User Defined Functions and APIs

The Data Warehouse Protector contains User Defined Functions (UDF), which perform the following:

• Fetches the policy related information from the shared memory
• Applies the access control settings that are derived on the basis of policy settings
• Encrypts or tokenizes the data based on the policy settings
• Generates Audit logs

To avoid any performance issues resulting due to casting of the data, a general best practice is to protect the data and present the decryption related API/UDFs/commands, as applicable, in the tables as views to authorized users only. This eliminates the unauthorized user’s access to the decryption API/UDFs/commands by limiting the access to the protected data only.
The decryption process is limited to authorized users and thus, does not cause any performance impact as the API/UDFs/commands are executed restrictively.

Warning: With the Data Warehouse protector, you cannot use different data elements for different rows in the same query because of the caching feature. The caching feature will cache the data element that you pass and it will use the same data element for protect or unprotect actions in the column.