- Page 1: 1. Grant Decryption Privileges
- Page 2: 2. Save MyDiamo Setting
- Page 3: 3. Migrate Table to MyDiamo Storage
1. Grant Decryption Privileges
- Column Decryption requires three steps.
- In order to execute decryption, you should migrate the table from MyDaimo storage to MySQL storage and, as same as encryption, migration could be done only by the users who have decryption privilege of those table. Therefore you should grant privileges DB user who is going to have the duty of decryption in MyDiamo CLI. The command looks like:
SET PRIV ENC <USER>”<OWNER>”<TABLE>”<COLUMN>”<ENC PRIV>”<DEC PRIV>
In <ENC PRIV> and <DEC PRIV>, you can input 0 or 1. 1 will give <USER> the privileges, but 0 will not.
For example, if you want to decrypt of the “ADDRESS” column in the “EMPLOYEE” table of “JAMES” owner from “SYS” user, the command looks like:
MyDiamo >set priv enc SYS"JAMES"EMPLOYEE"ADDRESS"0"1
Now the “SYS” user has no encryption privileges, but does have decryption access.
Continue: 2. Save MyDiamo Setting