Adaptive Server version 15.0.2 includes these enhancements to encrypted columns:
Protects data from administrator – you can protect keys and encrypted columns with your own password to ensure privacy of data against the power of the DBO or System Administrator.
Maintains application transparency using key copies protected by login passwords. That is, you can create key copies and assign them to individual users. Users can encrypt their key copies using their login passwords. Once a key copy is associated with a login password, users do not have to supply the key encryption password when they access data encrypted with the key.
Provides for key recovery – You can recover access to a key after losing a password. The key owner sets up a recovery key copy, which can later be used to reencrypt the key after losing the password.
Returns a default value for users without decrypt permission – you can create or alter a table to allow select statements to return specified default values for users who do not have decrypt permission. This allows you to run existing applications and reports without generating a permission error, while keeping private data secure against unauthorized users. Reports generated by unauthorized users do not reveal the encrypted data.
Restricts automatic decrypt permissions – when the restricted decrypt permission configuration parameter is enabled, the System Security Officer explicitly grants decrypt permission, restricting access to data. When restricted decrypt permission is enabled:
Table owners are not implicitly granted decrypt permission. The schema owner does not have automatic and implicit access to user data, even in systems that rely on the system encryption password to access the keys.
Only users with the sso_role can grant decrypt permission. with grant option is supported for decrypt permission.
Implicit access through ownership chains across view and tables or procedures and tables is restricted.
Adds datatypes – you can encrypt these additional datatypes: date, time, datetime, smalldatetime, money, smallmoney, big int, unsigned big int, bit, unichar and univarchar.
