Name | Description | Default |
---|---|---|
mappedServers | This property is used to map the WAR modules to the target servers (WAS servers + IHS webservers). The value is a concatenation of server strings. If DPTK should be installed into a cluster the string looks as follows WebSphere:cell=connectionsCell,node=HTTPNode,server=webserver1+WebSphere:cell=connectionsCell,cluster=DPTKCluster. This value assumes that the cell name is connectionsCell, and the node name of the Webserver is HTTPNode. These values must be adjusted according the target cell names. If DPTK should be installed to a single server the String might looks as follows WebSphere:cell=connectionsCell,node=HTTPNode,server=webserver1+WebSphere:cell=connectionsCell,node=connectionsNode,server=connectionsNode_DPTKServer1 | NO VALUE SET PER DEFAULT |
jarMappedServers | This property is used to map the EJB modules to the target servers (WAS servers). The value is a concatenation of server strings. If DPTK should be installed into a cluster the string looks as follows WebSphere:cell=connectionsCell,cluster=DPTKCluster. This value assumes that the cell name is connectionsCell, the node name of the Webserver is HTTPNode and the node name of the DPTKServer is connectionsNode. These values must be adjusted according the names in the target cell. If DPTK should be installed to a single server (e.g. DPTKServer) the String might looks as follows WebSphere:cell=connectionsCell,node=connectionsNode,server=connectionsNode_DPTKServer | NO VALUE SET PER DEFAULT |
ear.security-role.dptk.user | Specify the id of the user that should be granted the application role dptk. For multiple users, seperate via pipe | | NO VALUE SET PER DEFAULT |
ear.security-role.dptk.group | Specify the id of the group that should be granted the application role dptk. For multiple groups, seperate via pipe | | NO VALUE SET PER DEFAULT |
ear.security-role.dptkAdmin.user | Specify the id of the user that should be granted the application role dptkAdmin. For multiple users, seperate via pipe | | NO VALUE SET PER DEFAULT |
ear.security-role.dptkAdmin.group | Specify the id of the group that should be granted the application role dptkAdmin. For multiple users, seperate via pipe | | NO VALUE SET PER DEFAULT |
Name | Description | Default |
---|---|---|
DMGR_PROFILE | Specify the path to the DMGR profile | C:\IBM\WebSphere\AppServer\profiles\Dmgr01 |
WAS_HOME | Specify the path to the WebSphere AppServer installation root | C:\IBM\WebSphere\AppServer |
DMGR_SOAP_PORT | Specify the SOAP port that is used to access the MBeans of the DMGR process | NO VALUE SET PER DEFAULT |
CELL_NAME | Specify the cell name of the Connections installation. This value can be retrieved by looking into the config directory dir %DMGR_PROFILE%\config\cells (Windows) or ls -l $DMGR_PROFILE/config/cells (Linux) | NO VALUE SET PER DEFAULT |
DPTK_CLUSTER_NAME | Specify the cluster name of the DPTK cluster. This value can be retrieved by looking into the config directory dir %DMGR_PROFILE%\config\cells\%CELL_NAME%\clusters (Windows) or ls -l $DMGR_PROFILE/config/cells/$CELL_NAME/clusters (Linux) | DPTKCluster |
WASADMIN_USER | Specify the username of the wasadmin user (e.g.: wasadmin) | NO VALUE SET PER DEFAULT |
WASADMIN_PASSWORD | Specify the password of the wasadmin user | NO VALUE SET PER DEFAULT |
DPTK_USER | Specify the id of the user that should be granted the application role dptk. For multiple users, separate via pipe | | NO VALUE SET PER DEFAULT |
DPTK_GROUP | Specify the id of the group that should be granted the application role dptk. For multiple groups, separate via pipe | | NO VALUE SET PER DEFAULT |
DPTK_ADMINUSER | Specify the id of the user that should be granted the application role dptkAdmin. For multiple users, separate via pipe | | NO VALUE SET PER DEFAULT |
DPTK_ADMINGROUP | Specify the id of the group that should be granted the application role dptkAdmin. For multiple users, separate via pipe | | NO VALUE SET PER DEFAULT |
Name | Description | Default |
---|---|---|
type | The connection type for accessing the WebSphere AdminClient | SOAP |
