Controls whether users have access to features for databases running on the current database server. A secured feature can only be accessed by a user with appropriate privileges, while an unsecured feature can be accessed by all users.
dbsrv16 -sf feature-list ...
feature-list : feature-name | feature-set [ ,feature-name | feature-set ] ...
|Feature set||Included features (feature sets in bold)|
All features are unsecured except manage_features, manage_keys, and disk_sandbox.
none Specifies that no features are secured.
manage_server Prevents users from accessing all database server-related features. This set consists of the following features:
processor_affinity Prevents users from changing the processor affinity (the number of logical processors being used) of the database server.
manage_security Prevents users from accessing features that allow the management of database server security. By default, these features are secured.
manage_features Prevents users from modifying the list of features that can be secured on the database server.
manage_keys Prevents the creation, modification, deletion, or listing of secure feature keys.
A user that has access to the manage_keys feature but not the manage_features feature cannot define a key with more secure features than those assigned to the user.
manage_disk_sandbox Prevents users from temporarily changing disk sandbox settings by using the sa_server_option system procedure or the sa_db_option system procedure. The manage_disk_sandbox secure feature cannot be turned off for all databases or users—it can only be turned off for individual connections by using the sp_use_secure_feature_key system procedure. See -sbx database server option or -sbx database option.
server_security Prevents users from accessing features that can temporarily bypass security settings. By default, these features are secured.
all Prevents users from accessing the following groups:
client Prevents users from accessing all features that allow access to client-related input and output. This feature controls access to the client computing environment. This set consists of the following features:
read_client_file Prevents the use of statements that can cause a client file to be read. For example, the READ_CLIENT_FILE function and the LOAD TABLE statement. See Access to data on client computers.
write_client_file Prevents the use of all statements that can cause a client file to be written to. For example, the UNLOAD statement and the WRITE_CLIENT_FILE function. See Access to data on client computers.
remote Prevents users from accessing all features that allow remote access or communication with remote processes. This set consists of the following features:
remote_data_access Prevents the use of any remote data access services, such as proxy tables.
send_udp Prevents the ability to send UDP packets to a specified address by using the sa_send_udp system procedure.
send_email Prevents the use of email system procedures, such as xp_sendmail.
web_service_client Prevents the use of web service client stored procedure calls (stored procedures that issue HTTP requests).
local Prevents users from accessing all local-related features. This feature controls access to the server computing environment. This set consists of the local_call, local_db, local_io, and local_log feature subsets.
local_call Prevents users from accessing all features that provide the ability to execute code that is not directly part of the database server and is not controlled by the database server. This set consists of the following features:
cmdshell Prevents the use of the xp_cmdshell procedure. See xp_cmdshell system procedure.
external_procedure Prevents the use of external stored procedures. This setting does not disable the use of the xp_* system procedures (such as xp_cmdshell, xp_readfile, and so on) that are built into the database server. Separate feature control options are provided for these system procedures. See SQL Anywhere external call interface.
java Prevents the use of Java-related features, such as Java procedures. See Java in the database.
local_db Prevents users from accessing all features related to database files. This set consists of the following features:
backup Prevents the use of the BACKUP statement, and with it, the ability to run server-side backups. You can still perform client-side backups by using the dbbackup utility. See BACKUP statement.
restore Prevents the use of the RESTORE DATABASE statement. See RESTORE DATABASE statement.
database Prevents the use of the CREATE DATABASE, ALTER DATABASE, DROP DATABASE, CREATE ENCRYPTED FILE, CREATE DECRYPTED FILE, CREATE ENCRYPTED DATABASE, and CREATE DECRYPTED DATABASE statements.
dbspace Prevents the use of the CREATE DBSPACE, ALTER DBSPACE, and DROP DBSPACE statements.
local_env Prevents users from accessing all features related to environment variables. This set consists of the following features:
getenv Prevents users from reading the value of any environment variable. See xp_getenv system procedure.
local_io Prevents users from accessing all features that allow direct access to files and their contents. This set consists of the following features:
create_trace_file Prevents the use of statements that create an event tracing target. See Event tracing.
