Transparent Data Encryption stores its configuration in a set of security policy table records. These security policy records must be securely stored and administered. The security of policies is guaranteed by:

  • Storing security policies in a separate Type II storage area that has special built-in ABL, SQL, and database utility access controls
  • Disallowing direct record access by either ABL or SQL language clients to security policy table records
  • Allowing security policy table records to be administered only by an authenticated user via:
    • SQL DDL language statements (SQL database administrator)
    • ABL [system] object methods from within the Data Dictionary or Data Administration, connected as a single user or shared memory connection to the database (Security administrator)
    • PROUTIL commands executed on the system where the database is located (ABL or SQL database administrator)
  • Specifying OpenEdge auditing events and reports to track Security policy administration