ALTER MASK
The ALTER MASK statement changes a column mask that exists at the current server.
Invocation
This statement can be embedded in an application program or issued interactively. It is an executable statement that can be dynamically prepared only if DYNAMICRULES run behavior is implicitly or explicitly specified.
Authorization
The privilege set that is defined below must include the following authority:
- SECADM authority
Syntax
>>-ALTER MASK--mask-name--+-ENABLE-----+----------------------->< +-DISABLE----+ '-REGENERATE-'
Description
- mask-name
- Identifies the column mask to be altered. The name must identify a mask that exists at the current server.
- ENABLE
- Specifies that the column mask is to be enabled for column access control. If column access
control is not currently activated for the table, the column mask will become effective when column
access control is activated for the table. If column access control is currently activated for the
table, the column mask becomes effective immediately and dynamic cached statements that reference
the table are invalidated. Use of this
clause or keyword might invalidate packages that depend on the target object, or packages that
depend on related objects through cascading effects. See Changes that invalidate packages.
A column mask with a regeneration error cannot be enabled. To clear the status of the column mask, the column mask must be dropped and re-created with a modified definition.
ENABLE is ignored if the column mask is already defined as enabled for column access control.
- DISABLE
- Specifies that the column mask is to be disabled for column access control. If column access
control is not currently activated for the table, the column mask will remain ineffective when
column access control is activated for the table. If column access control is currently activated
for the table, the column mask becomes ineffective immediately and all dynamic cached statements
that reference the table are invalidated. Use of this
clause or keyword might invalidate packages that depend on the target object, or packages that
depend on related objects through cascading effects. See Changes that invalidate packages.
DISABLE is ignored if the column mask is already defined as disabled for column access control.
- REGENERATE
- Specifies that the column mask is to be regenerated. The column mask definition in the catalog is used, and existing dependencies and authorization, if any, are retained. The column mask definition is reevaluated as if the column mask was being created. The user-defined functions that are referenced in the column mask definition must be resolved to the same secure UDFs as that were resolved during the column mask creation.
Notes
- Applying DB2® maintenance:
- When DB2 maintenance is applied that
affects how a column mask is generated, the column mask might need to be regenerated to ensure the
column mask is still valid.
If the column mask is regenerated successfully, the status of the column mask is set to a blank in the catalog table. If the column mask is enabled and column access control is currently activated for the table all dynamic cached statements that reference the table are invalidated.
If the column mask cannot be regenerated successfully, an error is returned. The regeneration status of the column mask is an error. If the column mask is enabled and column access control is currently activated for the table, all packages and dynamic cached statements that reference the table are marked invalidated. To clear the status of the column mask, the column mask must be dropped and re-created with a modified definition. Or the column mask can be disabled if not disabled yet. A disabled column mask becomes ineffective to a column access control enforced table.
When the table is referenced in a data manipulation statement, the statement returns an error if any enabled column mask has an regeneration error.
- Invalidation of packages:
- This statement might invalidate all packages that depend on target objects, and sometimes other related objects through cascading effects, depending on the clauses and keywords specified and other factors. See Changes that invalidate packages.
Examples
- Example 1:
- Enable column mask M1.
ALTER MASK M1 ENABLE;
- Example 2:
- Regenerate column mask M1.
ALTER MASK M1 REGENERATE; COMMIT;