-sf iqsrv16 database server option

Syntax

iqsrv16 -sf feature-list ...

feature-list :
feature-name | feature-set [ ,feature-name | feature-set ] ...

Parameters

• none – Specifies that no features are secured.
• manage_server – Prevents users from accessing all database server-related features. This set consists of the following features:
  • processor_affinity – Prevents users from changing the processor affinity (the number of logical processors being used) of the database server.
• manage_security – Prevents users from accessing features that allow the management of database server security. By default, these features are secured.
  • manage_features – Prevents users from modifying the list of features that can be secured on the database server.
  • manage_keys – Prevents the creation, modification, deletion, or listing of secure feature keys.

    A user that has access to the manage_keys feature but not the manage_features feature cannot define a key with more secure features than those assigned to the user.

  • manage_disk_sandbox – Prevents users from temporarily changing disk sandbox settings by using the sa_server_option system procedure or the sa_db_option system procedure. The manage_disk_sandbox secure feature cannot be turned off for all databases or users—it can only be turned off for individual connections by using the sp_use_secure_feature_key system procedure.
• server_security – Prevents users from accessing features that can temporarily bypass security settings. By default, these features are secured.
  • disk_sandbox – Prevents users from performing read-write file operations on the database outside the directory where the main database file is located.
  • trace_system_event – Prevents users from creating user-defined trace events.
• all – Prevents users from accessing the following groups:
  • client – Prevents users from accessing all features that allow access to client-related input and output. This feature controls access to the client computing environment. This set consists of the following features:
    • read_client_file – Prevents the use of statements that can cause a client file to be read. For example, the READ_CLIENT_FILE function and the LOAD TABLE statement.
    • write_client_file – Prevents the use of all statements that can cause a client file to be written to. For example, the UNLOAD statement and the WRITE_CLIENT_FILE function.
  • remote – Prevents users from accessing all features that allow remote access or communication with remote processes. This set consists of the following features:
    • remote_data_access – Prevents the use of any remote data access services, such as proxy tables.
    • send_udp – Prevents the ability to send UDP packets to a specified address by using the sa_send_udp system procedure.
    • send_email – Prevents the use of email system procedures, such as xp_sendmail.
    • web_service_client – Prevents the use of web service client stored procedure calls (stored procedures that issue HTTP requests).
  • local – Prevents users from accessing all local-related features. This feature controls access to the server computing environment. This set consists of the local_call, local_db, local_io, and local_log feature subsets.
    • local_call – Prevents users from accessing all features that provide the ability to execute code that is not directly part of the database server and is not controlled by the database server. This set consists of the following features:
      • cmdshell – Prevents the use of the xp_cmdshell procedure.
      • external_procedure – Prevents the use of external stored procedures. This setting does not disable the use of the xp_* system procedures (such as xp_cmdshell, xp_readfile, and so on) that are built into the database server. Separate feature control options are provided for these system procedures.
      • external_procedure_v3 – See the User-Defined Functions guide.
      • java – Prevents the use of Java-related features, such as Java procedures.
    • local_db – Prevents users from accessing all features related to database files. This set consists of the following features:
      • backup – Prevents the use of the BACKUP statement, and with it, the ability to run server-side backups. You can still perform client-side backups by using the dbbackup utility.
      • restore – Prevents the use of the RESTORE DATABASE statement.
      • database – Prevents the use of the CREATE DATABASE, ALTER DATABASE, DROP DATABASE, CREATE ENCRYPTED FILE, CREATE DECRYPTED FILE, CREATE ENCRYPTED DATABASE, and CREATE DECRYPTED DATABASE statements.
      • dbspace – Prevents the use of the CREATE DBSPACE, ALTER DBSPACE, and DROP DBSPACE statements.
    • local_env – Prevents users from accessing all features related to environment variables. This set consists of the following features:
      • getenv – Prevents users from reading the value of any environment variable.
    • local_io – Prevents users from accessing all features that allow direct access to files and their contents. This set consists of the following features:
      • create_trace_file – Prevents the use of statements that create an event tracing target.
      • read_file – Prevents the use of statements that can cause a local file to be read. For example, the xp_read_file system procedure, the LOAD TABLE statement, and the use of OPENSTRING( FILE... ). The alternate names load_table and xp_read_file are deprecated.
      • write_file – Prevents the use of all statements that can cause a local file to be written to. For example, the UNLOAD statement and the xp_write_file system procedure. The alternate names unload_table and xp_write_file are deprecated.
      • delete_file – Prevents the use of all statements that can cause a local file to be deleted. For example, securing this feature causes the dbbackup utility to fail if the -x or -xo options are specified.
      • directory – Prevents the use of directory class proxy tables. This feature is disabled when remote_data_access is disabled.
      • sp_list_directory – Prevents the use of the sp_list_directory system procedure.
      • sp_create_directory – Prevents the use of the sp_create_directory system procedure.
      • sp_copy_directory – Prevents the use of the sp_copy_directory system procedure.
      • sp_move_directory – Prevents the use of the sp_move_directory system procedure.
      • sp_delete_directory – Prevents the use of the sp_delete_directory system procedure.
      • sp_copy_file – Prevents the use of the sp_copy_file system procedure.
      • sp_move_file – Prevents the use of the sp_move_file system procedure.
      • sp_delete_file – Prevents the use of the sp_delete_file system procedure.
    • local_log – Prevents users from accessing all logging features that result in creating or writing data directly to a file on disk. This set consists of the following features:
      • request_log – Prevents the ability to change the request log file name and also prevents the ability to increase the limits of the request log file size or number of files. You can specify the request log file and limits on this file in the command to start the database server; however, they cannot be changed once the database server is started. When request log features are disabled, you can still turn request logging on and off and reduce the maximum file size and number of request logging files.
      • console_log – Prevents the ability to change the database server message log file name using the ConsoleLogFile option of the sa_server_option system procedure. Securing this feature also prevents the ability to increase the maximum size of the log file using the ConsoleLogMaxSize option of the sa_server_option system procedure. You can specify a server log file and its size when starting the database server.
      • webclient_log – Prevents the ability to change the web service client log file name using the WebClientLogFile option of the sa_server_option system procedure. You can specify a web service client log file when starting the database server.

Applies to

All operating systems and database servers.

Remarks

This option allows the owner of the database server to control whether users have access to features for databases running on the database server. The -sk option allows the owner of the database server to create a system secure feature key that prevents users from accessing features specified by the -sf option.

If you start a database without specifying a system secure feature key, the default secure features are secured, and you cannot change the secure feature settings for the database server or any databases running on it. You cannot create the system secure feature key later—you must shut down the database server and specify a system secure feature key when you restart it.

The feature-list is a comma-separated list of feature names or feature sets to secure for the database server. Securing a feature makes it inaccessible to all database users other than administrators. Specifying a feature set secures all the features included in the set. To secure one or more, but not all, of the features in the feature set, specify the individual feature name.

-sf manage_security, -manage_keys

Use feature-name to indicate that the feature should be secured (made inaccessible), and -feature-name or feature-name- to indicate that the feature should be unsecured (accessible to all database users). For example, the following command indicates that only dbspace features are accessible to all users:

iqsrv16 -n secure_server -sf all,-dbspace