syncdata-default.properties

# Follow properites have their values assigned via 'overrides' environment variables of config server docker.
# DO NOT define these in any of the property files.  They must be passed as env variables.  Refer to config-server
# helm chart:
# db.dbuser.password 
# keycloak.internal.host
# keycloak.internal.url
# keycloak.admin.password
# mosip.auth.client.secret   (convention: <realm>.<keycloak client name>)
# mosip.ida.client.secret
# mosip.admin.client.secret
# mosip.reg.client.secret
# mosip.prereg.client.secret
# mosip.syncdata.client.secret
# softhsm.kernel.security.pin

## Sync data
mosip.kernel.syncdata.auth-manager-base-uri=${mosip.kernel.authmanager.url}/v1/authmanager
mosip.kernel.syncdata.auth-manager-roles=/roles
mosip.kernel.syncdata.auth-user-details=/userdetails
mosip.kernel.syncdata.syncdata-request-id=SYNCDATA.REQUEST
mosip.kernel.syncdata.syncdata-version-id=v1.0
# Name of the file that is present in the config server which has registration specific config.
mosip.kernel.syncdata.registration-center-config-file=registration-${spring.profiles.active}.properties
# Name of the file that is present in the config server which has global config.
mosip.kernel.syncdata.global-config-file=application-${spring.profiles.active}.properties
mosip.kernel.syncdata.syncjob-base-url=${mosip.kernel.syncdata.syncjob.url}/v1/syncjob/syncjobdef
mosip.kernel.syncdata-service-idschema-url=${mosip.kernel.masterdata.url}/v1/masterdata/idschema/latest

## SMS notification
mosip.kernel.sms.enabled=false
mosip.kernel.sms.country.code=91
mosip.kernel.sms.number.length=10
#mosip.kernel.sms.gateway : "infobip" or "msg91"
mosip.kernel.sms.gateway=gateway
## --msg91 gateway--
mosip.kernel.sms.api=smsapi
mosip.kernel.sms.authkey=authkey
mosip.kernel.sms.route=route
mosip.kernel.sms.sender=sender
mosip.kernel.sms.unicode=unicode

## Email notification
mosip.kernel.notification.email.from=mosipuser@gmail.com
spring.mail.host=smtphost
spring.mail.username=username
spring.mail.password=password
spring.mail.port=587
spring.mail.properties.mail.transport.protocol=smtp
spring.mail.properties.mail.smtp.starttls.required=true
spring.mail.properties.mail.smtp.starttls.enable=true
spring.mail.properties.mail.smtp.auth=true
spring.mail.debug=false
spring.servlet.multipart.enabled=true
spring.servlet.multipart.max-file-size=5MB

## Keymanager service
#Type of keystore, Supported Types: PKCS11, PKCS12, Offline, JCE
mosip.kernel.keymanager.hsm.keystore-type=OFFLINE
# For PKCS11 provide Path of config file.
# For PKCS12 keystore type provide the p12/pfx file path. P12 file will be created internally so provide only file path & file name.
# For Offline & JCE property can be left blank, specified value will be ignored.
mosip.kernel.keymanager.hsm.config-path=/config/softhsm-application.conf
# Passkey of keystore for PKCS11, PKCS12
# For Offline & JCE proer can be left blank. JCE password use other JCE specific properties.
mosip.kernel.keymanager.hsm.keystore-pass=${softhsm.kernel.security.pin}

## Auditmanager
mosip.kernel.auditmanager-service-logs-location=logs/audit.log

## Auth service
auth.jwt.secret=authjwtsecret
auth.jwt.base=Mosip-Token
auth.jwt.expiry=6000000
auth.token.header=Authorization
auth.refreshtoken.header=RefreshToken
auth.jwt.refresh.expiry=86400000
auth.primary.language=eng

otp.manager.api.generate=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/generate
otp.manager.api.verify=${mosip.kernel.otpmanager.url}/v1/otpmanager/otp/validate
otp.sender.api.email.send=${mosip.kernel.notification.url}/v1/notifier/email/send
otp.sender.api.sms.send={mosip.kernel.notification.url}/v1/notifier/sms/send
masterdata.api.template=${mosip.kernel.masterdata.url}/v1/masterdata/templates/
masterdata.api.template.otp=/otp-sms-template
idrepo.api.getuindetails=${mosip.idrepo.identity.url}/v1/identity/uin/{uin}

mosip.kernel.auth.app.id=auth
mosip.kernel.auth.client.id=mosip-auth-client
mosip.kernel.auth.secret.key=${mosip.auth.client.secret}

mosip.kernel.ida.app.id=ida
mosip.kernel.ida.client.id=mosip-ida-client
mosip.kernel.ida.secret.key=${mosip.ida.client.secret}

