Try OpenEdge Now
skip to main content
Core Business Services - Security and Auditing
Transparent Data Encryption : Configuring Transparent Data Encryption policies : OpenEdge SQL support for transparent data encryption : Using the ALTER TABLE statement
 
Using the ALTER TABLE statement
The ALTER TABLE statement can be used to change the security policies of an object. SET ENCRYPT, DECRYPT, and REKEY clauses can be used to define encryption policies for tables, indexes or LOB columns; the ALTER TABLE statement is an online operation. The ALTER TABLE statement has the following syntax:
ALTER TABLE [ owner_name.]table_name
{ADD column-definition
 |SET progress_table_attribute value 
|SET[ENCRYPT WITH cipher      
|DECRYPT      
|ENCRYPT REKEY ]
 |BUFFER_POOL{PRIMARY | ALTERNATE}
 |ALTER [ COLUMN]column_name{ SET DEFAULT value  
                               | DROP DEFAULT
                                | SET[NOT] NULL
                                | SET progress_column_attribute value} 
                               |SET ENCRYPT WITH cipher
                                |SET DECRYPT
                                |ENCRYPT REKEY
                                | SET BUFFER_POOL{PRIMARY | ALTERNATE}}
|DROP COLUMN column_name { CASCADE | RESTRICT }
|ADD CONSTRAINT constraint_name ]{primary_key_definition 
                                   |foreign_key_definition  
                                  |uniqueness_constraint 
                                   |check_constraint}[ AREA area_name ]
|DROP CONSTRAINT constraint_name[ CASCADE | RESTRICT]
|ALTER INDEX index_name{SET progress_index_attribute value                         
|SET ENCRYPT WITH cipher                         
|SET DECRYPT
                         |SET ENCRYPT REKEY
                         |SET BUFFER_POOL { PRIMARY | ALTERNATE }}
|RENAME {table_name TO new_table_name          
|COLUMN column_name TO new_column_name          
|INDEX index_name TO new_index_name}
};
In the following example, the ALTER TABLE statement is used to define an encryption policy for a table:
ALTER TABLE pub.customer SET ENCRYPT WITH 'AES_CBC_192';
Using the REKEY option, a security administrator or DBA can re-encrypt the existing object policy with a new key using the same cipher. When this option is used, SQL writes a new object policy with the same cipher name to the security schema.
Specifying SET DECRYPT creates an object policy with null values, indicating that the data will not be encrypted for the database object.