3. Configuration

ACCOUNT_CGM_SCHEMA

Type: str()

Default: override_me

Schema for the CGM account service.

ACCOUNT_PORTAVITA_SCHEMA

Type: str()

Default: override_me

Schema for the Portavita account service.

BABEL_DEFAULT_LOCALE

Type: enum('da', 'de', 'en', 'nl', 'ru')

Default: en

Locale to be used by the application.

BABEL_DEFAULT_TIMEZONE

Type: str()

Default: UTC

The timezone to be used for user facing dates.

BABEL_TRANSLATION_DIRECTORIES

Type: path()

Default: /opt/mgrid/explorer/locale

A semi-colon (;) separated string of absolute and relative (to the app root) paths to translation folders.

CACHE_PLATFORM_API_BACKEND

Type: str()

Default: dogpile.cache.memory

The name of the backend to use for the platform API cache. See https://dogpilecache.sqlalchemy.org/en/latest/api.html#module-dogpile.cache.backends.memory

CACHE_PLATFORM_API_BACKEND_ARGUMENTS

Type: map()

Default: {}

Backend-specific arguments.

CACHE_PLATFORM_API_ENABLED

Type: bool()

Default: False

Enable or disable the platform API cache.

CACHE_PLATFORM_API_EXPIRE

Type: int()

Default: 3600

Maximum age in seconds of items in the platform API cache.

CACHE_PLATFORM_API_MAX_BYTE_LIMIT

Type: int()

Default: 0

Maximum number of result bytes allowed for caching. For unlimited, set to 0 (default).

CACHE_SHORT_TERM_BACKEND

Type: str()

Default: dogpile.cache.memory

The name of the backend to use for the short term cache. See https://dogpilecache.sqlalchemy.org/en/latest/api.html#module-dogpile.cache.backends.memory

CACHE_SHORT_TERM_BACKEND_ARGUMENTS

Type: map()

Default: {}

Backend-specific arguments.

CACHE_SHORT_TERM_ENABLED

Type: bool()

Default: True

Enable or disable the short term cache.

CACHE_SHORT_TERM_EXPIRE

Type: int()

Default: 3600

Maximum age in seconds of items in the short term cache.

CACHE_UI_API_EXPIRE

Type: int()

Default: 3600

Maximum time in seconds to cache data from the UI API.

DBPOOL_DATABASE

Type: str()

Default: override_me

The name of the datamart database.

DBPOOL_HOST

Type: str()

Default: override_me

The hostname of the datamart database.

DBPOOL_MAXCONNS

Type: int()

Default: 5

Maximum number of connections in the DWH database pool.

DBPOOL_MINCONNS

Type: int()

Default: 1

Number of connections that are created automatically in the datamart database pool.

DBPOOL_PASSWORD

Type: password()

Default: override_me

The password of the DWH database.

DBPOOL_PORT

Type: int()

Default: 5432

The port of the DWH database.

DBPOOL_USER

Type: str()

Default: override_me

The username of the DWH database.

EXPLORER_ACTION_COLUMN

Type: any(null(), str())

Default: None

Name of the column which value is used to call the action function.

EXPLORER_ACTION_FUNCTION

Type: any(null(), str())

Default: None

Name of the JavaScript function that is called when the user clicks a row in the table.

EXPLORER_APPLICATIONS

Type: list()

Default: []

Applications in the navigation header. An example: - id: dashboard type: dashboard name: Dashboard url: “https://dashboard.example.com#/dashboard” local: False - id: presets type: presets name: Presets url: “https://dashboard.example.com#/presets” local: False - id: patient-explorer type: explorer name: Patient Explorer url: “https://explorer1.example.com/table” local: True - id: activity-explorer type: explorer name: Activity Explorer url: “https://explorer2.example.com/table” local: False - id: reports type: reports name: Reports url: “https://explorer1.example.com/report” local: True

EXPLORER_BASE_URL

Type: url()

Default: https://explorer.example.com

The base URL of the application.

EXPLORER_CERTIFICATE

Type: path()

Default: /etc/mgrid/explorer/reportserver.client.crt

Certificate for connecting with the Reportserver.

EXPLORER_CONFIG_DIRECTORY

Type: path()

Default: /etc/mgrid/explorer/config

Directory where the configuration (filters, presets, projections, reports) is loaded from.

EXPLORER_DOWNLOAD_POT_ENABLED

Type: bool()

Default: False

Enable or disable the ability to download translation files.

EXPLORER_FAVICON

Type: str()

Default: mgrid-favicon.png

Location of the favicon image. May be a relative path, e.g. /static/images/mgrid-favicon.png if the favicon is present in the Explorer Docker image, or an absolute URL, e.g. https://explorer.example.com/favicon.png. In the case of an absolute URL, make sure that the CORS settings of the nginx proxy in the Docker image allow this URL.

