Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.

SQL Anywhere 17 » SQL Anywhere Server - Database Administration » SQL Anywhere database server executable (dbsrv17, dbeng17) » Database server startup options

-sf database server option

Controls whether users have access to features for databases running on the current database server.

Unsecured features can be accessed by any user with the appropriate system role or privilege. A secured feature can only be accessed by a user that has been given the authorization to use a secured feature (by specifying an appropriate secured feature key) and who has the appropriate system role or privilege.

Syntax
dbsrv17 -sf feature-list ...
feature-list :
feature-name | feature-set[,[-]feature-name | feature-set] ...
Parameters
  • none

    Specifies that no features are secured.

  • manage_server

    This feature set prevents users from accessing all database server-related features. This set consists of the following features:

    • processor_affinity

      Prevents users from changing the processor affinity (the number of logical processors being used) of the database server.

    • manage_cockpitdb Prevents users from enabling or disabling the Cockpit, or from changing the default file for the Cockpit. That is, manage_cockpitdb prevents users from executing sa_server_option with the CockpitDB option.
    • manage_listeners

      Prevents users from starting or stopping a connection listener by using the sp_start_listener or sp_stop_listener system procedure.

    • manage_property_history Prevents users from enabling and configuring the tracking of database server property values.
  • manage_security

    This feature set prevents users from accessing features that allow the management of database server security. By default, these features are secured.

    • manage_features

      Prevents users from modifying the list of features that can be secured on the database server.

    • manage_keys

      Prevents the creation, modification, deletion, or listing of secured feature keys.

      A user that has access to the manage_keys feature but not the manage_features feature cannot define a key with more features than those assigned to the user.

    • manage_disk_sandbox

      Prevents users from temporarily changing disk sandbox settings by using the sa_server_option system procedure or the sa_db_option system procedure. The manage_disk_sandbox feature cannot be turned off for all databases or users. It can only be turned off for individual connections by using the sp_use_secure_feature_key system procedure.

  • server_security

    This feature set prevents users from accessing features that can temporarily bypass security settings. By default, the following features, except for trace_system_event, are secured.

    • disk_sandbox

      Prevents users from performing read-write file operations on the database outside the directory where the main database file is located.

    • trace_system_event

      Prevents users from creating user-defined trace events.

    • database_isolation Allows database isolation to be temporarily turned off for the current connection.
  • all

    This feature set prevents users from accessing the following groups:

    • client

      This feature set prevents users from accessing all features that allow access to client-related input and output. This feature controls access to the client computing environment. This set consists of the following features:

      • read_client_file

        Prevents the use of statements that can cause a client file to be read. For example, the READ_CLIENT_FILE function and the LOAD TABLE statement.

      • write_client_file

        Prevents the use of all statements that can cause a client file to be written to. For example, the UNLOAD statement and the WRITE_CLIENT_FILE function.

    • remote

      This feature set prevents users from accessing all features that allow remote access or communication with remote processes. This set consists of the following features:

      • remote_data_access

        Prevents the use of any remote data access services, such as proxy tables.

      • send_email

        Prevents the use of email system procedures, such as xp_sendmail.

      • send_udp

        Prevents the ability to send UDP packets to a specified address by using the sa_send_udp system procedure.

      • web_service_client

        Prevents the use of web service client stored procedure calls (stored procedures that issue HTTP requests).

    • local

      This feature set prevents users from accessing all local-related features. This feature controls access to the server computing environment. This set consists of the local_call, local_db, local_io, and local_log feature subsets.

      • local_call

        This feature set prevents users from accessing all features that can execute code that is not directly part of the database server and is not controlled by the database server. This set consists of the following features:

        • cmdshell

          Prevents the use of the xp_cmdshell procedure.

        • external_procedure

          Prevents the use of user-defined external stored procedures.

        • external_library_full_text

          Prevents the use of a user-defined external term breaker library.

        • java

          Prevents the use of Java-related features, such as Java procedures.

      • local_db

        This feature set prevents users from accessing all features related to database files. This set consists of the following features:

        • backup

          Prevents the use of the BACKUP DATABASE statement, and with it, the ability to run server-side backups. You can still perform client-side backups by using the dbbackup utility.

        • restore

          Prevents the use of the RESTORE DATABASE statement.

        • database

          Prevents the use of the CREATE DATABASE, ALTER DATABASE, and DROP DATABASE statements.

          It also prevents the use of the CREATE ENCRYPTED FILE, CREATE DECRYPTED FILE, CREATE ENCRYPTED DATABASE, and CREATE DECRYPTED DATABASE statements.

        • dbspace

          Prevents the use of the CREATE DBSPACE, ALTER DBSPACE, and DROP DBSPACE statements.

      • local_env

        This feature set prevents users from accessing all features related to environment variables. This set consists of the following features:

        • getenv

          Prevents users from reading the value of any environment variable.

