Column level encryption
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-13-2023 08:23 PM
Hello,
Can someone please assist in clarifying these queries on CLE?
1. Key rotation is limited to once a year - Is it for both CLE standard and Enterprise?
2. Do we get additional field types like 'number' supported in CLE enterprise?
3. CLE standard provides max of 5 modules to create [Field encryption Module], which means max 5 keys can be generated. I tried to associate the same module for multiple fields in the same table or different table. Does it work in this way?
4. Below is the sample screenshot when 'description' is encrypted. The field is visible to the me as I have the role. I thought the value will not be readable and I need to use the key to decrypt it. But the value is plain text and can still be exported or printed. How can I see the encrypted value behind this? I tried to print the value of this field from bg script, I still don't see the encrypted (cyphertext) value. Does it mean that if a sql query is run in the db, the value is encrypted?
5. Can the user without the role load the data to encrypted fields via import set and REST?
6. Are the sys_ tables available in CLE enterprise by default (in CLE Standard - we can enable encryption for sys_user for example by adding an attribute to collection).
7. System accounts ('system'?) and scheduled jobs - Do not have access to encrypted fields, does it mean that jobs run by 'system administrator' user will fail if the encrypted fields are part of it?
8. Filtering and Sorting - An user with relevant role can still search using global search, apply filters in the list view using 'is empty' for example and do column sorting on the encrypted field. I don't understand what is the limitation mentioned in the doco about 'Filtering and Sorting cannot be done'. Can you please explain?