The stored procedures could use SQL statements internally to query the table, which is like an external user querying the table. Therefore, all mask configuration and unmasking privileges also apply to the table fields in a stored procedure to prevent unauthorized data access.

Example

The following example illustrates a stored procedure with a SELECT statement that retrieves a DDM-configured field. 
CREATE PROCEDURE pub.getCustnum( IN i1 INTEGER)
RESULT (
   scustnum    CHARACTER(30)
)
BEGIN
   String  scustnum = "";
   SQLCursor custcursor = new SQLCursor ("SELECT CustNum from pub.Customer where CustNum > ?");
 
   custcursor.setParam (1, i1);
   custcursor.open ();
   custcursor.fetch ();
   WHILE (custcursor.found())
   {
       scustnum = (String) custcursor.getValue(1, CHARACTER);
       SQLResultSet.set (1, scustnum);
       SQLResultSet.insert ();
       custcursor.fetch();
   }
   custcursor.close ();
END

CALL pub.getCustnum(2100);
In this example, the pub.getCustnum stored procedure retrieves CustNum, which is a DDM-configured field. The SQL engine uses the unmasked value of CustNum to process the WHERE condition in the query, regardless of your DDM privileges. However, the SELECT list of the query returns the unmasked value of CustNum for authorized users and the masked value for unauthorized users.

The following example illustrates a stored procedure with an UPDATE statement that updates a DDM-configured field.
CREATE PROCEDURE pub.updCustnum(IN a integer) 
BEGIN
 SQLIStatement stmt =new SQLIStatement("UPDATE pub.Customer SET CustNum=100 WHERE CustNum>?");
 stmt.setParam(1, a); 
 stmt.execute();
END;
CALL pub.updCustnum(100);
In this example, the pub.updCustnum stored procedure updates CustNum, which is a DDM-configured field. The stored procedure execution fails if you do not have unmasking privileges over CustNum; otherwise, the procedure executes successfully.