SET_COLUMN_ATTRIBUTE procedure
The SET_COLUMN_ATTRIBUTE procedure sets the SECURE attribute for a column so variable values used for the column cannot be seen in the database monitor or plan cache.
Authorization: The caller must have:
- *EXECUTE authority to the library containing the table, and
- *OBJOPR and *OBJALTER authorities to the table.
The schema is SYSPROC.
- schema-name
- A character string expression containing the system name of a schema.
- table-name
- A character string expression containing the system name of a table.
- column-name
- A character string expression containing the system name of a column.
- attribute
- A character string expression containing the attribute to set
for the column.Valid values are:
- SECURE NO
- This column does not contain data that needs to be secured in a database monitor or plan cache
- SECURE YES
- This column contains data that needs to be secured in a database
monitor or plan cache.
All variable values for any query that references this column will not be visible in a database monitor or plan cache unless the security officer has started the database monitor or the security officer is accessing the plan cache. All host variable values will appear as *SECURE when examined from the monitor and plan cache unless the user is the QSECOFR user.
The secure setting for a column is shown in the SECURE column of the QSYS2/SYSCOLUMNS2 catalog.
Example
Set the credit card column in the ORDERS table so it is secure.
CALL SYSPROC.SET_COLUMN_ATTRIBUTE('LIB1', 'ORDERS', 'CCNBR', 'SECURE YES');