Click here to view and discuss this page in DocCommentXchange. In the future, you will be sent there automatically.
SQL Anywhere 17 » SQL Anywhere Server - Database Administration » User and database security » Data security » Secured features

Creating secured feature keys

Control the database features available to users, by using the secure features database server option (-sf) to specify the features that users are prevented from accessing on the database server.

Prerequisites

You must have the SERVER OPERATOR system privilege and have access to the MANAGE_KEYS feature.

Context

Secured feature settings apply to all databases running on a database server.

The secure features option (-sf) controls the availability of such features as:

  • Server-side backups
  • External stored procedures
  • Remote data access
  • Web services

The -sk option specifies a SYSTEM secured feature key that manages access to secured features for a database server. To alter the list of secured features once the database server is running, use the sa_server_option system procedure. To alter a customized secured feature key once the database server is running, use the sp_alter_secure_feature_key system procedure.

The sp_create_secure_feature_key system procedure creates a customized secured feature key.

Procedure

  1. At a command prompt, start the database server using the -sf and -sk options.

    For example, the following command starts the database server and secures all features. The command also includes a key that can be used later to allow access to secured features for a connection.

    dbsrv17 -n secure_server -sf all -sk secretAuthCode mydemo.db
  2. Connect to the database server:
    dbisql -c "UID=DBA;PWD=passwd;Host=myhost;Server=secure_server;DBN=mydemo"
  3. Call the sp_use_secure_feature_key system procedure to specify the SYSTEM secured feature key for the connection. The authorization code to use is specified by the -sk option:
    CALL sp_use_secure_feature_key ( 'system' , 'secretAuthCode' );
  4. Change the set of secured features on the server by using the sa_server_option system procedure.

    For example:

    CALL sa_server_option( 'all', '-remote_data_access' );
  5. Create a customized secured feature key for a specific user.

    For example, create a customized secured feature key for Bob that allows him to send emails:

    CALL sp_create_secure_feature_key ( 'bobsKey' , 'anotherAuthKey' , 'sa_send_email' );

    After logging into the database, Bob must run the following command to send emails:

    CALL sp_use_secure_feature_key ( 'bobsKey' , 'anotherAuthKey' );

Results

There is now a SYSTEM secured feature key for the database server, as well as a customized secured feature key that has been assigned to a specific user.

Users of databases running on the database server secure_server are prevented from accessing all secured features except the remote_data_access feature. The user Bob, however, also has access to the sa_send_email feature.

Related Information
-sf database server option
-sk database server option
sa_server_option system procedure
sp_alter_secure_feature_key system procedure
sp_create_secure_feature_key system procedure
sp_drop_secure_feature_key system procedure
sp_list_secure_feature_keys system procedure
sp_use_secure_feature_key system procedure