X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/3ba5aa15ea0156a4fce63dcb43b7f972b4c760df..0dffc025de9ebc7a54596e1018a589a6f5b8a03e:/services/api/config/application.default.yml

diff --git a/services/api/config/application.default.yml b/services/api/config/application.default.yml
index a3ff6800be..f18c89f732 100644
--- a/services/api/config/application.default.yml
+++ b/services/api/config/application.default.yml
@@ -87,6 +87,8 @@ common:
   admin_notifier_email_from: arvados@example.com
   email_subject_prefix: "[ARVADOS] "
   user_notifier_email_from: arvados@example.com
+  new_user_notification_recipients: [ ]
+  new_inactive_user_notification_recipients: [ ]
 
   # Visitors to the API server will be redirected to the workbench
   workbench_address: https://workbench.local:3001/
@@ -127,3 +129,14 @@ common:
   # Amount of time (in seconds) for which a blob permission signature
   # remains valid.  Default: 2 weeks (1209600 seconds)
   blob_signing_ttl: 1209600
+
+  # Allow clients to create collections by providing a manifest with
+  # unsigned data blob locators. IMPORTANT: This effectively disables
+  # access controls for data stored in Keep: a client who knows a hash
+  # can write a manifest that references the hash, pass it to
+  # collections.create (which will create a permission link), use
+  # collections.get to obtain a signature for that data locator, and
+  # use that signed locator to retrieve the data from Keep. Therefore,
+  # do not turn this on if your users expect to keep data private from
+  # one another!
+  permit_create_collection_with_unsigned_manifest: false