System secure features are features that you can make inaccessible to databases running on a database server.
When a feature is secured (made inaccessible), it is unavailable for use by client applications, database-defined stored procedures, triggers, and events. Secure feature settings apply to all databases running on the database server. Secure features are useful when you need to start a database that could contain embedded logic that you are uncertain of, such as a virus, or when you want to lock down the database server in situations where the database server or the database is hosted by a third-party vendor. The -sf database server option allows you to specify which features you want to secure for databases running on the database server.
A system secure feature key is created by specifying the -sk database server option when creating the database server. Use the sa_server_option system procedure to alter whether features are secured or unsecured once the database server is running.
Once you have created a system secure feature key, you can create customized secure feature keys that are assigned to a specific users, limiting users' access to only the features secured by the administrator for that key.
Customized secure feature keys are managed by select system procedures.