To ensure the stability and performance of the overall system or for security reasons, you can prevent certain system properties from being changed by tenant database administrators, for example, properties related to resource management. A configuration change blacklist is available for this purpose. You configure the blacklist in the SAP HANA cockpit.
Prerequisites
- The system database is registered in the SAP HANA cockpit.
- You have the system privileges INIFILE ADMIN.
Context
System configuration (*.ini) files have a database layer to facilitate the configuration of system properties for individual tenant databases. However, it may be desirable to prevent changes to certain properties being made directly in tenant databases because they could for example affect the performance of the system as a whole (CPU and memory management properties).
For this reason, a dedicated configuration change blacklist, multidb.ini, is available. This blacklist contains several critical properties by default. You can customize the default configuration, as well as add further properties by editing the file in the SAP HANA studio.
Procedure
- On the Overview page of the system database in the SAP HANA cockpit, open Configuration of System Properties by clicking the corresponding administration link.
- Select the configuration file multidb.ini and the section readonly_parameters.
- Add a new parameter to the blacklist:
Results
Example:
The property [sql] sql_executors is blacklisted for all tenant databases in all configuration files by default. You could create a layered configuration for example as follows:- You change the sql entry at the system layer and enter plan_cache_size as the value. This overrides the default configuration so that [sql] plan_cache_size is blacklisted instead of [sql] sql_executors.
- You change the sql entry at the system layer and enter sql_executors and plan_cache_size as the value. This overrides the default configuration so that both [sql] plan_cache_size and [sql] sql_executors are blacklisted.
- You add a new entry indexserver.ini/sql at the system layer with the value plan_cache_size as the value. This adds a specific configuration for the indexserver.ini file. Here, now only [sql] plan_cache_size is blacklisted.