Skip to Main Content
IBM Data and AI Ideas Portal for Customers

This portal is to open public enhancement requests against products and services offered by the IBM Data & AI organization. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (

Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

Post ideas and requests to enhance a product or service. Take a look at ideas others have posted and upvote them if they matter to you,

  1. Post an idea

  2. Upvote ideas that matter most to you

  3. Get feedback from the IBM team to refine your idea

Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal ( - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal ( - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM. - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

IBM Data & AI Roadmaps ( - Use this site to view roadmaps for Data & AI products.

IBM Employees should enter Ideas at

Status Submitted
Workspace Informix
Components Informix Server
Created by Guest
Created on Feb 3, 2023

Automátic column-level encryption at rest

In Europe we have strong laws (GDPR) protecting personal data. Nobody, even programers or DBA can access personal data if not from an audited program who grants individual access to each user able to see this information.

As application examples, we have, healthcare apps, hotels, etc.

In healthcare, any DBA can access sensitive information just opening dbaccess que making some SELECTS or even UNLOAD information and transfer it to other applications. A DBA is not an authorized user with access to this kind of information.

Current encryption at rest, protects somebody stealing data by access to backups or direct access to chunks, but doesn't protects DBAs to use dbaccess to get sensitive information.

Also, current healthcare applications have old components and it's very difficult if not impossible to change all application code to use ENCRYPT_AES(), DECRYPT_CHAR() in all sensitive columns. And also, this can change in the future and most users doesn't have access to source code.

Proposal is to implement automatic column-level encryption at rest, by defining at the database schema wich columns should be encrypted. you can use current global key defined by using SET ENCRYPTION PASSWORD or using some environement variable using SET ENVIRONMENT MASK_PASSWORD 'mysamplepass';

Then, at schema level you should define some columns encryted at rest:


code CHAR(20) NOT NULL,

first_name VARCHAR(100) ENCRYPTED,

last_name VARCHAR(100) ENCRYPTED


A program or a session should set the global encryption pasword and when inserting data:

INSERT INTO sample VALUES("C001", "JOHN", "MITH"); thid will be encrypted automatically.
When retrieving data with SELECT, session password will be used and data decrypted.

If password is not set at session level or is incorrect, original encrypted data will be returned, so dbas or other users with access to the database will not be able to retrieve sensitive data because they don't know the password.

Needed By Quarter