Configuration parameters

AutoDeploy parameters

Name Description Default
mappedServers This property is used to map the WAR modules to the target servers (WAS servers + IHS webservers). The value is a concatenation of server strings. If DPTK should be installed into a cluster the string looks as follows WebSphere:cell=connectionsCell,node=HTTPNode,server=webserver1+WebSphere:cell=connectionsCell,cluster=DPTKCluster. This value assumes that the cell name is connectionsCell, and the node name of the Webserver is HTTPNode. These values must be adjusted according the target cell names. If DPTK should be installed to a single server the String might looks as follows WebSphere:cell=connectionsCell,node=HTTPNode,server=webserver1+WebSphere:cell=connectionsCell,node=connectionsNode,server=connectionsNode_DPTKServer1 NO VALUE SET PER DEFAULT
jarMappedServers This property is used to map the EJB modules to the target servers (WAS servers). The value is a concatenation of server strings. If DPTK should be installed into a cluster the string looks as follows WebSphere:cell=connectionsCell,cluster=DPTKCluster. This value assumes that the cell name is connectionsCell, the node name of the Webserver is HTTPNode and the node name of the DPTKServer is connectionsNode. These values must be adjusted according the names in the target cell. If DPTK should be installed to a single server (e.g. DPTKServer) the String might looks as follows WebSphere:cell=connectionsCell,node=connectionsNode,server=connectionsNode_DPTKServer NO VALUE SET PER DEFAULT
ear.security-role.dptk.user Specify the id of the user that should be granted the application role dptk. For multiple users, seperate via pipe | NO VALUE SET PER DEFAULT
ear.security-role.dptk.group Specify the id of the group that should be granted the application role dptk. For multiple groups, seperate via pipe | NO VALUE SET PER DEFAULT
ear.security-role.dptkAdmin.user Specify the id of the user that should be granted the application role dptkAdmin. For multiple users, seperate via pipe | NO VALUE SET PER DEFAULT
ear.security-role.dptkAdmin.group Specify the id of the group that should be granted the application role dptkAdmin. For multiple users, seperate via pipe | NO VALUE SET PER DEFAULT

Script parameters

Name Description Default
DMGR_PROFILE Specify the path to the DMGR profile C:\IBM\WebSphere\AppServer\profiles\Dmgr01
WAS_HOME Specify the path to the WebSphere AppServer installation root C:\IBM\WebSphere\AppServer
DMGR_SOAP_PORT Specify the SOAP port that is used to access the MBeans of the DMGR process NO VALUE SET PER DEFAULT
CELL_NAME Specify the cell name of the Connections installation. This value can be retrieved by looking into the config directory dir %DMGR_PROFILE%\config\cells (Windows) or ls -l $DMGR_PROFILE/config/cells (Linux) NO VALUE SET PER DEFAULT
DPTK_CLUSTER_NAME Specify the cluster name of the DPTK cluster. This value can be retrieved by looking into the config directory dir %DMGR_PROFILE%\config\cells\%CELL_NAME%\clusters (Windows) or ls -l $DMGR_PROFILE/config/cells/$CELL_NAME/clusters (Linux) DPTKCluster
WASADMIN_USER Specify the username of the wasadmin user (e.g.: wasadmin) NO VALUE SET PER DEFAULT
WASADMIN_PASSWORD Specify the password of the wasadmin user NO VALUE SET PER DEFAULT
DPTK_USER Specify the id of the user that should be granted the application role dptk. For multiple users, separate via pipe | NO VALUE SET PER DEFAULT
DPTK_GROUP Specify the id of the group that should be granted the application role dptk. For multiple groups, separate via pipe | NO VALUE SET PER DEFAULT
DPTK_ADMINUSER Specify the id of the user that should be granted the application role dptkAdmin. For multiple users, separate via pipe | NO VALUE SET PER DEFAULT
DPTK_ADMINGROUP Specify the id of the group that should be granted the application role dptkAdmin. For multiple users, separate via pipe | NO VALUE SET PER DEFAULT