host | The DeploymentManager hostname. This value must be changed, if DPTK is installed in a clustered installation or the DeploymentManager is not located on the same node as the DPTK server | localhost |
port | The DeploymentManagers SOAP port. | 8879 |
j2calias | The name of the J2C alias that stores the Connections Admin credentials. | connectionsAdmin |
com.ibm.SOAP.requestTimeout | The timeout for each AdminClient operation. | 0 |
Name | Description | Default |
---|---|---|
configpath | The file system directory that will be used for storing DPTK configuration items | The default is in the parent path of the set WebSphere variable CONNECTIONS_CUSTOMIZATION_PATH |
userstates.cacheSize | The size of the caches that preserves loaded user states in order to avoid heavy memory consumption and possible OOMs. The number should be roughly as high as the number of Employees that are stored in PeopleDB | 500000 |
reports.cacheSize | The size of the caches that preserves loaded reports in order to avoid heavy memory consumption and possible OOMs. The number should be roughly as high as the number of reports that are stored in DPTK | 30000 |
reports.history.accessible | Archived reports will be accessible to every user with Data Privacy Officer (dptk) role. If false, only admin users can see it. | false |
reports.title | The title for Data Privacy Reports. Use the following placeholders for variable replacements: {id}: Report Id (e.g. 0001), username: User Display Name (e.g. Frank Adams), {date}: Creation Date (e.g. May 15, 2018) | Report {id}: {username} |
reports.meta.attributes | Comma-separated list of meta-attributes that should be added to the DPTK report exports. Allowed values are title=Report title, summary=Report message, author=Report author, titlePage=Report overview page (containing aforementioned meta information) | title,summary,author,titlePage |
reports.archiveAfter | Time in hours after which reports will be archived. Once archived, the reports can be accessed only via administrative DPTK users | 24 |
reports.deleteAfter | Time in hours after which reports will be marked for deletion. Once deleted, the reports cannot be accessed any longer. The deletion will only be performed, if dptk.scheduler.reportdeletion.enabled is set to true | 720 |
reports.pdf.export.file.name | The PDF export name of Data Privacy Reports. Use the following placeholders for variable replacements: {id}: Report Id (e.g. 0001), username: User Display Name (e.g. Frank Adams), {date}: Creation Date (e.g. 15052018), Profile attributes (e.g. {base.managerUid}) | Data-Privacy-Report-{id}-{username} |
reports.csv.export.file.name | The CSV export name of Data Privacy Reports. Use the following placeholders for variable replacements: {id}: Report Id (e.g. 0001), username: User Display Name (e.g. Frank Adams), {date}: Creation Date (e.g. 15052018), Profile attributes (e.g. {base.managerUid}) | Data-Privacy-Report-{id}-{username} |
profile.anonymize.attributes | Specify the (comma separated) list of profile attributes that should be pseudonymized. For extension attributes, please refer to the customization documentation. | base.alternateLastname,base.bldgId,base.blogUrl,base.calendarUrl,base.countryCode,base.courtesyTitle,base.description,base.deptNumber,base.displayName,base.distinguishedName,base.email,base.employeeTypeCode,base.employeeNumber,base.experience,base.faxNumber,base.floor,base.freeBusyUrl,base.givenName,base.givenNames,base.groupwareEmail,base.guid,base.ipTelephoneNumber,base.isManager,base.jobResp,base.key,base.lastUpdate,base.loginId,base.managerUid,base.mobileNumber,base.nativeFirstName,base.nativeLastName,base.officeName,base.orgId,base.pagerId,base.pagerNumber,base.pagerServiceProvider,base.pagerType,base.preferredFirstName,base.preferredLanguage,base.preferredLastName,base.profileType,base.shift,base.secretaryUid,base.sourceUrl,base.surname,base.surnames,base.telephoneNumber,base.timezone,base.title,base.tenantKey,base.uid,base.userState,base.workLocationCode,ext.profileLinks |
