Transparent Data Encryption stores its configuration in a set of security policy table records. These security policy records must be securely stored and administered. The security of policies is guaranteed by:
Storing security policies in a separate Type II storage area that has special built-in ABL, SQL, and database utility access controls
Disallowing direct record access by either ABL or SQL language clients to security policy table records
Allowing security policy table records to be administered only by an authenticated user via:
SQL DDL language statements (SQL database administrator)
ABL [system] object methods from within the Data Dictionary or Data Administration, connected as a single user or shared memory connection to the database (Security administrator)
PROUTIL commands executed on the system where the database is located (ABL or SQL database administrator)
Specifying OpenEdge auditing events and reports to track Security policy administration
Storing security policies in a separate Type II storage area that has special built-in ABL, SQL, and database utility access controls