WebSphere Cell parameter

Name Description Default
type The connection type for accessing the WebSphere AdminClient SOAP
host The DeploymentManager hostname. This value must be changed, if DPTK is installed in a clustered installation or the DeploymentManager is not located on the same node as the DPTK server localhost
port The DeploymentManagers SOAP port. 8879
j2calias The name of the J2C alias that stores the Connections Admin credentials. connectionsAdmin
com.ibm.SOAP.requestTimeout The timeout for each AdminClient operation. 0

Data Privacy Toolkit parameters

Name Description Default
configpath The file system directory that will be used for storing DPTK configuration items The default is in the parent path of the set WebSphere variable CONNECTIONS_CUSTOMIZATION_PATH
userstates.cacheSize The size of the caches that preserves loaded user states in order to avoid heavy memory consumption and possible OOMs. The number should be roughly as high as the number of Employees that are stored in PeopleDB 500000
reports.cacheSize The size of the caches that preserves loaded reports in order to avoid heavy memory consumption and possible OOMs. The number should be roughly as high as the number of reports that are stored in DPTK 30000
reports.history.accessible Archived reports will be accessible to every user with Data Privacy Officer (dptk) role. If false, only admin users can see it. false
reports.title The title for Data Privacy Reports. Use the following placeholders for variable replacements: {id}: Report Id (e.g. 0001), username: User Display Name (e.g. Frank Adams), {date}: Creation Date (e.g. May 15, 2018)  Report {id}: {username}
reports.meta.attributes Comma-separated list of meta-attributes that should be added to the DPTK report exports. Allowed values are title=Report title, summary=Report message, author=Report author, titlePage=Report overview page (containing aforementioned meta information)  title,summary,author,titlePage
reports.archiveAfter Time in hours after which reports will be archived. Once archived, the reports can be accessed only via administrative DPTK users 24
reports.deleteAfter Time in hours after which reports will be marked for deletion. Once deleted, the reports cannot be accessed any longer. The deletion will only be performed, if dptk.scheduler.reportdeletion.enabled is set to true 720
reports.pdf.export.file.name The PDF export name of Data Privacy Reports. Use the following placeholders for variable replacements: {id}: Report Id (e.g. 0001), username: User Display Name (e.g. Frank Adams), {date}: Creation Date (e.g. 15052018), Profile attributes (e.g. {base.managerUid})  Data-Privacy-Report-{id}-{username}
reports.csv.export.file.name The CSV export name of Data Privacy Reports. Use the following placeholders for variable replacements: {id}: Report Id (e.g. 0001), username: User Display Name (e.g. Frank Adams), {date}: Creation Date (e.g. 15052018), Profile attributes (e.g. {base.managerUid})  Data-Privacy-Report-{id}-{username}
profile.anonymize.attributes Specify the (comma separated) list of profile attributes that should be pseudonymized. For extension attributes, please refer to the customization documentation. base.alternateLastname,base.bldgId,base.blogUrl,base.calendarUrl,base.countryCode,base.courtesyTitle,base.description,base.deptNumber,base.displayName,base.distinguishedName,base.email,base.employeeTypeCode,base.employeeNumber,base.experience,base.faxNumber,base.floor,base.freeBusyUrl,base.givenName,base.givenNames,base.groupwareEmail,base.guid,base.ipTelephoneNumber,base.isManager,base.jobResp,base.key,base.lastUpdate,base.loginId,base.managerUid,base.mobileNumber,base.nativeFirstName,base.nativeLastName,base.officeName,base.orgId,base.pagerId,base.pagerNumber,base.pagerServiceProvider,base.pagerType,base.preferredFirstName,base.preferredLanguage,base.preferredLastName,base.profileType,base.shift,base.secretaryUid,base.sourceUrl,base.surname,base.surnames,base.telephoneNumber,base.timezone,base.title,base.tenantKey,base.uid,base.userState,base.workLocationCode,ext.profileLinks
