1. Developing Applications with Oracle Mobile Hub
  2. Oracle Mobile Hub Policies

B Oracle Mobile Hub Policies

This chapter lists the policies that you can configure in Oracle Mobile Hub (Mobile Hub). Policies control a variety of things, including logging level, password expiration times, means for restricting user access, and proxies. Policies can affect all artifacts of a specific type, or they can affect an individual artifact.

Note:

The scope value shown is the narrowest level at which the property can be set.

Mobile Hub Policies and Values

Policies determine the behavior of various aspects of Mobile Hub. As Mobile Hub administrator, you can view and modify the policies in the policies.properties file by exporting the file from the Administration page.

Policy Type / Description Default Value Scope / Affects

Analytics_ApplicationGuid

String. Stores an association between the backend and the Analytics application. The value is the Application ID.

There is no default value for this policy.

Scope: Backend

Affects: Backend

Analytics_BaiduMapCsfKeyName

String. Stores the name of the CSF key that stores the Baidu application key (ak).

There is no default value for this policy.

Scope: Backend

Affects: Backend

Asset_AllowPurge

String. Controls whether or not Draft and Published artifacts in the trash can be purged (deleted permanently).

Valid values are:

  • All

  • None

  • Draft

  • Published

All

Scope: Instance

Affects: Backend, Custom API, API Implementation, Connector, and Collection

Asset_AllowTrash

String. Controls whether or not Draft and Published artifacts can be moved to the trash.

Valid values are:

  • All

  • None

  • Draft

  • Published

All

Scope: Instance

Affects: Backend, Custom API, API Implementation, Connector, and Collection

Asset_AllowUntrash

String. Controls whether or not Draft and Published artifacts can be restored from the trash.

Valid values are:

  • All

  • None

  • Draft

  • Published

All

Scope: Instance

Affects: Backend, Custom API, API Implementation, Connector, and Collection

Asset_DefaultInitialVersion

String. Sets the default version for all newly created artifacts.

1.0

Note: Generally, the default value should be used.

Scope: Instance

Affects: All artifacts that have versions

CCC_DefaultNodeConfiguration

String. Sets the default node.js configuration used by the API implementation (custom code). The custom code implementation can override the default node configuration in its package.json.

The default node version is a policy value: whatever customer has there before the upgrade to the new OMH release will be unchanged.A new customer (of the new OMH release) would be defaulted to 12.16

Valid values are:

  • 12.16: The service uses node.js 12.16.1.

  • 8.9: The service uses node.js 8.9.4.

  • 6.10: The service uses node.js 6.10.10.

  • 0.10: The service uses node.js 0.10.25.

For the related JavaScript library versions, see What's the Foundation for the Custom Code Service?
  • For customers up to Oracle Mobile Hub 19.4.3, the default is 8.9.
  • For customers from Oracle Mobile Hub 20.1.3 onwards, the default is 12.16.

Scope: Instance

Affects: Custom Code

CCC_LogBody

Boolean. Determines whether to log the body of a request in custom code. Bodies will be logged in the following circumstances:

  • Logging level == FINEST or there is an uncaught exception.

  • This property is set to true.

false

Scope: Backend

Affects: Custom Code

CCC_LogBodyMaxLength

Integer. Sets the maximum number of characters to log if the custom code is logging the request body.

512

Scope: Backend

Affects: Custom Code

CCC_SendStackTraceWithError

Boolean. Determines whether or not to send the stack trace from node.js with the REST response from the custom code container indicating that there is a code problem.

false

Scope: Backend

Affects: Custom Code

Connectors_Endpoint

String. Stores the endpoint URL of the particular connector instance.

Set this policy by uncommenting the policy.

There is no default value for this policy.

The initial value is set when the connector is created.

Scope: Connector

Affects: Connectors

Connector_Ics_Connections

String. Identifies the JSON document representing connections to each configured ICS instance.

null

Scope: Instance

Affects: ICS Connector

Database_CreateTablesPolicy

String. Controls whether the Database API can create, alter, or drop tables from custom code or SQL. The default value (allow) enables calls from custom code that perform implicit operations and also explicit query operations from raw SQL.