profile.anonymize.immutableAttributes | Specify a (comma separated) list of profile attributes that shouldn’t be changeable | base.workLocationCode,base.employeeTypeCode,base.isManager,base.managerUid,base.orgId,base.uid,base.guid,base.key,base.tenantKey,base.loginId,base.distinguishedName,base.givenName,base.surname,base.title,base.lastUpdate,base.profileType,base.sourceUrl,base.userid,base.userState |
profile.anonymize.defaultValues | Specify a (comma separated) list of profile attribute key=value pairs to set default values for pseudonymization. All fields not included here or in the profile.anonymize.immutableAttributes list will be emptied by default. The field base.displayName allows for the use of a placeholder for variable replacements: {id}: Report Id (e.g. 0001), {rnd}: Random generated Id | base.displayName=Anonymous User, base.surname=User, base.surnames=User, base.givenName=Anonymous, base.givenNames=Anonymous |
profile.anonymize.profileContentTypesToHandle | Specify a (comma seperated) list of profile content types that should be handled by the application. Content types represent content conntected to the profile, which are not contained within the actual profile attributes. Allowed values are: bookmark: profile bookmarks, colleagues: profile network contacts, soundFile: profile pronunciation file, tags: profile tags | bookmarks,colleagues,soundFile,tags |
profile.anonymize.useConnPseudonymizePIBean | Defines whether the MBean task for PI pseudonymization should be leveraged (https://help.hcltechsw.com/connections/v6/admin/admin/t_common_manage_user_requests_to_erase_pd.html) | true |
profile.anonymize.processFaultyProfile | Defines whether a profile that is considered faulty should be pseudonymized. This means that certain aspects of the current profile status are known to cause errors in certain scenarios. The pseudonymization may still correctly process the user, but can potentially also run into issues and leave the profile in an undesired state. | true |
profile.search.results.returnUniqueResultForUid | Defines whether search results from API and DB should be merged, in case a user is identified by its UID in the database. Note: Settings this value to true may lead to omitted search results depending on your UID values. | false |
dptk.access.test.user | Specify a PROF_GUID of a user that should be used for a testing the anonymization configuration. The selftest endpoint is /api/selftest/check/field/access.json | NO VALUE SET PER DEFAULT |
dptk.scheduler.anonymize.enabled | Defines whether a automated (scheduled) pseudonymization job should run, pseudonymizing all profiles that were inactivated since the last run. Uses the properties profile.anonymize.attributes, profile.anonymize.immutableAttributes and profile.anonymize.defaultValues to define what information will be pseudonymized. | false |
dptk.scheduler.anonymize.cron | Defines the start interval for (scheduled) pseudonymization job. | 0 5 */6 * * * |
dptk.scheduler.anonymize.graceperiod | Defines the time (in milliseconds) that should pass after a profile was identified to be inactive, before the pseudonymization task will be executed. | 2592000000 |
dptk.scheduler.anonymize.resultlog.enabled | Defines whether the result of each anonymization job (e.g. list of anonymized profiles) should be logged or not | true |
dptk.scheduler.reportdeletion.enabled | Defines whether a automated (scheduled) deletion job should run that deletes reports. | false |
dptk.scheduler.reportdeletion.cron | Defines the start interval for (scheduled) deletion job. | 0 10 */6 * * * |
dptk.scheduler.reportdeletion.exclude.incomplete.enabled | Defines whether open reports are to be excluded from deletion job. | true |
dptk.scheduler.reportdeletion.category.inquiry.enabled | Defines whether reports of category ‘inquiry’ should be deleted. | false |
dptk.scheduler.reportdeletion.category.anonymize.enabled | Defines whether reports of category ‘anonymize’ should be deleted. | false |
dptk.scheduler.reportdeletion.forceDeleteExpired | Defines whether reports will always be deleted after they exceed the expiration time. This property will be prioritized over the handling of incomplete reports or reports that are excluded from deletion. Set this property if you want to enforce a deletion (no matter what state the report is in) after exceeding the expiration time. | false |
