Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
SAP Sybase SQL Anywhere 16.0 » SQL Anywhere Server - Database Administration » User and database security » Data security

 

Disk sandboxing

Enabling disk sandbox settings restricts the read-write file operations of the database to the directory where the main database file is located and any subdirectories of this directory. These restrictions allow users to perform file operations while preventing them from accessing files that users should not have access to. All database users have the same sandbox location.

When disk sandboxing is enabled, relative path names are treated as relative to the directory where the main database file (the system dbspace) is located. When disk sandboxing is not enabled, relative path names are assumed to be relative to the current working directory of the database server.

The most secure setting for disk sandboxing always takes precedence. If a database is started with sandboxing enabled (specified by one of the -sbx server options or the START DATABASE statement or if the disk_sandbox database option is set to On), then the database runs in a disk sandbox regardless of other settings that disable the disk sandboxing feature. Disk sandboxing can be enabled and disabled in the following ways:

Setting Scope Persistence Notes
-sbx database server option All databases running on the database server Current session only
  • Controlled by the secure feature setting
  • Specified when starting a database server
DiskSandbox option for the sa_server_option system procedure All databases running on the database server Current session only
  • Controlled by the secure feature setting
  • Specified after a database server has started
-sbx database option An individual database running on the database server Current session only
  • Controlled by the secure feature setting
  • Specified when starting a database server
sa_db_option system procedure An individual database running on the database server Current session only
  • Controlled by the secure feature setting
  • Specified after a database server has started
DISKSANDBOX clause of the START DATABASE statement An individual database running on the database server Current session only
  • Controlled by the secure feature setting
  • Specified after a database server has started
disk_sandbox database option The current database Setting persists across session
  • You must have the required system privilege
  • Specified for the database
 Secure features that control disk sandboxing
 Database backups and disk sandboxing
 See also
Copyright © 2013, SAP AG ou société affiliée SAP - SAP Sybase SQL Anywhere 16.0