Creating encryption policies with the Data Administration tool
Create encryption policies for objects in your encryption-enabled database with the Edit Encryption Policy dialog. Objects must reside in a Type II area to be assigned a specific encryption policy. (You can encrypt an entire Type I area with PROUTIL EPOLICY. See Creating encryption policies with PROUTIL EPOLICY for details.) You must be connected to the database locally and have ABL security administrator and key store admin privileges to create encryption policies with Data Admin. The following steps present a guide for defining encryption policies.
To define an encryption policy for a database object:
1. From the Data Administration tool, choose Admin > Security > Encryption Policies > Edit Encryption Policy. The Object Selector dialog appears:
The initial view displays the tables and indexes of the connected database with encryption both enabled and disabled. You can change the list to view different sets of objects by checking and unchecking the Show boxes. For example, to also see LOBs, check Show LOBs; to only see objects with an existing encryption policy, for Show Encryption check Enabled, and uncheck Disabled.
2. Scroll through the list, selecting objects, or click Select Some to bring up the Select Objects by Pattern Match dialog to refine the list:
Enter the object name or pattern in the Object Name fill-in and click OK. When you return to the Object Selector dialog, any objects matching the pattern are added to the selected objects.
3. If you selected too many objects, clicking Deselect Some brings up the Deselect Objects by Pattern Match dialog, allowing you to enter an object name or pattern to deselect. Click OK to return to the Object Selector dialog with any objects matching the specified pattern deselected.
4. Once you have selected all the objects, click OK to proceed. The Edit Encryption Policy dialog appears:
5. Select an object and check Encryption enabled. The default cipher, AES_CBC_128, is selected. Change the cipher if desired. Click Save to save the change, or Reset to undo the change.
Note: The change is not committed to the database until you click Commit.
6. When you have saved a change, the Copy button is activated. Click Copy to propagate your change to multiple objects at once. Clicking Copy brings up the Copy Encryption Policy Setting To dialog, as shown:
You can select a single object or multiple objects. When you have selected all you want to copy the setting to, click OK to return to the Edit Encryption Policy dialog.
7. Continue selecting and modifying object settings until you have specified all the objects you want to change. An asterisk (*) in front of the object name indicates you made changes to it. Click Review at any time to view the status of your changes, as shown:
8. When your changes are complete, click Commit to commit the changes to the database, or Revert, to cancel all your changes. If you choose to commit your changes, you are asked to confirm, as shown: