Oracle Mobile Cloud Enterprise Policies

A Oracle Mobile Cloud Enterprise Policies

This chapter lists the policies that you can configure in Oracle Mobile Cloud Enterprise (OMCe). Policies control a variety of things, including logging level, password expiration times, means for restricting user access, and proxies. Policies can affect all artifacts of a specific type, or they can affect an individual artifact.

Note:

The scope value shown is the narrowest level at which the property can be set.

OMCe Policies and Values

Policies determine the behavior of various aspects of OMCe. As OMCe administrator, you can view and modify the policies in the policies.properties file by exporting the file from the Administration page.

Policy	Description	Type	Default Value	Scope / Affects
`Analytics_ApplicationGuid`	Stores an association between the backend and the Analytics application. The value is the Application ID.	String	There is no default value for this policy.	Scope: Backend Affects: Backend
`Analytics_BaiduMapCsfKeyName`	Stores the name of the CSF key that stores the Baidu application key (ak).	String	There is no default value for this policy.	Scope: Backend Affects: Backend
`Asset_AllowPurge`	Controls whether or not Draft and Published artifacts in the trash can be purged (deleted permanently). Valid values are: All None Draft Published	String	All	Scope: Instance Affects: Backend, Custom API, API Implementation, Connector, and Collection
`Asset_AllowTrash`	Controls whether or not Draft and Published artifacts can be moved to the trash. Valid values are: All None Draft Published	String	All	Scope: Instance Affects: Backend, Custom API, API Implementation, Connector, and Collection
`Asset_AllowUntrash`	Controls whether or not Draft and Published artifacts can be restored from the trash. Valid values are: All None Draft Published	String	All	Scope: Instance Affects: Backend, Custom API, API Implementation, Connector, and Collection
`Asset_DefaultInitialVersion`	Sets the default version for all newly created artifacts.	String	1.0 Note: Generally, the default value should be used.	Scope: Instance Affects: all artifacts that have versions
`CCC_DefaultNodeConfiguration`	Sets the default node.js configuration used by the API implementation (custom code). Valid values are: 0.10 - node.js version 0.10.25 (the original configuration). `"dependencies": { "method-override": "2.2.0", "express": "3.5.1", "url":"0.7.9", "path":"0.4.9", "bluebird": "2.9.30", "request": "2.34.0", "https-proxy-agent": "0.3.5", "http-proxy-agent": "0.2.6", "agentkeepalive":"0.2.2" }` 6.10 - Node.js version 6.9.1 `"dependencies": { "method-override": "2.3.6", "express": "4.14.0", "bluebird": "3.4.6", "request": "2.74.0", "https-proxy-agent": "1.0.0", "http-proxy-agent": "1.0.0", "agentkeepalive":"3.1.0", "body-parser": "1.15.2" }` The custom code implementation might override the default node configuration in its package.json: `"oracleMobile" : { "configuration" : { "node" : "0.10" } }` The node configuration in package.json always takes precedence over the default node configuration that’s specified in the policy. If the policy value is toggled at runtime, each API implementation that uses the default node configuration switches node configuration no later than its second REST request after the policy change.	String		Scope: Instance Affects: Custom Code
`CCC_LogBody`	Determines whether to log the body of a request in custom code. Bodies will be logged in the following circumstances: `Logging level == FINEST` or there is an uncaught exception. This property is set to true.	Boolean	false	Scope: Backend Affects: Custom Code
`CCC_LogBodyMaxLength`	Sets the maximum number of characters to log if the custom code is logging the request body.	Integer	512	Scope: Backend Affects: Custom Code
`CCC_SendStackTraceWithError`	Determines whether or not to send the stack trace from node.js with the REST response from the custom code container indicating that there is a code problem.	Boolean	false	Scope: Backend Affects: Custom Code
`Connectors_Endpoint`	Stores the endpoint URL of the particular connector instance. Set this policy by uncommenting the policy.	String	There is no default value for this policy. The initial value is set when the connector is created.	Scope: Connector Affects: Connectors
`Connector_Ics_Connections`	Identifies the JSON document representing connections to each configured ICS instance.	String	null	Scope: Instance Affects: ICS Connector
