B.2 Confidentiality Level Manipulation Functions

Function name	Return value	Description
pgx_create_confidential_level(confidential_matrix_name varchar, confidential_level_name varchar, options json, comment text)	void	Creates a confidentiality level, registers it with the specified confidentiality matrix, and adds it to the pgx_confidential_level table with the specified comment and attributes specified in options. Only confidentiality management role for the specified confidentiality matrix can execute this function. The length of confidential_level_name must be less than 64 characters. Note that the units are not bytes. There are no restrictions on the characters that can be used in the confidential_level_name. When specifying a confidentiality level name for any other function, you must specify the same string as specified for this function Note that unlike most CREATE statements, confidentiality level names are case-sensitive. Specify a comment for comment. For options, specify the attribute of the confidentiality level as follows. If you specify NULL, the default value for each attribute will be set. '{ "encryption_algorithm":"AES256" }' encryption_algorithm: Specify the encryption algorithm. The algorithms and default values that can be specified are the same as the tablespace_encryption_algorithm parameter of Transparent Data Encryption of Fujitsu Enterprise Postgres. Must not be null.
pgx_alter_confidential_level(confidential_matrix_name varchar, confidential_level_name varchar, alter_object json)	void	Change the confidentiality level attribute. Only confidentiality management role for the specified confidentiality matrix can execute this function. For alter_object, specify the attribute you want to change and the value after change in key-value format as follows. '{ "name":"level_new", "comment":"This level is the highest confidentiality level.", "encryption_algorithm":"AES256" }' name: Specify the name of the modified confidentiality level. Cannot be null. comment: Specify a comment after the change. Can be null. Other attributes are the same as options of pgx_create_confidential_level function. Attributes not specified are not changed. Be careful when increasing the degree of confidentiality. For example, if you increase the encryption strength and there are confidentiality objects with a lower strength than the new strength, this function will fail.
pgx_drop_confidential_level(confidential_matrix_name varchar, confidential_level_name varchar, cascade bool)	void	Remove a confidentiality level from the confidentiality matrix and delete a confidentiality level. Only confidentiality management role for the specified confidentiality matrix can execute this function. If true is specified for cascade, the confidentiality level can be deleted even if confidentiality objects are registered in this confidentiality level. If false is specified for cascade, it is not possible to delete a confidentiality level that has confidentiality objects registered.

Function name

Return value

Description

pgx_create_confidential_level(confidential_matrix_name varchar, confidential_level_name varchar, options json, comment text)

void

Creates a confidentiality level, registers it with the specified confidentiality matrix, and adds it to the pgx_confidential_level table with the specified comment and attributes specified in options.

Only confidentiality management role for the specified confidentiality matrix can execute this function.

The length of confidential_level_name must be less than 64 characters.

Note that the units are not bytes.

There are no restrictions on the characters that can be used in the confidential_level_name.

When specifying a confidentiality level name for any other function, you must specify the same string as specified for this function

Note that unlike most CREATE statements, confidentiality level names are case-sensitive.

Specify a comment for comment.

For options, specify the attribute of the confidentiality level as follows. If you specify NULL, the default value for each attribute will be set.

'{
  "encryption_algorithm":"AES256"
}'

encryption_algorithm: Specify the encryption algorithm. The algorithms and default values that can be specified are the same as the tablespace_encryption_algorithm parameter of Transparent Data Encryption of Fujitsu Enterprise Postgres. Must not be null.

pgx_alter_confidential_level(confidential_matrix_name varchar, confidential_level_name varchar, alter_object json)

void

Change the confidentiality level attribute.

Only confidentiality management role for the specified confidentiality matrix can execute this function.

For alter_object, specify the attribute you want to change and the value after change in key-value format as follows.

'{
  "name":"level_new",
  "comment":"This level is the highest confidentiality level.",
  "encryption_algorithm":"AES256"
}'

name: Specify the name of the modified confidentiality level. Cannot be null.

comment: Specify a comment after the change. Can be null.

Other attributes are the same as options of pgx_create_confidential_level function. Attributes not specified are not changed.

Be careful when increasing the degree of confidentiality. For example, if you increase the encryption strength and there are confidentiality objects with a lower strength than the new strength, this function will fail.

pgx_drop_confidential_level(confidential_matrix_name varchar, confidential_level_name varchar, cascade bool)

void

Remove a confidentiality level from the confidentiality matrix and delete a confidentiality level.

Only confidentiality management role for the specified confidentiality matrix can execute this function.

If true is specified for cascade, the confidentiality level can be deleted even if confidentiality objects are registered in this confidentiality level.

If false is specified for cascade, it is not possible to delete a confidentiality level that has confidentiality objects registered.