read_file Prevents the use of statements that can cause a local file to be read. For example, the xp_read_file system procedure, the LOAD TABLE statement, and the use of OPENSTRING( FILE... ). The alternate names load_table and xp_read_file are deprecated.
write_file Prevents the use of all statements that can cause a local file to be written to. For example, the UNLOAD statement and the xp_write_file system procedure. The alternate names unload_table and xp_write_file are deprecated.
delete_file Prevents the use of all statements that can cause a local file to be deleted. For example, securing this feature causes the dbbackup utility to fail if the -x or -xo options are specified.
directory Prevents the use of directory class proxy tables. This feature is disabled when remote_data_access is disabled.
sp_list_directory Prevents the use of the sp_list_directory system procedure.
sp_create_directory Prevents the use of the sp_create_directory system procedure.
sp_copy_directory Prevents the use of the sp_copy_directory system procedure.
sp_move_directory Prevents the use of the sp_move_directory system procedure.
sp_delete_directory Prevents the use of the sp_delete_directory system procedure.
sp_copy_file Prevents the use of the sp_copy_file system procedure.
sp_move_file Prevents the use of the sp_move_file system procedure.
sp_delete_file Prevents the use of the sp_delete_file system procedure.
local_log Prevents users from accessing all logging features that result in creating or writing data directly to a file on disk. This set consists of the following features:
request_log Prevents the ability to change the request log file name and also prevents the ability to increase the limits of the request log file size or number of files. You can specify the request log file and limits on this file in the command to start the database server; however, they cannot be changed once the database server is started. When request log features are disabled, you can still turn request logging on and off and reduce the maximum file size and number of request logging files. See Request logging.
console_log Prevents the ability to change the database server message log file name using the ConsoleLogFile option of the sa_server_option system procedure. Securing this feature also prevents the ability to increase the maximum size of the log file using the ConsoleLogMaxSize option of the sa_server_option system procedure. You can specify a server log file and its size when starting the database server.
webclient_log Prevents the ability to change the web service client log file name using the WebClientLogFile option of the sa_server_option system procedure. You can specify a web service client log file when starting the database server. See -zoc database server option.
All operating systems and database servers.
This option allows the owner of the database server to control whether users have access to features for databases running on the database server. The -sk option allows the owner of the database server to create a system secure feature key that prevents users from accessing features specified by the -sf option.
If you start a database without specifying a system secure feature key, the default secure features are secured, and you cannot change the secure feature settings for the database server or any databases running on it. You cannot create the system secure feature key later—you must shut down the database server and specify a system secure feature key when you restart it.
The feature-list is a comma-separated list of feature names or feature sets to secure for the database server. Securing a feature makes it inaccessible to all database users other than administrators. Specifying a feature set secures all the features included in the set. To secure one or more, but not all, of the features in the feature set, specify the individual feature name.
Sub-features of feature sets that are secured by default, cannot be unsecured from the command line. In other words the following command will not work:
-sf manage_security, -manage_keys
Use feature-name to indicate that the feature should be secured (made inaccessible), and -feature-name or feature-name- to indicate that the feature should be unsecured (accessible to all database users). For example, the following command indicates that only dbspace features are accessible to all users:
dbsrv16 -n secure_server -sf all,-dbspace
The following command starts a database server named secure_server with access to the request log and with all remote data access features secured. The key specified by the -sk option can be used later with the sp_use_secure_feature_key system procedure to make these features accessible to all users on the current connection.
dbsrv16 -n secure_server -sf remote,-request_log -sk j978kls12
If a user connected to a database running on the secure_server database server uses the sp_use_secure_feature_key system procedure with the authorization_key parameter set to the same value as that specified by -sk, that connection has access to the remote data access features:
CALL sp_use_secure_feature_key ( 'MyKey' , 'j978kls12' );
The following command secures all features, with the exception of local database features:
dbsrv16 -n secure_server -sf all,-local_db
Discuss this page in DocCommentXchange.
|Copyright © 2014, SAP AG or an SAP affiliate company. - SAP Sybase SQL Anywhere 16.0|