`Database_CreateTablesPolicy`	Controls whether the Database API can create, alter, or drop tables from custom code or SQL. The default value (`allow`) enables calls from custom code that perform implicit operations and also explicit query operations from raw SQL. Setting this policy to `implicitOnly` enables these operations and JSON from custom code calls, and prohibits SQL operations. Setting the policy to `explicitOnly` enables these operations using the Database Management Service API, and prohibits non-SQL operations from custom code. Setting the policy to `none` curtails implicit and explicit table creation, deletion, and updates.	String	allow	Scope: Instance Affects: Database Service
`Database_MaxRows`	Sets the maximum number of rows that can be returned by a single database query.	Integer	1000	Scope: Instance Affects: Database Service
`Database_QueryTimeout`	Sets the number of seconds to wait for a database query to return before canceling it.	Integer	20	Scope: Instance Affects: Database Service
`Diagnostics_ExcludedHttpHeadersInLogs`	Creates a list of headers that shouldn’t be logged with each API request in the API History log file.	String	Authorization header, cookie name	Scope: Instance Affects: Administration Console
`Diagnostics_RequestPercentageErrorThreshold`	Sets the percentage of requests returning error codes compared with total request above which the admin console will report an error condition. Set this value higher than the one set for the `Diagnostics_RequestPercentageWarningThreshold` policy, which sets the adverse level of system health.	Double	10	Scope: Instance Affects: Administration Console
`Diagnostics_RequestPercentageWarningThreshold`	Sets the percentage of requests returning error codes compared with total request above which the admin console will report a warning condition.	Double	1	Scope: Instance Affects: Administration Console
`Logging_Level`	Sets the logging level.	Integer	800	Scope: Backend Affects: Custom APIs, Storage
`Network_HttpConnectTimeout`	Sets the amount of time spent in milliseconds (ms) connecting to the remote URL. The value should be less than the value of `Network_HttpRequestTimeout`.	Integer	There is no default value for this policy. The initial value is set when the connector is created.	Scope: Instance, Backend, Connector, Fully-Qualified Connector Affects: Connectors
`Network_HttpReadTimeout`	Sets the maximum time (in milliseconds) spent waiting to read data. The value should be less than the value of `Network_HttpRequestTimeout`.	Integer	There is no default value for this policy. The initial value is set when the connector is created.	Scope: Instance, Backend, Connector, Fully-Qualified Connector Affects: Connectors
`Network_HttpRequestTimeout`	Sets the amount of time in milliseconds (ms) on an HTTP request before it times out.	Integer	40,000 ms	Scope: Instance Affects: Custom APIs
`Notifications_DeviceCountWarningThreshold`	Defines the threshold level (percentage) of messages sent successfully without returning an error. If the proportion of messages accepted by the service provider is below the threshold, then a warning is displayed. The default value is 70.0 (70%). Set this policy as needed.	Double	70.0 Note: For testing purposes only, consider setting this value to 100.0 (100%).	Scope: Instance Affects: Notifications
`Routing_BindAPIToImpl`	Determines which core service to use to resolve the API request.	String	There is no default value for this policy.	Scope: API Affects: Custom APIs, Connectors
`Routing_BindAPIToMock`	Resolves the API request to a mock service instead of the implementation that’s bound to the API.	Boolean	false Note: Do not modify this policy.	Scope: Fully-Qualified API Affects: Backend, Custom APIs
`Routing_DefaultImplementation`	Specifies the default implementation for the initially created API (that is, the mock service).	String	MockService/1.0 Note: Do not modify this policy.	Scope: Instance Affects: Custom APIs
`Routing_RouteToBackend`	Reroutes mobile API calls made to a backend to the target backend specified.	String	There is no default value for this policy.	Scope: Backend Affects: Dispatcher
`Security_AllowOrigin`	Enables Cross Origin Resource Sharing (CORS) from HTML5 clients on an external domain. Supported values are: disallow url1, url2, url3 By providing URLs as values, specifies a whitelist of URLs from which cross-site requests to APIs can be made. If the origin of the cross-site request matches one of the patterns in the whitelist, the request is allowed. Otherwise, access is restricted. The wildcard character, *, can be used when providing URL values. However, there are rules for its use, described in Securing Cross-Site Requests to OMCe APIs in Developing Applications with Oracle Mobile Cloud, Enterprise.	String	disallow Note: When dealing with browser-based applications, it’s highly recommended that cross-site access to APIs either be restricted completely, or be restricted to trusted origins where legitimate applications are known to be hosted to prevent vulnerability to cross-site attacks (e.g., Cross-Site Request Forgery).	Scope: Instance Affects: All cross origin calls to a given instance
