Describing Further Configuration Functions

Objective

After completing this lesson, you will be able to configure the restricted features and blocked parameters.

Restricted Features List

To maximize control over the SAP HANA database, you can disable certain features in tenant databases, for example, import and export operations or the ability to create or manage backups for specific databases. As some features are not required or desirable in specific environments, this area provides a further option to deactivate functions like direct access to the file system or network. A further advantage is that there is no need to know the syntax of the affected parameters.

This figure compares two SAP import configuration examples highlighting steps, parameters, and errors during setup.

Using the Restricted Features button in the Database Management application of your system database opens the Blocklisted & Restricted page. After choosing a tenant database, you can enable or disable specific features on the right-hand side using the checkboxes.

Note

To disable features on a tenant database, you need the INIFILE ADMIN system privilege.

The following examples show 2 different scenarios of using the restricted features list:

  1. Example 1: Restricted feature Import

    In this example, all import operations for the respective tenant database are deactivated. As a consequence, the error message, as an output of the Database Explorer, points to the system view M_CUSTOMIZABLE_FUNCTIONALITIES, which provides information about features that can be disabled and their status. This view exists in both the SYS schema of every database, where it contains database-specific information, and in the SYS_DATABASES schema of the system database, where it contains information about the enablement of features in all databases.

  2. Example 2: Restricted feature BACKUP - IGNORE_PATH_RESTRICT

    This restricted feature is used to deactivate the option to provide an individual file path when using backup operations like the creation of a backup. In accordance with the standard parameter basepath_backup, the respective value is fixed, but can be enhanced with a Subpath, however.

Note

Some restricted features directly force specific disabling of user interface elements in the SAP HANA cockpit. If, for example, the backup feature is disabled, the buttons Create Backup and Backup Schedules automatically disappear when accessing the backup area of the affected database.

For more information, see Restricted Features in Tenant Databases in the SAP HANA Security Guide.

Blocklist Parameters for Tenant Databases

The following section introduces a special improvement to the SAP HANA tenant database management called Blocklisted Parameters.

Blocklisted System Properties in Tenant Databases

To ensure the stability and performance of the overall system or for security reasons, you can prevent certain system properties from being changed by tenant database administrators; for example, properties related to the resource management. A configuration change blocklist for tenant databases is available for this purpose. The configuration of the blocklist can be done in the SAP HANA cockpit.

Note

To prevent changes to system properties in tenant databases, you need the INIFILE ADMIN system privilege.

System configuration (*.ini) files have a database layer to facilitate the configuration of system properties for individual tenant databases. However, it may be desirable to prevent changes to certain properties being made directly in tenant databases because they could, for example, affect the performance of the system as a whole (CPU and memory management properties).

For this reason, a dedicated configuration change blocklist, multidb.ini, is available. This blocklist contains several critical properties by default. You can customize the default configuration and add further properties by editing the file content in the SAP HANA cockpit.

Note

For details concerning the delivered standard content of multidb.ini, check the following link:

Default Blocklisted System Properties in Tenant Databases

System properties that are included in the multidb.ini file by default cannot be changed by members of the tenant database administrators. But system administrators can still change these properties in the system database for available all layers.

This figure shows steps to add and select blocked parameters for SAP system database management.

You can customize the default configuration blocklist by changing existing entries in the multidb.ini file or by adding parameters that were not yet included. Nevertheless, changing a parameter in the Database Configuration of the SYSTEMDB is still possible, assuming the needed authorization is assigned to the database user. As a consequence of adding a parameter to the multidb.ini file, the entry is listed for the respective database layer underneath the section readyonly_parameters.

This figure shows system and tenant database parameters, including an error preventing a parameter change in a database configuration.

The figure, Blocklisted Parameters in multidb.ini, shows an attempt to change a blocklisted parameter for a tenant database resulting in an error message. Tenant database administrators cannot change the properties in the configuration change blocklist. The attempt to change a blocklisted parameter results outputs the following error:

general error: change not allowed for tenant database (filename=<file_name>, database=<DB_name>, section=<section_name>, key=<parameter_name>)

For more information, see the following link:

Prevent Changes to System Properties in Tenant Databases in the SAP HANA Administration Guide for SAP HANA Platform.

SAP HANA Configuration Framework

The following sections introduce several improvements to the SAP HANA Configuration Framework.

SAP HANA Configuration Parameter Reference

The SAP HANA Configuration Parameter Reference documentation provides an index file page, which contains details of the configuration parameters that are used to manage the operation of your SAP HANA database system. Each parameter has basic information such as its purpose, permitted values, and whether the change needs a restart of the database to take effect. Some parameters link to SAP Notes or to the SAP HANA System Administration Guide for SAP HANA Platform to get more detailed information.

This figure shows configuration details for SAP HANA memory parameters, emphasizing the global_allocation_limit setting.

Using the CONFIGURATION_PARAMETER_PROPERTIES and M_CONFIGURATION_PARAMETER_VALUES System Views

While operating your SAP HANA system, configuration adjustments can be required to improve performance. Changing configuration parameters might arise the question if the SAP HANA system needs a restart for the changes to take effect.

The SAP HANA database system provides two system views, CONFIGURATION_PARAMETER_PROPERTIES and M_CONFIGURATION_PARAMETER_VALUES, are provided to verify if changing particular parameters require a restart. Other details, if specified, are also available, such as:

  • ini-File the parameter is stored
  • Description and purpose
  • Default value
  • Measurement unit
  • Recommended value ranges
  • Restrictions to comply with (range, layer, custom, system_managed)
  • Read-only parameter (if applicable)

The system view CONFIGURATION_PARAMETER_PROPERTIES displays metadata and properties of the public configuration parameters for SAP HANA.

The system view M_CONFIGURATION_PARAMETER_VALUES displays landscape service parameter values.

When analyzing the results of the system view M_CONFIGURATION_PARAMETER_VALUES, you can also identify changed parameters, which still need a restart to take effect. The view also shows the ini-files and sections in which the parameters are stored.

Alerting Restart Requirements and Unsupported Parameter Values

The SAP HANA database system provides two alerts to remind the system administrator on a daily basis about a pending restart of the SAP HANA database system and inappropriate parameter configurations. Because the Restart required after configuration change alert is defined with a low-priority status, it has to be selected accordingly. Only high and medium alerts are shown in the alerts card by default.

This figure compares alert details for unsupported configuration parameters and restart requirements in a system monitoring interface.

Note

When editing and saving alert definitions, there is a feature (via the more ... link), to distribute these changes with Apply to other databases (see the figure, Alerting Restart Requirements and Unsupported Parameter Values).

Log in to track your progress & complete quizzes

Learning

SAP FacebookSAP YoutubeSAP LinkedIn