## Token id salts
mosip.kernel.tokenid.uin.salt=${mosip.kernel.uin.salt}
mosip.kernel.tokenid.partnercode.salt=${mosip.kernel.partnercode.salt}

## VID generator service
mosip.kernel.vid.min-unused-threshold=100000
mosip.kernel.vid.vids-to-generate=200000
mosip.kernel.vid.time-to-release-after-expiry=5
mosip.kernel.vid.pool-population-timeout=10000000
kernel.vid.revoke-scheduler-type=cron
kernel.vid.revoke-scheduler-seconds=0
kernel.vid.revoke-scheduler-minutes=0
kernel.vid.revoke-scheduler-hours=23
kernel.vid.revoke-scheduler-days_of_month=*
kernel.vid.revoke-scheduler-months=*
kernel.vid.revoke-scheduler-days_of_week=*
kernel.vid.isolator-scheduler-type=cron
kernel.vid.isolator-scheduler-seconds=0
kernel.vid.isolator-scheduler-minutes=0
kernel.vid.isolator-scheduler-hours=*
kernel.vid.isolator-scheduler-days_of_month=*
kernel.vid.isolator-scheduler-months=*
kernel.vid.isolator-scheduler-days_of_week=*

## PRID properties
mosip.kernel.prid.min-unused-threshold=1000
mosip.kernel.prid.prids-to-generate=2000
mosip.kernel.prid.pool-population-timeout=10000000
mosip.kernel.prid.sequence-limit=3
kernel.prid.revoke-scheduler-type=cron
kernel.prid.revoke-scheduler-seconds=0
kernel.prid.revoke-scheduler-minutes=0
kernel.prid.revoke-scheduler-hours=23
kernel.prid.revoke-scheduler-days_of_month=*
kernel.prid.revoke-scheduler-months=*
kernel.prid.revoke-scheduler-days_of_week=*

## Database properties
# Database hostname below is assuming postgres is running inside cluster in 'postgres' namespace
# If database is external to production, provide the DNS or ip of the host and port 
mosip.kernel.database.hostname=postgres-postgresql.postgres
mosip.kernel.database.port=5432

javax.persistence.jdbc.driver=org.postgresql.Driver
hibernate.dialect=org.hibernate.dialect.PostgreSQL95Dialect
hibernate.jdbc.lob.non_contextual_creation=true
hibernate.hbm2ddl.auto=none
hibernate.show_sql=false
hibernate.format_sql=false
hibernate.connection.charSet=utf8
hibernate.cache.use_second_level_cache=false
hibernate.cache.use_query_cache=false
hibernate.cache.use_structured_entries=false
hibernate.generate_statistics=false

logging.level.org.hibernate.SQL=ERROR
logging.level.org.hibernate.type=ERROR

admin_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel
admin_database_username=kerneluser
admin_database_password=${db.dbuser.password}

syncjob_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master
syncjob_database_username=masteruser
syncjob_database_password=${db.dbuser.password}

audit_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_audit
audit_database_username=audituser
audit_database_password=${db.dbuser.password}

masterdata_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master
masterdata_database_username=masteruser
masterdata_database_password=${db.dbuser.password}

uin.swagger.base-url=https://qa.mosip.io
uin_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel
uin_database_username=kerneluser
uin_database_password=${db.dbuser.password}
hibernate.current_session_context_class=org.springframework.orm.hibernate5.SpringSessionContext

id_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel
id_database_username=kerneluser
id_database_password=${db.dbuser.password}

vid_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel
vid_database_username=kerneluser
vid_database_password=${db.dbuser.password}

prid_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel
prid_database_username=kerneluser
prid_database_password=${db.dbuser.password}

keymanager.persistence.jdbc.driver=org.postgresql.Driver
keymanager_database_url = jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_keymgr
keymanager_database_password=${db.dbuser.password}
keymanager_database_username= keymgruser

otpmanager_database_username = kerneluser
otpmanager_database_url = jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel
otpmanager_database_password=${db.dbuser.password}

syncdata_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master
syncdata_database_username=masteruser
syncdata_database_password=${db.dbuser.password}

licensekeymanager.persistence.jdbc.driver=org.postgresql.Driver
licensekeymanager_database_url=jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_master
licensekeymanager_database_username=masteruser
licensekeymanager_database_password=${db.dbuser.password}

ridgenerator_database_username =regprcuser
ridgenerator_database_url =jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_regprc
ridgenerator_database_password=${db.dbuser.password}

