Question & Answer
Question
What are my options to encrypt data on the
IBM i?Are there any SQL functions that encrypt data?
What is a
Field Procedure and how does it work?Cause
There are a few ways to encrypt your data on the
IBM i.Do you want to have your data encrypted while at rest?
Do you only need to have mask data that is returned to your users?
Answer
On the
IBM i the initial way to prevent users from seeing data that they should not be able to see is using authorities. The benefit of using object level authority is that it does not matter how the user tries to access to the data.
However this doesn't encrypt the data at rest and some users may have a high enough authority that overrides the object level authority.
You can encrypt an entire auxiliary storage pool (
ASP).You can use SQL scalar functions. For example
ENCRYPT_AES. You can use a
Field Procedure (FieldProc).You can code your own encryption using
IBM i provided Cryptographic Service APIs.Finally you can mask a column or a row using row and column access control (
RCAC). The data is not encrypted at rest but rows or columns can be masked to all users when selected in a query.Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB57","label":"Power"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m3p000000hBhtAAE","label":"IBM i Db2-\u003EEncryption"},{"code":"a8m0z0000001i3gAAA","label":"IBM i Db2-\u003EField Procedures (FieldProc)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
14 November 2023
UID
ibm16620743