the outbound connection for the specific connector. By default, only TLSv1.1 and TLSv1.2 protocols are used for outbound connections. This property can be used to override the system defaults so that connections can be established to legacy systems that don't support new versions of TLS/SSL.

Caution: Use this property carefully as older protocols are more vulnerable to security exploits.

Valid value is a comma separated list of the TLS/SSL protocols. Note that extra spaces around the protocol names are ignored. For example, TLSv1, TLSv1.1, TLSv1.2.

Supported protocols are: SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2.

String

No default value

Scope: Connectors, Fully-qualified Connectors

Affects: All Connectors

Sync_CollectionTimeToLive

Sets the default amount of time that data requested by a mobile app from a storage collection remains in the local cache that’s used by the Synchronization library.

Integer

86400 s

Set this policy per environment as needed.

Scope: Environment

Affects: Storage

Url_PercentEncodeQueryParameterSpaces

Controls how spaces in query parameters of a URL are encoded. If set to true encodes spaces as %20; and encodes them as + otherwise. Spaces in other parts of the URL are always encoded as %20.

Boolean

false

Scope: Connector

Affects: REST Connector

User_AllowDynamicUserSchema

Indicates if the user schema can be augmented when unknown properties are part of the user data. This is used when users are imported into a realm or when a user is being updated. The properties defining the user that aren’t already defined as user properties are automatically added before importing the users.

It isn’t possible to augment the user schema when the call is coming from the platform API, regardless of the policy.

Set this policy at the environment level.

Boolean

Development environment: True

Staging and Production environments: False

Scope: Environment

Affects: Mobile User Management

User_DefaultUserRealm

Indicates the default user realm. This is used when creating a new mobile backend. The associated user realm is the one specified by this policy.

You can reference only an existing realm.

Set this policy at the environment level.

String

1.0

Scope: Environment

Affects: Mobile User Management