## Keycloak properties
mosip.iam.base-url=${keycloak.internal.url}
mosip.iam.admin-realm-id=admin
mosip.iam.default.realm-id=mosip
mosip.iam.open-id-url =${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/
mosip.iam.realm.operations.base-url=${keycloak.internal.url}/admin/realms/{realmId}
mosip.iam.admin-url=${keycloak.internal.url}/admin/
mosip.iam.roles-extn-url=realms/mosip/roles
mosip.iam.users-extn-url=realms/mosip/users
mosip.iam.role-user-mapping-url=/{userId}/role-mappings/realm
mosip.iam.role-based-user-url=realms/{realm}/roles/{role-name}/users
#Self token resttemplate related to configuration
mosip.iam.adapter.clientid=mosip-syncdata-client
mosip.iam.adapter.clientsecret=${mosip.syncdata.client.secret}
mosip.iam.adapter.appid=registrationclient
mosip.iam.adapter.issuerURL=${keycloak.internal.url}/auth/realms/mosip
mosip.authmanager.client-token-endpoint=${mosip.authmanager.base-url}/authenticate/clientidsecretkey
mosip.iam.adapter.validate-expiry-check-rate=15
mosip.iam.adapter.renewal-before-expiry-interval=15
mosip.iam.adapter.self-token-renewal-enable=true

keycloak.realm=registration-client
keycloak.resource=account
keycloak.auth-server-url=${keycloak.internal.url}/auth
keycloak.ssl-required=none
keycloak.public-client=true
keycloak.use-resource-role-mappings=true
keycloak.verify-token-audience=true

mosip.iam.authorization_endpoint=${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/auth
mosip.iam.token_endpoint=${keycloak.internal.url}/auth/realms/{realmId}/protocol/openid-connect/token
mosip.admin.login_flow.name=authorization_code
mosip.admin.login_flow.response_type=code
mosip.admin.login_flow.scope=cls
mosip.admin.clientid=mosip-admin-client
mosip.admin.clientsecret={cipher}46b4a98aac7347e6a2d4f723e281cfd1e7b859100cc17494fc7ed9fb357a6cd9
mosip.admin.redirecturi=${mosip.authmanager.base-url}/login-redirect/
mosip.admin_realm_id=mosip
mosip.iam.master.realm-id=master
mosip.iam.pre-reg_user_password=mosip

## TODO: Below config is not needed anymore.  Need to remove init of db_3_DS in authmanager code. For now, we just
## point to a valid db.
#db_3_DS.keycloak.ipaddress= jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/keycloak
db_3_DS.keycloak.ipaddress= jdbc:postgresql://${mosip.kernel.database.hostname}:${mosip.kernel.database.port}/mosip_kernel
db_3_DS.keycloak.port=${mosip.kernel.database.port}
db_3_DS.keycloak.username=kerneluser
db_3_DS.keycloak.password=${db.dbuser.password}
db_3_DS.keycloak.driverClassName=org.postgresql.Driver

mosip.keycloak.admin.client.id=admin-cli
mosip.keycloak.admin.user.id=admin
mosip.keycloak.admin.secret.key=${keycloak.admin.password}

mosip.iam.impl.basepackage=io.mosip.kernel.auth.defaultimpl
mosip.auth.adapter.impl.basepackage=io.mosip.kernel.auth.defaultadapter

mosip.authmanager.base-url=${mosip.kernel.authmanager.url}/v1/authmanager

master.search.maximum.rows=50
mosip.level=2
mosip.kernel.masterdata.audit-url= ${mosip.kernel.auditmanager.url}/v1/auditmanager/audits
mosip.keycloak.max-no-of-users=20000

## Register device
mosip.kernel.keymanager-service-sign-url=${mosip.kernel.keymanager.url}/v1/keymanager/jwtSign
masterdata.registerdevice.timestamp.validate=+10

## Prereg
mosip.kernel.prereg.realm-id=mosip
mosip.kernel.prereg.client.id=mosip-prereg-client
mosip.kernel.prereg.secret.key=${mosip.prereg.client.secret}

## UIN scheduler
kernel.uin.transfer-scheduler-type=cron
kernel.uin.transfer-scheduler-seconds=0
kernel.uin.transfer-scheduler-minutes=48
kernel.uin.transfer-scheduler-hours=17
kernel.uin.transfer-scheduler-days_of_month=*
kernel.uin.transfer-scheduler-months=*
kernel.uin.transfer-scheduler-days_of_week=*

