Skip to Content

ASE 16 encrypted database

Hello,

When using the new SAP ASE 16 full encrypted database option:

-I assume that decrypt permission should be granted to a user/group ?

Thank you

Regards

Jose

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    Apr 17, 2017 at 02:52 PM

    Database level encryption is used to secure the database while 'at rest', ie, pages out on disk are encrypted, pages in a db dump are encrypted. Primary objective is to make sure someone cannot retrieve data by reading directly from a database device or a db dump file.

    As pages are read from disk into cache they are decrypted. While pages are in the dataserver (ie, in cache) they remain/are in an unencrypted state; anyone with permissions to access a table/column/row can see the (unencrypted) data. As pages are written to disk they are encrypted.

    If you want to limit access to data (either at the table, column or row level) then you need to use another form of security (eg, grant/revoke, RLAC, column level encryption).

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 14, 2017 at 07:01 AM

    Hi Jose,

    There is no need for you to grant the decrypt permission to a user or group.

    Best Regards,

    Ankitha

    SAP Product Support

    Add comment
    10|10000 characters needed characters exceeded

  • Apr 17, 2017 at 01:55 PM

    Thank you Ankitha,

    So how can access to data can be restricted.?

    For example:

    assuming db_1 is encrypted then

    t1 has 5 cols, cols #1 to #4 can be accessed by user_1, but col#5 not.

    Thank you

    Jose

    Add comment
    10|10000 characters needed characters exceeded