Setting this policy to implicitOnly enables these operations and JSON from custom code calls, and prohibits SQL operations. Setting the policy to explicitOnly enables these operations using the Database Management Service API, and prohibits non-SQL operations from custom code. Setting the policy to none curtails implicit and explicit table creation, deletion, and updates.

allow

Scope: Instance

Affects: Database Service

Database_MaxRows

Integer. Sets the maximum number of rows that can be returned by a single database query.

1000

Scope: Instance

Affects: Database Service

Database_QueryTimeout

Integer. Sets the number of seconds to wait for a database query to return before canceling it.

20

Scope: Instance

Affects: Database Service

Diagnostics_ExcludedHttpHeadersInLogs

String. Creates a list of headers that shouldn’t be logged with each API request in the API History log file.

Authorization header, cookie name

Scope: Instance

Affects: Administration

Diagnostics_RequestPercentageErrorThreshold

Double. Sets the percentage of requests returning error codes compared with total request above which the service will report an error condition.

Set this value higher than the one set for the Diagnostics_RequestPercentageWarningThreshold policy, which sets the adverse level of system health.

10

Scope: Instance

Affects: Administration

Diagnostics_RequestPercentageWarningThreshold

Double. Sets the percentage of requests returning error codes compared with total request above which the service will report a warning condition.

1

Scope: Instance

Affects: Administration

Logging_Level

Integer. Sets the logging level.

800

Scope: Backend

Affects: Custom APIs, Storage

Network_HttpConnectTimeout

Integer. Sets the amount of time spent in milliseconds (ms) connecting to the remote URL.

The value should be less than the value of Network_HttpRequestTimeout.

There is no default value for this policy.

The initial value is set when the connector is created.

Scope: Instance, Backend, Connector, Fully-Qualified Connector

Affects: Connectors

Network_HttpReadTimeout

Integer. Sets the maximum time (in milliseconds) spent waiting to read data.

The value should be less than the value of Network_HttpRequestTimeout.

There is no default value for this policy.

The initial value is set when the connector is created.

Scope: Instance, Backend, Connector, Fully-Qualified Connector

Affects: Connectors

Network_HttpRequestTimeout

Integer. Sets the amount of time in milliseconds (ms) on an HTTP request before it times out.

Set this policy when deploying to another environment.

40,000 ms

Scope: Instance

Affects: Custom APIs

Notifications_DeviceCountWarningThreshold

Double. Defines the threshold level (percentage) of messages sent successfully without returning an error.

If the proportion of messages accepted by the service provider is below the threshold, then a warning is displayed. The default value is 70.0 (70%).

Set this policy as needed.

70.0

Note: For testing purposes only, consider setting this value to 100.0 (100%).

Scope: Instance

Affects: Notifications

Routing_BindAPIToImpl

String. Determines which core service to use to resolve the API request.

There is no default value for this policy.

Scope: API

Affects: Custom APIs, Connectors

Routing_BindAPIToMock

Boolean. Resolves the API request to a mock service instead of the implementation that’s bound to the API.

false

Note: Do not modify this policy.

Scope: Fully-Qualified API

Affects: Backend, Custom APIs

Routing_DefaultImplementation

String. Specifies the default implementation for the initially created API (that is, the mock service).

MockService/1.0

Note: Do not modify this policy.

Scope: Instance

Affects: Custom APIs

Routing_RouteToBackend

String. Reroutes mobile API calls made to a backend to the target backend specified.

There is no default value for this policy.

Scope: Backend

Affects: Dispatcher

Security_AllowOrigin

String. Enables Cross Origin Resource Sharing (CORS) from HTML5 clients on an external domain.

Supported values are:

  • disallow

  • url1, url2, url3 - specifies a whitelist of URLs from which cross-site requests to APIs can be made. If the origin of the cross-site request matches one of the patterns in the whitelist, the request is allowed. Otherwise, access is restricted.