profile.anonymize.immutableAttributes Specify a (comma separated) list of profile attributes that shouldn’t be changeable base.workLocationCode,base.employeeTypeCode,base.isManager,base.managerUid,base.orgId,base.uid,base.guid,base.key,base.tenantKey,base.loginId,base.distinguishedName,base.givenName,base.surname,base.title,base.lastUpdate,base.profileType,base.sourceUrl,base.userid,base.userState
profile.anonymize.defaultValues Specify a (comma separated) list of profile attribute key=value pairs to set default values for pseudonymization. All fields not included here or in the profile.anonymize.immutableAttributes list will be emptied by default. The field base.displayName allows for the use of a placeholder for variable replacements: {id}: Report Id (e.g. 0001), {rnd}: Random generated Id base.displayName=Anonymous User, base.surname=User, base.surnames=User, base.givenName=Anonymous, base.givenNames=Anonymous
profile.anonymize.profileContentTypesToHandle Specify a (comma seperated) list of profile content types that should be handled by the application. Content types represent content conntected to the profile, which are not contained within the actual profile attributes. Allowed values are: bookmark: profile bookmarks, colleagues: profile network contacts, soundFile: profile pronunciation file, tags: profile tags bookmarks,colleagues,soundFile,tags
profile.anonymize.useConnPseudonymizePIBean Defines whether the MBean task for PI pseudonymization should be leveraged (https://help.hcltechsw.com/connections/v6/admin/admin/t_common_manage_user_requests_to_erase_pd.html) true
profile.anonymize.processFaultyProfile Defines whether a profile that is considered faulty should be pseudonymized. This means that certain aspects of the current profile status are known to cause errors in certain scenarios. The pseudonymization may still correctly process the user, but can potentially also run into issues and leave the profile in an undesired state. true
profile.search.results.returnUniqueResultForUid Defines whether search results from API and DB should be merged, in case a user is identified by its UID in the database. Note: Settings this value to true may lead to omitted search results depending on your UID values. false
dptk.access.test.user Specify a PROF_GUID of a user that should be used for a testing the anonymization configuration. The selftest endpoint is /api/selftest/check/field/access.json NO VALUE SET PER DEFAULT
dptk.scheduler.anonymize.enabled Defines whether a automated (scheduled) pseudonymization job should run, pseudonymizing all profiles that were inactivated since the last run. Uses the properties profile.anonymize.attributes, profile.anonymize.immutableAttributes and profile.anonymize.defaultValues to define what information will be pseudonymized.  false
dptk.scheduler.anonymize.cron Defines the start interval for (scheduled) pseudonymization job.  0 5 */6 * * *
dptk.scheduler.anonymize.graceperiod Defines the time (in milliseconds) that should pass after a profile was identified to be inactive, before the pseudonymization task will be executed. 2592000000
dptk.scheduler.anonymize.resultlog.enabled Defines whether the result of each anonymization job (e.g. list of anonymized profiles) should be logged or not true
dptk.scheduler.reportdeletion.enabled Defines whether a automated (scheduled) deletion job should run that deletes reports.  false
dptk.scheduler.reportdeletion.cron Defines the start interval for (scheduled) deletion job.  0 10 */6 * * *
dptk.scheduler.reportdeletion.exclude.incomplete.enabled Defines whether open reports are to be excluded from deletion job. true
dptk.scheduler.reportdeletion.category.inquiry.enabled Defines whether reports of category ‘inquiry’ should be deleted. false
dptk.scheduler.reportdeletion.category.anonymize.enabled Defines whether reports of category ‘anonymize’ should be deleted. false
dptk.scheduler.reportdeletion.forceDeleteExpired Defines whether reports will always be deleted after they exceed the expiration time. This property will be prioritized over the handling of incomplete reports or reports that are excluded from deletion. Set this property if you want to enforce a deletion (no matter what state the report is in) after exceeding the expiration time. false
wkhtmltopdf.command.exec Specifies binary executable that should be invoked for PDF exports (e.g.: /mnt/my_shared_fs/dptk/pdf/wkhtmltox/bin/wkhtmltopdf) wkhtmltopdf