## UIN Auth adapter config
auth.server.admin.validate.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/admin/validateToken
auth.server.admin.allowed.audience=mosip-regproc-client,mosip-prereg-client,mosip-admin-client,mosip-reg-client,mosip-resident-client

## Proxy otp
mosip.kernel.auth.proxy-otp-value=111111
mosip.security.provider.name=SunPKCS11-pkcs11-proxy

## identity schema backward compatability ########
mosip.ui.spec.default.domain=registration-client

#### Required for admin UI ##############
## this pattern like --> display column : configKey. 
## We can provide multiple values with ";" separated 
mosip.admin.ui.configs=version:${aplication.configuration.level.version};locationHierarchyLevel:${mosip.recommended.centers.locCode};mandatoryLanguages:${mosip.mandatory-languages};optionalLanguages:${mosip.optional-languages};supportedLanguages: ${mosip.mandatory-languages},${mosip.optional-languages};leftToRightOrientation:${mosip.left_to_right_orientation};rightToLeftOrientation:${mosip.right_to_left_orientation};countryCode:${mosip.country.code}

## Used to get IAM user details. 
mosip.kernel.masterdata.auth-manager-base-uri=${mosip.kernel.authmanager.url}/v1/authmanager
mosip.kernel.masterdata.auth-user-details=/userdetails
## Security properties
mosip.security.csrf-enable=false
mosip.security.cors-enable=false
mosip.security.origins=localhost:8080
mosip.security.secure-cookie=false

## ROOT key identifier
mosip.root.key.applicationid=ROOT

## Certificate signing algorithm
mosip.kernel.certificate.sign.algorithm=SHA256withRSA

## Default certificate params
mosip.kernel.keymanager.certificate.default.common-name=www.mosip.io
mosip.kernel.keymanager.certificate.default.organizational-unit=MOSIP-TECH-CENTER
mosip.kernel.keymanager.certificate.default.organization=IITB
mosip.kernel.keymanager.certificate.default.location=BANGALORE
mosip.kernel.keymanager.certificate.default.state=KA
mosip.kernel.keymanager.certificate.default.country=IN

## Zero Knowledge Master & Public Key identifier.
mosip.kernel.zkcrypto.masterkey.application.id=KERNEL
mosip.kernel.zkcrypto.masterkey.reference.id=IDENTITY_CACHE
mosip.kernel.zkcrypto.publickey.application.id=IDA
mosip.kernel.zkcrypto.publickey.reference.id=PUBLIC_KEY
mosip.kernel.zkcrypto.wrap.algorithm-name=AES/ECB/NoPadding
mosip.kernel.zkcrypto.derive.encrypt.algorithm-name=AES/ECB/PKCS5Padding

## Application Id for PMS master key.
mosip.kernel.partner.sign.masterkey.application.id=PMS

datastores=ldap_1_DS,db_1_DS,db_2_DS

## Partner Management Service allowed partner domains
mosip.kernel.partner.allowed.domains=AUTH,DEVICE,FTM

## List of keys to auto generate.
mosip.kernel.keymanager.autogen.appids.list=ROOT,KERNEL:SIGN,PRE_REGISTRATION,REGISTRATION,REGISTRATION_PROCESSOR,ID_REPO,KERNEL:IDENTITY_CACHE,RESIDENT,PMS

## Random keys required for ZK encrypt.
zkcrypto.random.key.generate.count=10000

mosip.kernel.keymanager.autogen.basekeys.list=RESIDENT:mpartner-default-resident

# Keymanager service keystore cache properties
mosip.kernel.keymanager.keystore.keyreference.enable.cache=true

# API to get machine based on machine id
mosip.kernel.syncdata-service-machine-url=${mosip.kernel.masterdata.url}/v1/masterdata/machines/%s

# Flag added to choose client crypto implementation in syncdata service
# Needs to be updated to true in prod deployments
mosip.syncdata.tpm.required=false

mosip.kernel.registrationclient.app.id=registrationclient
mosip.kernel.registrationclient.client.id=mosip-reg-client
# env variable
mosip.kernel.registrationclient.secret.key=${mosip.reg.client.secret}

# API to fetch auth token and refresh token used by syncdata-service
mosip.kernel.authtoken.NEW.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/internal/useridPwd
mosip.kernel.authtoken.OTP.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/internal/userotp
mosip.kernel.authtoken.REFRESH.internal.url=${mosip.kernel.authmanager.url}/v1/authmanager/authorize/internal/refreshToken/registrationclient
mosip.kernel.auth.sendotp.url=${mosip.kernel.authmanager.url}/v1/authmanager/authenticate/sendotp