EXPLORER_FILE_CSV

Type: str()

Default: patients

Prefix of the filename that is used for CSV download.

EXPLORER_FILE_DECIMAL_SEPARATOR

Type: str()

Default: ,

Decimal separator that is used for CSV and TAB downloads.

EXPLORER_FILE_INCLUDE_UTF8_BOM

Type: bool()

Default: False

Include byte order mark (BOM) on UTF-8 export (utf-8-sig encoding). This is typically used for Microsoft-based systems.

EXPLORER_FILE_JSON

Type: str()

Default: patients

Prefix of the filename that is used for JSON download.

EXPLORER_FILE_TAB

Type: str()

Default: patients

Prefix of the filename that is used for TAB download.

EXPLORER_LOGIN_EXPIRE

Type: int()

Default: 86400

Expiry in seconds when logged in.

Type: str()

Default: cgm-logo.png

Location of the logo image for the UI. May be a relative path, e.g. /static/images/mgrid_logo.svg if the logo is present in the Explorer Docker image, or an absolute URL, e.g. https://explorer.example.com/logo.png. In the case of an absolute URL, make sure that the CORS settings of the nginx proxy in the Docker image allow this URL.

EXPLORER_PRIVATE_KEY

Type: path()

Default: /etc/mgrid/explorer/reportserver.client.key

Private key of the certificate for connecting with the Reportserver.

EXPLORER_REPORT_DISPLAY_TARGET

Type: str()

Default: _blank

Browser display target when opening a report.

EXPLORER_REPORTS_ENABLED

Type: bool()

Default: True

Enable or disable the reports tab.

EXPLORER_REPORTS_CA_CERT

Type: path()

Default: /etc/mgrid/explorer/reportserver.serverca.crt

Certificate of the Reportserver CA.

EXPLORER_REPORTSERVER_URL

Type: url()

Default: https://reportserver.example.com

URL of the Reportserver.

EXPLORER_SEARCHBAR_ENABLED

Type: bool()

Default: True

Enable or disable searching for presets in the UI.

EXPLORER_TABLENAME

Type: str()

Default: explorer

The name of the table where data for a particular user is located.

EXPLORER_META_TABLENAME

Type: str()

Default: datamart_meta

The name of the table where metadata about the data table is stored. (e.g. last update time)

EXPLORER_TITLE

Type: str()

Default: Patient Explorer

Title of the application, shown in the UI and in the browser tab.

LOGGING_CONFIG_FILE

Type: path()

Default: /etc/mgrid/explorer/logging.ini

Path to the Python logging config file.

NUMBER_FORMAT_LOCALE

Type: enum('da', 'de', 'en', 'nl', 'ru')

Default: en

Locale for formatting numbers.

OIDC_ACCESS_TOKEN_URL

Type: url()

Default: https://authprov.example.com/oauth/token

Access token URL for OpenID Connect.

OIDC_APPLICATION_NAME

Type: str()

Default: explorer

Application name for OpenID Connect.

OIDC_AUTHORIZE_URL

Type: url()

Default: https://authprov.example.com/oauth/authorize

Authorize URL for OpenID Connect.

OIDC_BASE_URL

Type: url()

Default: https://authprov.example.com

Base URL for OpenID Connect.

OIDC_CLIENT_ID

Type: str()

Default: override_me

Client identifier for OpenID Connect.

OIDC_CLIENT_SECRET

Type: password()

Default: override_me

Client secret for OpenID Connect.

OIDC_CLIENT_AUTH_METHOD

Type: enum('client_secret_post', 'client_secret_basic')

Default: client_secret_post

Client authentication method for OpenID Connect.

OIDC_INTROSPECT_URL

Type: url()

Default: https://authprov.example.com/oauth/introspect

Introspect URL for OpenID Connect (OAuth2 RFC7662).

OIDC_LOGOUT_REDIRECT_URL

Type: url()

Default: https://authprov.example.com/logout

Redirect URL after logging out with OpenID Connect.

OIDC_PROVIDER_DOMAINS

Type: list(str())

Default: ['override_me']

Provider domains for OpenID Connect.

OIDC_PROVIDER_NAME

Type: str()

Default: MGRID

Provider name for OpenID Connect.

OIDC_REDIRECT_URL

Type: url()

Default: https://explorer.example.com/oauth/redirect

Redirect URL after logging in with OpenID Connect.

OIDC_SCOPE

Type: str()

Default: openid organization roles session

Scope for OpenID Connect.

OIDC_USERINFO_URL

Type: url()

Default: https://authprov.example.com/userinfo

Userinfo URL for OpenID Connect.

OIDC_USERINFO_PUBLICKEY

Type: any(null(), password())

Default: None

Path to public key file or JWK of the OpenID Connect userinfo signature (JWS).

