I tried to play around with Secure Features to no success: I started a 16.0 DB (16.0.0.1691) with dbsrv16 -n test c:\database\test.db -sk test123 -sf manage_security But when I use call sp_list_secure_feature_keys( ); the result is: Use of statement 'sp_list_secure_feature_key', which requires feature 'MANAGE_KEYS', is not allowed SQLCODE=-1142, ODBC 3 State="HY000" If I try: call sp_use_secure_feature_key('manage_security','test123' ); the result is: Call to sp_use_secure_feature_key failed - the secure feature key named 'manage_security' does not exist SQLCODE=-1694, ODBC 3 State="HY000" I am puzzeled...so what am I missing? asked 14 Jan '14, 03:53 Martin |
Do your tests run with a connection that has been allowed to use these secured features, i.e. by calling CALL sp_use_secure_feature_key('system', 'test123'); or SET TEMPORARY OPTION secure_feature_key = 'test123'; (It might be easier to test with other secure features than manage_security first...) To clarify from Marks comment: The first parameter to the sp_use_secure_feature_key is the key name. When you initially start a server the only key name that exists is the "SYSTEM" key and the authorization key for the system key is specified on the server command line using the -sk option (and in your case is 'test123'). Once you have obtained authorization then you can use the system procedures that are enabled by the secure feature key. answered 14 Jan '14, 05:24 Volker Barth Martin as I said, calling sp_use_secure_feature_key to allow the use leads to an error. Manage_security seems to be necessary to call the "list" funtion, therefore my attempt to use it. I will try your suggestion with the temporary option.
(14 Jan '14, 05:35)
Martin
Replies hidden
setting the temporary option helps! After that the result of the "list" function is now:
(14 Jan '14, 05:37)
Martin
1
It's not the feature or feature set that does not exist, it's the feature key. - In my limited understanding, v16 does use distinct feature keys, and unless you create a custom key (via sp_create_secure_feature_key), you are using the "system" feature key by default. Therefore my suggestion to use sp_use_secure_feature_key for "system"...
(14 Jan '14, 06:24)
Volker Barth
1
Martin: Volker is correct. Do not confuse secure features with keys. The first parameter to the sp_use_secure_feature_key is the key name. When you initially start a server the only key name that exists is the "SYSTEM" key and the authorization key for the system key is specified on the server command line using the -sk option (and in your case is 'test123'). Once you have obtained authorization then you can use the system procedures that are enabled by the secure feature key. Also note that the manage_keys secure feature is always secured by default - i.e. users are unable to use it - so specifying '-sf manage_security' is not doing anything more than the server would have done normally.
(14 Jan '14, 08:50)
Mark Culp
You are right, the documentation was confusing me, as feature-key and feature-set are used like synonyms for the "use" command but the -sf option also uses feature-set for a totally different object which lead me the wrong way.
(14 Jan '14, 08:55)
Martin
|