Posted Sat, 08 Jun 2019 04:37:37 GMT by

Once I setup a field encryption entry with FieldProc.  Can I still use DBU to change the value without effecting the way the field is encrypted/decrypted.

Posted Sat, 08 Jun 2019 06:36:50 GMT by


  Thank you for contacting our support team with your PowerTech Encryption inquiry.

You asked the following question - 

Once I setup a field encryption entry with FieldProc. Can I still use DBU to change the value without effecting the way the field is encrypted/decrypted.?


Answer - Once you activate a field using the field procedures, the field will be encrypted. Any profile or program that attempts to access the field to read or update it, the field proc will check the autorization list for the Full or Mask to determine if the user has permissions.

Auth. list for full value . . . XXXXXXX_FULL
Auth. list for masked value . . XXXXXXX_MASK


Let us know if you have any further questions.


PowerTech Support


Posted Mon, 10 Jun 2019 21:25:53 GMT by

We were once told that if we tried to DBU/400 a field to change the value instead of using a RPG program to change the field it would store the garbage encryption value instead of the intended changed value that would be encrypted.  Is that true with a different type of encryption style (API, Triggers, External file, etc...) and not FieldProc?

Posted Tue, 11 Jun 2019 01:03:39 GMT by


  I am not aware of that.  But, let me asked our development if there is a differencein the results of the data that is being updated by DBU and a regular program. Before I can do that, I will need some information from you  -


  • PowerTech Encryption Version
  • IBM OS400 Version
  • Do you have the two authorization list configured tha I previously pointed out?
  • Does the user updating the filed have permissions via one of the authorization lists?




PowerTech Support

Posted Tue, 11 Jun 2019 02:53:41 GMT by



I have two authorization list:

SSN#FULL SSN # Encryption FULL Access
SSN#MASK SSN # Encryption Masked Access

yes, that user is in FULL access list


Posted Tue, 11 Jun 2019 05:43:19 GMT by

Thank you. Let me check with our development team if indeed there is any difference between the way the DBU/400 and a regular program have any negative affect or difference in the way the data is updated to an encrypted field.  I will let you know their answer once I hear back from them.



PowerTech Support

Posted Wed, 12 Jun 2019 01:10:50 GMT by

Hi Dairin,
My support engineer contaced our developer regarding your inquiry.
He confirmed that most file viewer programs like DBU are using RPG programs too. It would help to know the context of the information. In a specific circumstance, where a screen of records are presented, the final record would be the most recently decrypted one. If a program were created in a way that let you change data in a different record on the screen without reading that record first, you could wind up with bad info in the file. This is a very rare type of situation. More important that anyone changing a field has full access to the data in that field. Be sure not to have someone that only has access to the last 4 be able to change that field without having authority to the full data - encrypted data could be re-encrypted and written back to the file. He also confirmed that there are other customers that used the DBU/400 application on encrypted fields using Field Procedures who have no issues.

Let me know if you have any questions.


PowerTech Support

Posted Thu, 13 Jun 2019 06:26:43 GMT by

Hi Dairin,

  I went ahead and closed your open case on our side.  Please let us know if you have further questions or new questions.

We can open a new case.


Thank you.



PowerTech Support

You must be signed in to post in this forum.