Describing Further Configuration Functions

Objectives

After completing this lesson, you will be able to:

  • Configure the restricted features list
  • Configure the blocked parameter list
  • Configure parameters with the console tool
  • Access the parameter reference

Restricted Features List

To maximize control over the SAP HANA database, you can disable certain features in tenant databases, for example, import and export operations or the ability to create or manage backups for specific databases. As some features are not required or desirable in specific environments, this area provides a further option to deactivate functions like direct access to the file system or network. A further advantage is that there is no need to know the syntax of the affected parameters.

Using the Restricted Features button in the Database Management application of your system database opens the Blocklisted & Restricted page. After choosing a tenant database, you can enable or disable specific features on the right-hand side using the checkboxes.

Note

To disable features on a tenant database, you need the INIFILE ADMIN system privilege.

The following examples show 2 different scenarios of using the restricted features list:

  1. Example 1: Restricted feature Import

    In this example, all import operations for the respective tenant database are deactivated. As a consequence, the error message, as an output of the Database Explorer, points to the system view M_CUSTOMIZABLE_FUNCTIONALITIES, which provides information about features that can be disabled and their status. This view exists in both the SYS schema of every database, where it contains database-specific information, and in the SYS_DATABASES schema of the system database, where it contains information about the enablement of features in all databases.

  2. Example 2: Restricted feature BACKUP - IGNORE_PATH_RESTRICT

    This restricted feature is used to deactivate the option to provide an individual file path when using backup operations like the creation of a backup. In accordance with the standard parameter basepath_backup, the respective value is fixed, but can be enhanced with a Subpath, however.

Note

Some restricted features directly force specific disabling of user interface elements in the SAP HANA cockpit. If, for example, the backup feature is disabled, the buttons Create Backup and Backup Schedules automatically disappear when accessing the backup area of the affected database.

For more information, see Restricted Features in Tenant Databases in the SAP HANA Security Guide.

Blocklist Parameters for Tenant Databases

The following section introduces a special improvement to the SAP HANA tenant database management called Blocklisted Parameters.

Blocklisted System Properties in Tenant Databases

To ensure the stability and performance of the overall system or for security reasons, you can prevent certain system properties from being changed by tenant database administrators; for example, properties related to the resource management. A configuration change blocklist for tenant databases is available for this purpose. The configuration of the blocklist can be done in the SAP HANA cockpit.

Note

To prevent changes to system properties in tenant databases, you need the INIFILE ADMIN system privilege.

System configuration (*.ini) files have a database layer to facilitate the configuration of system properties for individual tenant databases. However, it may be desirable to prevent changes to certain properties being made directly in tenant databases because they could, for example, affect the performance of the system as a whole (CPU and memory management properties).

For this reason, a dedicated configuration change blocklist, multidb.ini, is available. This blocklist contains several critical properties by default. You can customize the default configuration and add further properties by editing the file content in the SAP HANA cockpit.

Note

For details concerning the delivered standard content of multidb.ini, check the following link:

Default Blocklisted System Properties in Tenant Databases

System properties that are included in the multidb.ini file by default cannot be changed by members of the tenant database administrators. But system administrators can still change these properties in the system database for available all layers.

You can customize the default configuration blocklist by changing existing entries in the multidb.ini file or by adding parameters that were not yet included. Nevertheless, changing a parameter in the Database Configuration of the SYSTEMDB is still possible, assuming the needed authorization is assigned to the database user. As a consequence of adding a parameter to the multidb.ini file, the entry is listed for the respective database layer underneath the section readyonly_parameters.

The figure, Blocklisted Parameters in multidb.ini, shows an attempt to change a blocklisted parameter for a tenant database resulting in an error message. Tenant database administrators cannot change the properties in the configuration change blocklist. The attempt to change a blocklisted parameter results outputs the following error:

general error: change not allowed for tenant database (filename=<file_name>, database=<DB_name>, section=<section_name>, key=<parameter_name>)

For more information, see the following link:

Prevent Changes to System Properties in Tenant Databases in the SAP HANA Administration Guide for SAP HANA Platform.

