Configuration of the per-transaction database
A database for a transaction can be created by triggering the endpoint Start Transaction. This can be started by providing the id of the app for which the database should be created. In an App Repository the information for the creation on the database for this specific app are stored. To register an app, please contact a maintainer of the EuroDaT source code as the app definition needs to be hardcoded. An app definition consists of:
- An id for this app. This is used as a reference for the creation of the database when this is triggered with this id.
- A list of workflows which can be started for this app (
see Start Workflow)
- id to start the argo workflow
- name of the argo workflow template
- the entry-point in the argo workflow
- The ddl statement for the creation of the tables
The database will always contain three schemata:input
,intermediate
andoutput
The DDL statement should be provided in one file. It is not allowed to create additional schemata in the per-transaction database. You can enable row based security for tables in theoutput
schema which is configurable in a format like this.
create table output.table_name( transaction_id uuid not null primary key, security_column text not null); ALTER TABLE output.table_name ENABLE ROW LEVEL SECURITY;
On the output schema, you can use row level security which gives you the possibility to provide individual data for each participant. - The ddl statement for the creation of the safe deposit box
(Safe Deposit Database)) - The client mapping. This ensures that only the correct client can see their view on the output data.
This contains of a Dataclass with 4 inputs:
- clientId: This needs to correspond to the individual client identifier under which the participant is registered in EuroDaT. This corresponds to the clientId in Keycloak.
- the column name of which the row level security should be applied e.g. "security_column"
- the value which should be written into the column
- the name of the table which the rule should apply on. If this should be applied for multiple tables then multiple client mappings need to be provided for each table Every participant can only see the results in the given table where the value in the "security_column" matches their client ID as defined in the client mapping.