Created
October 14, 2019 20:04
-
-
Save forstie/27493b851ed7e9376c9fd544b8157a78 to your computer and use it in GitHub Desktop.
This example shows how to use a Column Mask to prevent users from seeing the actual birthdate.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| -- | |
| -- RCAC Book: www.redbooks.ibm.com/redpieces/abstracts/redp5110.html | |
| -- | |
| -- | |
| -- Who is allowed to deploy COLUMN MASKs and ROW PERMISSIONs | |
| -- | |
| cl:CHGFCNUSG FCNID(QIBM_DB_SECADM) USER(SCOTTF) USAGE(*ALLOWED); | |
| call qsys.create_sql_sample('COFFEEBEAN'); | |
| select birthdate, e.* from COFFEEBEAN.employee e; | |
| -- | |
| -- Always return Scott's birthday, unless the user belongs to the HRTEAM group profile | |
| -- | |
| CREATE OR REPLACE MASK COFFEEBEAN.Fight_Ageism ON COFFEEBEAN.employee FOR COLUMN birthdate | |
| RETURN CASE | |
| WHEN VERIFY_GROUP_FOR_USER(SESSION_USER,'HRTEAM') = 1 THEN birthdate | |
| ELSE DATE('1965-09-04') | |
| END | |
| ENABLE; | |
| -- | |
| -- Turn on the column mask | |
| -- | |
| alter table COFFEEBEAN.employee activate column access control; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment