To protect the system from new external routines that have not passed your quality metrics, the default execution mode for all external routines is EXECUTE PROTECTED. If the default specification for CREATE METHOD and REPLACE METHOD were EXECUTE NOT PROTECTED, then an error in the created function could crash the system.
Protected mode is a database state that traps on memory address violations, corrupted data structures, and illegal computations, such as divide-by-zero, to ensure they do not crash the system. Protected mode does not detect or protect against CPU and memory loops or operating system I/Os such as opening external files to read from or write to them.
This execution mode isolates all of the data the external routine might access as a separate process, or “server” in its own local work space (see Teradata Vantage™ - SQL External Routine Programming, B035-1147 for details). If any memory violation or other system error occurs, then the error is localized to the routine and the transaction executing it, not the entire database (see Protected and Unprotected Execution Modes for more information).
Because this isolation also makes the routine run slower, you should change its protection mode to unprotected once it has passed all your quality metrics for being put into production use. You change the execution mode for the routine with a simple ALTER METHOD request and specifying the EXECUTE NOT PROTECTED option.
Both Java and row-level security constraint UDFs must run in protected mode and cannot be altered to run in unprotected mode (see Special Considerations for Java UDFs.
Do not make this change for any method that makes OS system calls. Any such method should always be run in protected or secure mode. You do not need to recompile or relink the external routine after changing its protection mode.
As a rule, the DBA should only specify direct execution mode (assigned by the EXECUTE NOT PROTECTED option) for a method that performs CPU-only operations after it has been thoroughly debugged. No other user than the DBA, not even the software engineer that writes a UDF, should be granted the privileges to alter it to run in unprotected mode. Never run external routines that cause the OS to consume system resources in unprotected mode. This includes anything that causes the OS to allocate system context, including open files, pipes, semaphores, tokens, threads (processes), and so on.
The following table summarizes how the method protection mode options should be used:
|IF …||THEN specify …|
|you are still developing and debugging a method||EXECUTE PROTECTED.|
|the method opens a file or uses another operating system resource that requires tracking by the operating system
This includes anything that causes the OS to allocate system context, including open files, pipes, semaphores, tokens, threads (processes), and so on.
Running such a method in unprotected mode could interfere with the proper operation of the database.
|the method does not use any operating system resources||EXECUTE NOT PROTECTED.
Running a method in unprotected mode speeds up processing considerably.
Use this option only after thoroughly debugging the method and making sure it produces the correct output.