      • local_io

        This feature set prevents users from accessing all features that allow direct access to files and their contents. This set consists of the following features:

        • create_trace_file

          Prevents the use of statements that create an event tracing target.

        • read_file

          Prevents the use of statements that can cause a local file to be read. For example, the xp_read_file system procedure, the LOAD TABLE statement, and the use of OPENSTRING( FILE... ).

        • write_file

          Prevents the use of all statements that can cause a local file to be written to. For example, the UNLOAD statement and the xp_write_file system procedure.

        • delete_file

          Prevents the use of all statements that can cause a local file to be deleted. For example, securing this feature causes the dbbackup utility to fail if the -x or -xo options are specified.

        • directory

          Prevents the use of directory class proxy tables. This feature is disabled when remote_data_access is disabled.

        • file_directory_functions

          This feature set prevents users from accessing all of the following individual features:

          • sp_list_directory

            Prevents the use of the sp_list_directory system procedure.

          • sp_create_directory

            Prevents the use of the sp_create_directory system procedure.

          • sp_copy_directory

            Prevents the use of the sp_copy_directory system procedure.

          • sp_move_directory

            Prevents the use of the sp_move_directory system procedure.

          • sp_delete_directory

            Prevents the use of the sp_delete_directory system procedure.

          • sp_copy_file

            Prevents the use of the sp_copy_file system procedure.

          • sp_move_file

            Prevents the use of the sp_move_file system procedure.

          • sp_delete_file

            Prevents the use of the sp_delete_file system procedure.

          • sp_disk_info

            Prevents the use of the sp_disk_info system procedure.

      • local_log

        Prevents users from accessing all logging features that result in creating or writing data directly to a file on disk. This set consists of the following features:

        • request_log

          Prevents the ability to change the request log file name and also prevents the ability to increase the limits of the request log file size or number of files. You can specify the request log file and limits on this file in the command to start the database server; however, they cannot be changed once the database server is started. When request log features are disabled, you can still turn request logging on and off and reduce the maximum file size and number of request logging files.

        • console_log

          Prevents the ability to change the database server message log file name using the ConsoleLogFile option of the sa_server_option system procedure. Securing this feature also prevents the ability to increase the maximum size of the database server message log file using the ConsoleLogMaxSize option of the sa_server_option system procedure. You can specify a server log file and its size when starting the database server.

        • webclient_log

          Prevents the ability to change the web service client log file name using the WebClientLogFile option of the sa_server_option system procedure. You can specify a web service client log file when starting the database server.

Default

none

Applies to

All operating systems.

Remarks

This option allows the owner of the database server to control whether users have access to features for databases running on the database server. The -sk database server option allows the owner of the database server to create the SYSTEM secured feature key that permits users access to features secured by the -sf database server option.

If you start a database server without specifying the -sk database sever option, the features specified by the -sf database sever option and some default features are secured and there is no way to change which features are secured while the database server is running. You cannot create the SYSTEM secure feature key later using a system stored procedure. You must shut down the database server and specify the -sk database sever option when you restart it.

The feature-list is a comma-separated list of feature names or feature sets to secure for the database server. Securing a feature makes it inaccessible to all database users other than administrators. Specifying a feature set secures all the features included in the set. To secure one or more, but not all, of the features in the feature set, specify the individual feature name.

Use feature-name to indicate that the feature should be secured (made inaccessible), and -feature-name or feature-name- to indicate that the feature should be unsecured (accessible to all database users). For example, the following command indicates that only dbspace features are accessible to all users:

Note

Sub-features of feature sets that are secured by default, cannot be unsecured from the command line. In other words the following command will not work:

-sf manage_security,-manage_keys

To use sub-features of feature sets that are secured by default, call the sp_use_secure_feature_key system procedure specifying the SYSTEM secure feature key which includes MANAGE_KEYS and the password specified by the -sk option :

CALL sp_use_secure_feature_key( 'system' , 'letmeinweyou' );

Example

The following command starts a database server named secure_server with all local data access features secured, except for the dbspace feature.

dbsrv17 -n secure_server -sf all,-dbspace

The following command starts a database server named secure_server with all remote data access features secured, except for the web_service_client feature. The key specified by the -sk option can be used later with the sp_use_secure_feature_key system procedure to make these features accessible to all users on the current connection.

dbsrv17 -n secure_server -sf remote,-web_service_client -sk j978kls12

If a user connected to a database running on the secure_server database server uses the sp_use_secure_feature_key system procedure with the authorization_key parameter set to the same value as that specified by -sk, that connection has access to the remote data access features:

CALL sp_use_secure_feature_key ( 'MyKey' , 'j978kls12' );

The following command secures all features, with the exception of local database features:

dbsrv17 -n secure_server -sf all,-local_db