You can make system secure features inaccessible to databases running on a database server.
When a feature is secured (made inaccessible), it is unavailable for use by client applications, database-defined stored procedures, triggers, and events. Secure feature settings apply to all databases that are running on the selected database server. Secure features are useful when you need to start a database that might contain embedded logic that you are unsure about, such as a virus, or if you want to lock down a database server or database hosted by a third-party vendor. The -sf database server option allows you to specify which features you want to secure for databases running on the database server.
A system secure feature key is created by specifying the -sk database server option when creating the database server. Use the sa_server_option system procedure to alter whether features are secured or unsecured once the database server is running.
Once you have created a system secure feature key, you can create customized secure feature keys that are assigned to a specific users, limiting users' access to only the features secured by the administrator for that key.
Customized secure feature keys are managed by select system procedures.