    The wildcard character, *, can be used when providing URL values but doesn't apply across dot (.), forward slash (/), or colon (:) characters.

disallow

Note: When dealing with browser-based applications, it’s highly recommended that cross-site access to APIs either be restricted completely, or be restricted to trusted origins where legitimate applications are known to be hosted to prevent vulnerability to cross-site attacks (e.g., Cross-Site Request Forgery).

Scope: Instance

Affects: All cross origin calls to a given instance

Security_AuthTokenConfiguration

JSON Object. Provides a configuration to integrate with third-party identity providers that support JWT, which mobile app users can use to authenticate.

No default value

Scope: Environment

Affects: Security

Security_CollectionsAnonymousAccess
A comma-separated list of storage collections following this pattern: 
<collection1_name>[(<version>|*)][,<collection2_name>[(<version>|*)]][, ...]
Sets a storage collection to allow anonymous access. For each storage collection listed in the policy, anonymous read and write access will be allowed, provided that the correct anonymous access key is defined in the request headers. Specifying '*' as the version allows anonymous access to all versions of the collection.

No default value

Scope: Storage Collections

Affects: Only the listed Collections

Security_ExposeHeaders

String. Provides a means for browsers to access the server whitelist headers. By default, Cross Origin Resource Sharing (CORS) disallows accessing returned headers by the browser.

Applies to HTML5 clients accessing a given resource from an external domain.

""

Indicates that no response headers are to be exposed to the browser.

Scope: Instance

Affects: All cross origin calls to a given instance

Security_IdentityProviders

String. Stores identity providers configuration.

Facebook identity provider configuration

Scope: Instance

Affects: Security

Security_IgnoreHostnameVerification

Boolean. Disables the SSL host name verification.

To be applied to connectors (in development) that call outbound services using SSL certificates with an invalid or incomplete hostname.

false

Scope: Instance

Affects: REST, SOAP, ICS, and Fusion Applications Connectors

Security_OwsmPolicy

Object. Sets the security policy used for outbound security.

There is no default value for this policy.

The initial value is set when the connector is created.

Scope: Connector

Affects: Connectors

Security_SsoRedirectWhitelist

String. Lists the URL patterns for the SSO redirect_uri parameter values that are permitted.

disallow

Scope: Instance, Backend

Affects: SSO Token Relay

Security_TokenExchangeTimeoutPolicy

String. Defines the policy that governs the expiration time for tokens generated and issued as a result of token exchange.

Valid values are:

  • FromTimeoutSecs - token expiry time is governed by the Security_TokenExchangeTimeoutSecs policy.

  • FromExternalToken - token expiry time is set to the same time as the external token expiry time.

  • FromExternalTokenLimitedByTimeoutSecs - token expiry time is set to the value determined from the Security_TokenExchangeTimeoutSecs policy or the external token expiry time, whichever comes first.

FromTimeoutSecs

Scope: Instance

Affects: SSO Token Exchange

Security_TokenExchangeTimeoutSecs

Integer. Sets the token expiration time for SSO login.

216000 s

Scope: Instance

Affects: SSO Token Relay

Security_TransportSecurityProtocols

String. Specifies a list of the TLS/SSL protocols that should be used for the outbound connection for the specific connector. By default, only TLSv1.2 protocols are used for outbound connections. This property can be used to override the system defaults so that connections can be established to legacy systems that don't support new versions of TLS/SSL.

Caution: Use this property carefully as older protocols are more vulnerable to security exploits.

Valid value is a comma separated list of the TLS/SSL protocols. Note that extra spaces around the protocol names are ignored. For example, TLSv1, TLSv1.1, TLSv1.2.

Supported protocols are: SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2.

No default value

Scope: Connectors, Fully-qualified Connectors

Affects: All Connectors

Sync_CollectionTimeToLive

Integer. Sets the default amount of time that data requested by a mobile app from a storage collection remains in the local cache that’s used by the Synchronization library.

86400 s

Set this policy as needed.

Scope: Instance

Affects: Storage

Url_PercentEncodeQueryParameterSpaces

Boolean. Controls how spaces in query parameters of a URL are encoded. If set to true encodes spaces as %20; and encodes them as + otherwise. Spaces in other parts of the URL are always encoded as %20.

false

Scope: Connector

Affects: REST Connector