Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Database Administration » User and database security » Data security » Secure features

 

Creating secure feature keys

Control the database features available to users, by using the secure features database server option (-sf) to specify the features that users are prevented from accessing on the database server. The -sk database server option creates a system secure feature key, and the sp_create_secure_feature_key system procedure creates a customized secure feature key.

Prerequisites

You must have the SERVER OPERATOR system privilege and have access to the manage_keys feature.

Context and remarks

Secure feature settings apply to all databases running on a database server.

The secure features option (-sf) controls the availability of such features as:

  • Server-side backups
  • External stored procedures
  • Remote data access
  • Web services

The -sk option specifies a system secure feature key that manages access to secure features for a database server. To alter the list of secured features once the database server is running, use the sa_server_option system procedure. To alter a customized secure feature key once the database server is running, use the sp_alter_secure_feature_key system procedure.

 Task
  1. At a command prompt, start the database server using the -sf and -sk options.

    For example, the following command starts the database server and secures all features. The command also includes a key that can be used later to allow access to secured features for a connection.

    dbsrv16 -n secure_server -sf all -sk someSystemKey c:\mydemo.db
  2. Connect to the database server:

    dbisql -c "UID=DBA;PWD=sql;Host=myhost;Server=secure_server;DBN=mydemo"
  3. Call the sp_use_secure_feature_key system procedure to specify the secure feature key for the connection. In this case, the secure feature key is the same as that specified by the -sk option:

    CALL sp_use_secure_feature_key ( 'system' , 'someSystemKey' );
  4. Change the secure features of the system secure feature key by using the sa_server_option system procedure.

    For example:

    CALL sa_server_option( 'SecureFeatures', '-remote_data_access' );
  5. Create a customized secure feature key for a specific user.

    For example, create a customized secure feature key for Bob that allows him to send emails:

    CALL sp_create_secure_feature_key ( 'bobsKey' , 'anotherAuthKey' , 'sa_send_email' );

    After logging into the database, Bob must run the following command to send emails:

    CALL sp_use_secure_feature_key ( 'bobsKey' , 'anotherAuthKey' );

    Users of databases running on the database server secure_server are prevented from accessing all secured features except the remote_data_access feature. The user Bob, however, also has access to the sa_send_email feature.

Results

There is now a system secure feature for the database server, as well as a customized secure feature that has been assigned to a specific user.

 See also