This task is part of the main task of Encrypting local data. After you have complete these steps, return to Overview of local data encryption.
Procedure
Before creating the first encrypted table, the application must grant a user encryption privileges. For example, the application can issue the following SQL statement:
rc = SQLExecDirect(..., "GRANT ENCRYPT ON DATABSE TO \" user1\"" +
" using \"pwd1\" new \"pwd1\"", SQL_NTS)
Upon executing this SQL statement, DB2 Everyplace will create a system catalog table called DB2eSYSUSERS, and a row will be inserted into this table. This means that the user "user1 is now registered with the corresponding password, and will now have all encryption privileges such as creating and accessing encrypted tables.
This table is tightly bound to the database and the encrypted data, and thus it cannot just be moved to another DB2 Everyplace database to access encrypted data. This is because a different databases will have different keys for encryption or decryption. As a result, if a person is allowed to access encrypted tables in a database, that person cannot access a different database using the same user ID and password. Like other system catalog tables, an application can retrieve rows using the SQL select statement but it cannot modify the data in this table using the INSERT, DELETE, UPDATE, CREATE, or DROP statements.
Zugehörige Konzepte
Zugehörige Tasks