# Sample Additional configuration required for real HSM configured though JCE.
# Add the required JCE properties with prefix. - "mosip.kernel.keymanager.hsm.jce" for the property key
# mosip.kernel.keymanager.hsm.jce.className=io.mosip.keymanager.hsm.impl.AnyHSMKeyStoreImpl
# mosip.kernel.keymanager.hsm.jce.keyStoreType=HSMKeyStoreType
# mosip.kernel.keymanager.hsm.jce.keyStoreFile=AnyRequiredKeyStoreFile
# mosip.kernel.keymanager.hsm.jce.localKeyStorePwd=HSMPartitionPassword

## syncdata-service websub configuration (cacert sync)
syncdata.websub.topic.ca-cert=CA_CERTIFICATE_UPLOADED
# Secret for partner CA certificate CRUD callback
syncdata.websub.callback.secret.ca-cert=secret
# Callback url for partner CA certificate CRUD event
syncdata.websub.callback.url.path.ca-cert=/websub/callback/cacert
syncdata.websub.callback.url.ca-cert=${mosip.kernel.syncdata.url}/${server.servlet.context-path}/websub/callback/cacert
# Number of retires on subscription failure
syncdata.websub.resubscription.retry.count=3
# The time interval in seconds to schedule subscription of topics which is done as a
# work-around for the bug: MOSIP-9496. By default the
# this property value is set to 0 that disables this workaround.
# To enable the resubscrition scheduling, this property should be assigned with a positive
# number like 1 * 60 * 60 = 3600 for one hour
syncdata.websub.resubscription.delay.millis=43200000
subscriptions-delay-on-startup=120000

#Property to fetch location hierarchies during client settings sync
mosip.kernel.masterdata.locationhierarchylevels.uri=${mosip.kernel.masterdata.url}/v1/masterdata/locationHierarchyLevels
# Flag to identify the support of no thumbprint in 1.1.3 version. 
# Added this for backward compatability. default is false, means support is not required.
# Make it to true if support is required.
mosip.kernel.keymanager.113nothumbprint.support=false

mosip.sync.entity.url.APPLICANTTYPE.MVEL=${mosip.api.internal.url}/v1/syncdata/scripts/applicanttype.mvel
mosip.sync.entity.auth-required.APPLICANTTYPE.MVEL=true
mosip.sync.entity.auth-token.APPLICANTTYPE.MVEL=Authorization:OAUTH
mosip.sync.entity.encrypted.APPLICANTTYPE.MVEL=false
mosip.sync.entity.headers.APPLICANTTYPE.MVEL=Content-Type:text/plain;charset=UTF-8
mosip.sync.entity.only-on-fullsync.APPLICANTTYPE.MVEL=false

spring.jpa.properties.hibernate.jdbc.lob.non_contextual_creation=true

syncdata.cache.evict.delta-sync.cron=0 0/15 * * * *
syncdata.cache.snapshot.cron=0 0 23 * * * 

mosip.kernel.keymanager-service-publickey-url=${mosip.kernel.keymanager.url}/v1/keymanager/getCertificate?applicationId={applicationId}

mosip.kernel.keymanager.unique.identifier.autoupdate=false

## Roles
mosip.role.admin.syncdata.getclientsettings=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default
mosip.role.admin.syncdata.getpublickeyapplicationid=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default
mosip.role.admin.syncdata.gettpmpublickeyverify=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default
mosip.role.admin.syncdata.getlatestidschema=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default,PRE_REGISTRATION_ADMIN,REGISTRATION_PROCESSOR,INDIVIDUAL,RESIDENT,ID_AUTHENTICATION
mosip.role.admin.syncdata.getgetcertificate=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default
mosip.role.admin.syncdata.gettpmpublickeymachineid=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default,REGISTRATION_PROCESSOR
mosip.role.admin.syncdata.getconfigskeyIndex=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default
mosip.role.admin.syncdata.getuserdetails=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default
mosip.role.admin.syncdata.getgetcacertificates=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default
mosip.role.admin.syncdata.getv2clientsettings=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,REGISTRATION_ADMIN,default
mosip.role.admin.syncdata.getclientsettingsentityIdentifier=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,default
mosip.role.admin.syncdata.getscriptsscriptName=REGISTRATION_SUPERVISOR,REGISTRATION_OFFICER,default