To protect the system from new external routines that have not yet passed your quality metrics, the default execution mode for all external routines is EXECUTE PROTECTED. If the default specification for CREATE/REPLACE PROCEDURE were EXECUTE NOT PROTECTED, then an error in the created function could crash the system.
Protected mode is a database state that traps on memory address violations, corrupted data structures, and illegal computations, such as divide-by-zero, to ensure they do not crash the system. Protected mode does not detect or protect against CPU and memory loops or operating system I/Os such as opening external files to read from or write to them.
This execution mode isolates all of the data the external routine might access as a separate process, or “server” in its own local work space (see Teradata Vantage™ - SQL External Routine Programming, B035-1147 for details). If any memory violation or other system error occurs, then the error is localized to the routine and the transaction executing it, not the entire database (see Protected and Unprotected Execution Modes for more information).
Because this isolation also makes the routine run slower, you should change its protection mode to unprotected once it has passed all your quality metrics for being put into production use. You change the execution mode for the routine with a simple ALTER PROCEDURE request (see ALTER PROCEDURE (External Form)) and specifying the EXECUTE NOT PROTECTED option.
Do not make this change for any procedure that makes OS system calls. Any such procedure should always be run in protected mode. You do not need to recompile or relink the external routine after changing its protection mode.
As a rule, the DBA should only specify direct execution mode (assigned by the EXECUTE NOT PROTECTED option) for a procedure that performs CPU-only operations after it has been thoroughly debugged. No other user than the DBA, not even the software engineer who writes a UDF, should be granted the privileges to alter it to run in unprotected mode. Never run external routines that cause the OS to consume system resources in unprotected mode. This includes anything that causes the OS to allocate system context, including open files, pipes, semaphores, tokens, threads (processes), and so on.
The following table summarizes how the external procedure protection mode options should be used.
|IF …||THEN specify …|
|you are still developing and debugging a procedure||EXECUTE PROTECTED.|
|the procedure opens a file or uses another operating system resource that requires tracking by the operating system
This includes anything that causes the OS to allocate system context, including open files, pipes, semaphores, tokens, threads (processes), and so on.
Running such a procedure in unprotected mode could interfere with the proper operation of the database.
|the procedure is linked with CLIv2 or is written in Java||EXECUTE PROTECTED.
External procedures that are linked with CLIv2 can only run in protected mode.
|the procedure is a computational procedure that does not use any operating system resources||EXECUTE NOT PROTECTED.
Running an external procedure in unprotected mode speeds up the processing of the function considerably.
Use this option only after thoroughly debugging the procedure and making sure it produces the correct output.