ORM_ENGINE_CONFIG

Type: map()

Default: {'max_overflow': 10, 'pool_pre_ping': True, 'pool_recycle': -1, 'pool_reset_on_return': 'rollback', 'pool_size': 5, 'pool_timeout': 30}

Configuration to pass to the engine creation function. https://docs.sqlalchemy.org/en/20/core/engines.html#sqlalchemy.engine_from_config

ORM_SCHEMA

Type: str()

Default: public

The schema for the ORM of the explorer instance. Adjust for multiple explorer use.

PERMANENT_SESSION_LIFETIME

Type: int()

Default: 86400

# Maximum number of seconds which a newly issued cookie will be considered valid. # After this amount of time, the cookie will expire (effectively logging the user out).

PLATFORM_API_DATABASE_FETCH_SIZE

Type: int()

Default: 100

Number of records (rows) to fetch at a time when returning results. Affects the memory requirements when returning results.

PLATFORM_DOMAIN

Type: domain()

Default: example.com

Domain of the platform.

SECRET_KEY

Type: password()

Default: override_me

# The secret used for session cookie signing.

SECURITY_ADMIN_ROLES

Type: list(str())

Default: []

Roles which are allowed to change configuration using the configadmin page.

SECURITY_AUTH_METHOD

Type: enum('headless-jwt', 'oidc', 'password')

Default: password

Authenticationm method for the application.

SECURITY_ALLROWS_ROLES

Type: list(str())

Default: []

Roles which are allowed to view the whole explorer table (i.e. without rowfilter).

SECURITY_GROUP_MANAGEMENT_ROLES

Type: list(str())

Default: []

Roles which are allowed to create and manage presets of user group.

SECURITY_JWT_CONTENT_ALGORITHM

Type: str()

Default: A256CBC-HS512

Encryption algorithm used by JWT for the content.

SECURITY_JWT_KEY_ALGORITHM

Type: str()

Default: A256KW

Encryption algorithm used by JWT for the key.

SECURITY_JWT_KEY_ID

Type: str()

Default: default

Key id to to select when security_jwt_secret points to a keyset

SECURITY_JWT_LEEWAY

Type: int()

Default: 100

Leeway before and after the current time that the JWT token is valid.

SECURITY_JWT_REQUIRED_CLAIMS

Type: list()

Default: ['exp', 'iat', 'nbf', 'sub']

Claims which must be present in the JWT token, or it will be rejected. Beware that for some identity providers Explorer requires certain claims (e.g., MGRID requires the sub claim).

SECURITY_JWT_SECRET

Type: password()

Default: override_me

Secret key, file or url for signing the JWT token.

SECURITY_JWT_TIMEOUT

Type: int()

Default: 1000

The JWT token is not valid if the exp or iat claim is later than the current time plus the timeout.

SECURITY_PEPPER

Type: password()

Default: override_me

Application-wide value added to the password before hashing.

SECURITY_PII_ROLES

Type: list(str())

Default: []

Roles which are allowed to see personally identifiable information (PII).

SECURITY_PLATFORM_USER

Type: str()

Default: system:platform

The value of the JWT subject used between Dashboard and Explorer.

SECURITY_PRESET_MANAGEMENT_ROLES

Type: list(str())

Default: []

Roles which are allowed to create and manage presets of a whole schema.

SECURITY_SSL_VERIFY

Type: bool()

Default: True

Verify SSL certificate during authentication.

SERVER_NAME

Type: any(domain(), null())

Default: None

Name of the server.

Type: bool()

Default: True

# Enable or disable hiding cookie from JavaScript by setting the HttpOnly flag. # Not honored by all browsers.

Type: str()

Default: __host-explorer-session

Name of the session cookie.

Type: str()

Default: /

The path that the session cookie will be valid for.

Type: enum('None', 'Lax', 'Strict')

Default: Lax

Restricts how cookies are sent with requests from external sites.

Type: bool()

Default: True

Enable or disable sending the cookie only over a secure connection.

SESSION_FILE_DIR

Type: path()

Default: /tmp/flask_session

The directory where session files are stored.

SESSION_FILE_MODE

Type: int()

Default: 384

The file mode used for session files, e.g. 640.

SESSION_KEY_PREFIX

Type: str()

Default: session:

A prefix that is added to cache store keys.

SESSION_FILE_THRESHOLD

Type: int()

Default: 500

The maximum number of items the session stores before it starts deleting some.

SESSION_PERMANENT

Type: bool()

Default: False

Enable or disable permanent sessions.

SESSION_TYPE

Type: enum('null', 'filesystem', 'sqlalchemy')

Default: filesystem

Specifies which type of session interface to use.

WHITE_LABEL

Type: bool()

Default: False

Hide MGRID name and link to data protection statement when true.