`Security_AuthTokenConfiguration`	Provides a configuration to integrate with third-party identity providers that mobile app users can use to authenticate. See JWT Tokens and Virtual Users in Developing Applications with Oracle Mobile Cloud, Enterprise.	JSON object		Scope: Environment Affects: Security
`Security_CollectionsAnonymousAccess`	Sets a storage collection to allow anonymous access. For each storage collection listed in the policy, anonymous read and write access will be allowed, provided that the correct anonymous access key is defined in the request headers. Specifying '`*`' as the version allows anonymous access to all versions of the collection.	A comma-separated list of storage collections following this pattern: `<collection1_name>[(<version>\|)][,<collection2_name>[(<version>\|)]][, ...]`	No default value	Scope: Storage collections Affects: The collections and versions listed in the policy
`Security_ExposeHeaders`	Provides a means for browsers to access the server whitelist headers. By default, Cross Origin Resource Sharing (CORS) disallows accessing returned headers by the browser. Applies to HTML5 clients accessing a given resource from an external domain.	String	"" Indicates that no response headers are to be exposed to the browser.	Scope: Instance Affects: All cross origin calls to a given instance
`Security_IdentityProviders`	Stores identity providers configuration.	String	Facebook identity provider configuration	Scope: Instance Affects: Security
`Security_IgnoreHostnameVerification`	Disables the SSL host name verification. To be applied to connectors (in development) that call outbound services using SSL certificates with an invalid or incomplete hostname.	Boolean	false	Scope: Instance Affects: REST, SOAP, ICS, and Fusion Applications Connectors
`Security_OwsmPolicy`	Sets the security policy used for outbound security.	Object	There is no default value for this policy. The initial value is set when the connector is created.	Scope: Connector Affects: Connectors
`Security_SsoRedirectWhitelist`	Lists the URL patterns for the SSO `redirct_uri` parameter values that are permitted.	String	disallow	Scope: Instance, Backend Affects: SSO Token Relay
`Security_TokenExchangeTimeoutPolicy`	Defines the policy that governs the expiration time for tokens generated and issued as a result of token exchange. Valid values are: `FromTimeoutSecs` - token expiry time is governed by the `Security_TokenExchangeTimeoutSecs` policy. `FromExternalToken` - token expiry time is set to the same time as the external token expiry time. `FromExternalTokenLimitedByTimeoutSecs` - token expiry time is set to the value determined from the `Security_TokenExchangeTimeoutSecs` policy or the external token expiry time, whichever comes first.	String	`FromTimeoutSecs`	Scope: Instance Affects: SSO Token Exchange
`Security_TokenExchangeTimeoutSecs`	Sets the token expiration time for SSO login.	Integer	216000 s	Scope: Instance Affects: SSO Token Relay
`Security_TransportSecurityProtocols`	Specifies a list of the TLS/SSL protocols that should be used for the outbound connection for the specific connector. By default, only TLSv1.2 protocols are used for outbound connections. This property can be used to override the system defaults so that connections can be established to legacy systems that don't support new versions of TLS/SSL. Caution: Use this property carefully as older protocols are more vulnerable to security exploits. Valid value is a comma separated list of the TLS/SSL protocols. Note that extra spaces around the protocol names are ignored. For example, TLSv1, TLSv1.1, TLSv1.2. Supported protocols are: SSLv2Hello, TLSv1, TLSv1.1, TLSv1.2.	String	No default value	Scope: Connectors, Fully-qualified Connectors Affects: All Connectors
`Sync_CollectionTimeToLive`	Sets the default amount of time that data requested by a mobile app from a storage collection remains in the local cache that’s used by the Synchronization library.	Integer	86400 s Set this policy as needed.	Scope: Instance Affects: Storage
`Url_PercentEncodeQueryParameterSpaces`	Controls how spaces in query parameters of a URL are encoded. If set to true encodes spaces as `%20;` and encodes them as `+` otherwise. Spaces in other parts of the URL are always encoded as `%20`.	Boolean	false	Scope: Connector Affects: REST Connector