SET_COLUMN_ATTRIBUTE procedure

The SET_COLUMN_ATTRIBUTE procedure sets the SECURE attribute for a column so variable values used for the column cannot be seen in the database monitor or plan cache.

Authorization: The caller must have:
  • *EXECUTE authority to the library containing the table, and
  • *OBJOPR and *OBJALTER authorities to the table.
Read syntax diagramSkip visual syntax diagramSET_COLUMN_ATTRIBUTE( schema-name,table-name,column-name,attribute )

The schema is SYSPROC.

schema-name
A character string expression containing the system name of a schema.
table-name
A character string expression containing the system name of a table.
column-name
A character string expression containing the system name of a column.
attribute
A character string expression containing the attribute to set for the column.
Valid values are:
SECURE NO
This column does not contain data that needs to be secured in a database monitor or plan cache
SECURE YES
This column contains data that needs to be secured in a database monitor or plan cache.

All variable values for any query that references this column will not be visible in a database monitor or plan cache unless the security officer has started the database monitor or the security officer is accessing the plan cache. All host variable values will appear as *SECURE when examined from the monitor and plan cache unless the user is the QSECOFR user.

The secure setting for a column is shown in the SECURE column of the QSYS2/SYSCOLUMNS2 catalog.

Example

Set the credit card column in the ORDERS table so it is secure.

CALL SYSPROC.SET_COLUMN_ATTRIBUTE('LIB1', 'ORDERS', 'CCNBR', 'SECURE YES');