Data Privacy Toolkit - Application connectors parameters

Global connectors parameters

Name Description Default
appconnectors.ids Specify a (comma separated) list of app connectors (e.g. app-icxt, app-expertise-v3, app-crowdsourcing) that should be utilized for information retrieval and anonymize operations. NO VALUE SET PER DEFAULT
appconnectors.blacklist Specify a (comma separated) list of app connectors (e.g. app-icxt) that should NOT be utilized for information retrieval and anonymize operations. NO VALUE SET PER DEFAULT
appconnectors.attributes.mapping Specify a (comma separated) list of attribute key=value pairs to map a specific 3rd-party field to an existing Connections field (e.g. app-crowdsourcing.email=base.email) app-crowdsourcing.name=base.displayName, app-expertise-v3.display_name=base.displayName, app-crowdsourcing.email=base.email, app-expertise-v3.email=base.email, app-expertise-v3.last_name=base.surname, app-expertise-v3.first_name=base.givenName, app-crowdsourcing.connectionsId=base.guid, app-expertise-v3.phone.primary=base.telephoneNumber

Parameters for a specific connector

The following parameters can be provided for all connected applications (which are defined via the above appconnectors.ids configuration parameter). The word APPLICATION_ID in below parameter names refers to the respective application id, e.g. app-expertise-v4 or app-hype-enterprise.

Name Description Default
appconnectors.APPLICATION_ID.class Define the classname of the class that implements the app connectors interface for the application Expertise360 (v4), Expertise360 (v3), HCL Connections Crowdsourcing: com.ibm.ess.ic.dptk.connectors.impl.apps.GenericAppConnector, HYPE enterprise / Innovation App: com.ibm.ess.ic.dptk.connectors.impl.apps.HypeEnterpriseConnector
appconnectors.APPLICATION_ID.baseUrl Defines Base URL for the application NO VALUE SET PER DEFAULT
appconnectors.APPLICATION_ID.userDataUri Defines URL path to get User Personal Data for the application Expertise360 (v4) , Expertise360 (v3) : /admin/userdata, HCL Connections Crowdsourcing: /dptk/userdata
appconnectors.APPLICATION_ID.userProfileUri Defines URL path to get User Profile Data for the application Expertise360 (v4) , Expertise360 (v3) : /admin/userprofile, HCL Connections Crowdsourcing: /dptk/userprofile
appconnectors.APPLICATION_ID.anonymizeUri Defines URL path which is used to Detele Personal Data of User for the application Expertise360 (v4) , Expertise360 (v3) : /admin/anonymize, HCL Connections Crowdsourcing: /dptk/anonymize
appconnectors.APPLICATION_ID.getProfilesUri Defines URL path to get All Profiles for the application Expertise360 (v4), Expertise360 (v3) : /admin/profiles, HCL Connections Crowdsourcing: /dptk/profiles
appconnectors.APPLICATION_ID.heartbeatUri Defines URL path to check If Connector Backend is Alive for the application Expertise360 (v4), Expertise360 (v3): /stats, HCL Connections Crowdsourcing: /licences, HYPE enterprise / Innovation App: /favicon.ico
appconnectors.APPLICATION_ID.portfolioIds Defines list of portifolio Ids which are used to gather USER personal Data from. Currently only the HYPE enterprise application provides the information via portfolios. NO VALUE SET PER DEFAULT
appconnectors.APPLICATION_ID.genericPortfolioUri Defines URL path to generate portfolio end point url which is used to get Personal Data from portfolio for the application. This will leverage the portfolio ids from appconnectors.APPLICATION_ID.portfolioIds and add them to the {portfolioId} in the provided URL path. Currently only the HYPE enterprise application provides the information via portfolios. /servlet/api/portfolios/{portfolioId}?view={loginName
appconnectors.APPLICATION_ID.loginNameAttribute Defines the attribute name of the attribute that should be used to log in to the application. If login name is null retrieving/deleting Personal Data for the application may fail. Currently only in use for the HYPE enterprise application connector. userId