Creating secure feature keys

Control the database features available to users, by using the secure features database server option (-sf) to specify the features that users are prevented from accessing on the database server. The -sk database server option creates a system secure feature key, and the sp_create_secure_feature_key system procedure creates a customized secure feature key.

1. At a command prompt, start the database server using the -sf and -sk options.

   For example, the following command starts the database server and secures all features. The command also includes a key that can be used later to allow access to secured features for a connection.

   iqsrv16 -n secure_server -sf all -sk someSystemKey c:\myiqdemo.db

2. Connect to the database server:

   dbisql -c "UID=DBA;PWD=sql;Host=myhost;Server=secure_server;DBN=mydemo"

3. Call the sp_use_secure_feature_key system procedure to specify the secure feature key for the connection. In this case, the secure feature key is the same as that specified by the -sk option:

   CALL sp_use_secure_feature_key ( 'system' , 'someSystemKey' );

4. Change the secure features of the system secure feature key by using the sa_server_option system procedure.

   For example:

   CALL sa_server_option( 'SecureFeatures', '-remote_data_access' );

5. Create a customized secure feature key for a specific user.

   For example, create a customized secure feature key for Bob that allows him to send emails:

   CALL sp_create_secure_feature_key ( 'bobsKey' , 'anotherAuthKey' , 'sa_send_email' );

   After logging into the database, Bob must run the following command to send emails:

   CALL sp_use_secure_feature_key ( 'bobsKey' , 'anotherAuthKey' );

   Users of databases running on the database server secure_server are prevented from accessing all secured features except the remote_data_access feature. The user Bob, however, also has access to the sa_send_email feature.