Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
Control the database features available to users, by using the secure features database server option (-sf) to specify the features that users are prevented from accessing on the database server.
You must have the SERVER OPERATOR system privilege and have access to the MANAGE_KEYS feature.
Secured feature settings apply to all databases running on a database server.
The secure features option (-sf) controls the availability of such features as:
The -sk option specifies a SYSTEM secured feature key that manages access to secured features for a database server. To alter the list of secured features once the database server is running, use the sa_server_option system procedure. To alter a customized secured feature key once the database server is running, use the sp_alter_secure_feature_key system procedure.
The sp_create_secure_feature_key system procedure creates a customized secured feature key.
For example, the following command starts the database server and secures all features. The command also includes a key that can be used later to allow access to secured features for a connection.
dbsrv17 -n secure_server -sf all -sk secretAuthCode mydemo.db
dbisql -c "UID=DBA;PWD=passwd;Host=myhost;Server=secure_server;DBN=mydemo"
CALL sp_use_secure_feature_key ( 'system' , 'secretAuthCode' );
CALL sa_server_option( 'all', '-remote_data_access' );
For example, create a customized secured feature key for Bob that allows him to send emails:
CALL sp_create_secure_feature_key ( 'bobsKey' , 'anotherAuthKey' , 'sa_send_email' );
After logging into the database, Bob must run the following command to send emails:
CALL sp_use_secure_feature_key ( 'bobsKey' , 'anotherAuthKey' );
There is now a SYSTEM secured feature key for the database server, as well as a customized secured feature key that has been assigned to a specific user.
Users of databases running on the database server secure_server are prevented from accessing all secured features except the remote_data_access feature. The user Bob, however, also has access to the sa_send_email feature.