Use SQL to restrict access to data
You can restrict access to data at the following levels:
- You can use the GRANT and REVOKE statements to give or deny access to the database or to specific tables, and you can control the kinds of uses that people can make of the database.
- You can use the CREATE PROCEDURE or CREATE FUNCTION statement to write and compile a user-defined routine, which controls and monitors the users who can read, modify, or create database tables.
- You can use the CREATE VIEW statement to prepare a restricted or modified view of the data. The restriction can be vertical, which excludes certain columns, or horizontal, which excludes certain rows, or both.
- You can combine GRANT and CREATE VIEW statements to achieve precise control over the parts of a table that a user can modify and with what data.
- You can use the SET ENCRYPTION PASSWORD statement and built-in encryption and decryption functions of SQL to implement column-level encryption of sensitive data. Unauthorized users who succeed in viewing an encrypted character, BLOB, or CLOB column value cannot recover the plain text of your data without the DES or triple-DES encryption key, which is not stored in the database.