Change Parameter Values with the Console Tool

Changing Parameter Values Using the Console Tool setParameter.py

Use the console tool setParameter.py to make changes to configuration parameter values, if, for any reason, it is not possible to achieve this with the SAP HANA cockpit, that is, to change configuration parameter values by executing an SQL statement. The tool can be run from the command line or integrated with other administration management tools and scripts, and can be used either when the database is offline or online.

Note

The tool setParameter.py ensures that if changes are made simultaneously to an ini file, the changes are synchronized and applied correctly. This eliminates the need for administrators to directly edit ini files on the file system level.

Using setParameter.py when the system is online, a comment can be entered to provide transparency about why a change was made; comments are saved in the M_INIFILE_CONTENT_HISTORY system view.

When you change parameter values in an online SAP HANA database system, you can include a request to reconfigure the services at the same time.

To identify at which layer the change should be made, specify one of the following layers:

  • SYSTEM
  • DATABASE:<DATABASENAME>
  • HOST:<HOSTNAME>

To change a parameter on a remote host, use the host layer. The remote system must be online and the host must be reachable. If no host name is provided, localhost is assumed.

If used in the context of a script, the setParameter.py console tool supports both setting and unsetting parameters. In this way, even multiple values at the same time can be applied. In case of unsetting a parameter, no key value is required.

Code snippet
python setParameter.py -set(or unset)=<LAYER>/<INIFILE_NAME>/<SECTION>/<KEY>=<VALUE>
[-comment=comment] [-reconfigure] [-sapcontrol=1]
Expand

In order to display the help page of help text, execute the following command:

Code snippet
python setParameter.py --help
Expand

Possible return codes are as follows:

  • 0 – executed successful
  • 1 – could not be executed: incorrect usage (unexpected parameter values)
  • 2 – other error: for example, unrecognized arguments

If the -sapcontrol=1 switch is used, then one of the following is printed in the output:

  • SAPCONTROL-OK
  • SAPCONTROL-ERROR:<errorMsg>

SAP HANA Configuration Framework

The following sections introduce several improvements to the SAP HANA Configuration Framework.

SAP HANA Configuration Parameter Reference

The SAP HANA Configuration Parameter Reference documentation provides an index file page, which contains details of the configuration parameters that are used to manage the operation of your SAP HANA database system. Each parameter has basic information such as its purpose, permitted values, and whether the change needs a restart of the database to take effect. Some parameters link to SAP Notes or to the SAP HANA System Administration Guide for SAP HANA Platform to get more detailed information.

Using the CONFIGURATION_PARAMETER_PROPERTIES and M_CONFIGURATION_PARAMETER_VALUES System Views

While operating your SAP HANA system, configuration adjustments can be required to improve performance. Changing configuration parameters might arise the question if the SAP HANA system needs a restart for the changes to take effect.

The SAP HANA database system provides two system views, CONFIGURATION_PARAMETER_PROPERTIES and M_CONFIGURATION_PARAMETER_VALUES, are provided to verify if changing particular parameters require a restart. Other details, if specified, are also available, such as:

  • ini-File the parameter is stored
  • Description and purpose
  • Default value
  • Measurement unit
  • Recommended value ranges
  • Restrictions to comply with (range, layer, custom, system_managed)
  • Read-only parameter (if applicable)

The system view CONFIGURATION_PARAMETER_PROPERTIES displays metadata and properties of the public configuration parameters for SAP HANA.

The system view M_CONFIGURATION_PARAMETER_VALUES displays landscape service parameter values.

When analyzing the results of the system view M_CONFIGURATION_PARAMETER_VALUES, you can also identify changed parameters, which still need a restart to take effect. The view also shows the ini-files and sections in which the parameters are stored.

Alerting Restart Requirements and Unsupported Parameter Values

The SAP HANA database system provides two alerts to remind the system administrator on a daily basis about a pending restart of the SAP HANA database system and inappropriate parameter configurations. Because the Restart required after configuration change alert is defined with a low-priority status, it has to be selected accordingly. Only high and medium alerts are shown in the alerts card by default.

Note
When editing and saving alert definitions, there is a feature (via the more ... link), to distribute these changes with Apply to other databases (see the figure, Alerting Restart Requirements and Unsupported Parameter Values).

Log in to track your progress & complete quizzes