Managing encryption privileges

This task is part of the main task of Encrypting local data. After you have complete these steps, return to Overview of local data encryption.

Procedure

Once an application connects to a database with the authenticated user ID and password, the application can create new users, change passwords, or remove a registered user from the system. The syntax for creating a new user or changing a password is:

 GRANT ENCRYPT ON DATABASE TO "newuser" USING "grantorpassword" NEW "newpassword"

The syntax for removing a registered user is:

 REVOKE ENCRYPT ON DATABASE FROM "user" 

Note:

If all registered users are removed from the DB2eSYSUSERS table (using the REVOKE statement), no more encryption operations can be performed, including accessing existing encrypted table. There is no recovery mechanism.

Related concepts

• Encryption using the DB2eCLP

Related tasks

• Encryption using the DB2eCLP
• Creating an encrypted table
• Granting a user encryption privileges