wkhtmltopdf.command.exec | Specifies binary executable that should be invoked for PDF exports (e.g.: /mnt/my_shared_fs/dptk/pdf/wkhtmltox/bin/wkhtmltopdf) | wkhtmltopdf |
Name | Description | Default |
---|---|---|
appconnectors.ids | Specify a (comma separated) list of app connectors (e.g. app-icxt, app-expertise-v3, app-crowdsourcing) that should be utilized for information retrieval and anonymize operations. | NO VALUE SET PER DEFAULT |
appconnectors.blacklist | Specify a (comma separated) list of app connectors (e.g. app-icxt) that should NOT be utilized for information retrieval and anonymize operations. | NO VALUE SET PER DEFAULT |
appconnectors.attributes.mapping | Specify a (comma separated) list of attribute key=value pairs to map a specific 3rd-party field to an existing Connections field (e.g. app-crowdsourcing.email=base.email) | app-crowdsourcing.name=base.displayName, app-expertise-v3.display_name=base.displayName, app-crowdsourcing.email=base.email, app-expertise-v3.email=base.email, app-expertise-v3.last_name=base.surname, app-expertise-v3.first_name=base.givenName, app-crowdsourcing.connectionsId=base.guid, app-expertise-v3.phone.primary=base.telephoneNumber |
The following parameters can be provided for all connected applications (which are defined via the above appconnectors.ids configuration parameter). The word APPLICATION_ID in below parameter names refers to the respective application id, e.g. app-expertise-v4 or app-hype-enterprise.
Name | Description | Default |
---|---|---|
appconnectors.APPLICATION_ID.class | Define the classname of the class that implements the app connectors interface for the application | Expertise360 (v4), Expertise360 (v3), HCL Connections Crowdsourcing: com.ibm.ess.ic.dptk.connectors.impl.apps.GenericAppConnector, HYPE enterprise / Innovation App: com.ibm.ess.ic.dptk.connectors.impl.apps.HypeEnterpriseConnector |
appconnectors.APPLICATION_ID.baseUrl | Defines Base URL for the application | NO VALUE SET PER DEFAULT |
appconnectors.APPLICATION_ID.userDataUri | Defines URL path to get User Personal Data for the application | Expertise360 (v4) , Expertise360 (v3) : /admin/userdata, HCL Connections Crowdsourcing: /dptk/userdata |
appconnectors.APPLICATION_ID.userProfileUri | Defines URL path to get User Profile Data for the application | Expertise360 (v4) , Expertise360 (v3) : /admin/userprofile, HCL Connections Crowdsourcing: /dptk/userprofile |
appconnectors.APPLICATION_ID.anonymizeUri | Defines URL path which is used to Detele Personal Data of User for the application | Expertise360 (v4) , Expertise360 (v3) : /admin/anonymize, HCL Connections Crowdsourcing: /dptk/anonymize |
appconnectors.APPLICATION_ID.getProfilesUri | Defines URL path to get All Profiles for the application | Expertise360 (v4), Expertise360 (v3) : /admin/profiles, HCL Connections Crowdsourcing: /dptk/profiles |
appconnectors.APPLICATION_ID.heartbeatUri | Defines URL path to check If Connector Backend is Alive for the application | Expertise360 (v4), Expertise360 (v3): /stats, HCL Connections Crowdsourcing: /licences, HYPE enterprise / Innovation App: /favicon.ico |
appconnectors.APPLICATION_ID.portfolioIds | Defines list of portifolio Ids which are used to gather USER personal Data from. Currently only the HYPE enterprise application provides the information via portfolios. | NO VALUE SET PER DEFAULT |
appconnectors.APPLICATION_ID.genericPortfolioUri | Defines URL path to generate portfolio end point url which is used to get Personal Data from portfolio for the application. This will leverage the portfolio ids from appconnectors.APPLICATION_ID.portfolioIds and add them to the {portfolioId} in the provided URL path. Currently only the HYPE enterprise application provides the information via portfolios. | /servlet/api/portfolios/{portfolioId}?view={loginName |
appconnectors.APPLICATION_ID.loginNameAttribute | Defines the attribute name of the attribute that should be used to log in to the application. If login name is null retrieving/deleting Personal Data for the application may fail. Currently only in use for the HYPE enterprise application connector. | userId |