Creating domain and access rules on encrypted columns

You can create domain rules, check constraints, or access rules on encrypted columns. However, decrypt permission is required on the encrypted column when the encrypted column is used in target list, where clause, and so on. This example creates the rule_creditcard rule on the creditcard column, which has a domain rule defined:

create encryption key cc_key
    with init_vector null

create table customer(custid int,
        creditcard varchar(16) encrypt with cc_key)

create rule rule_creditcard
as @value like '%[0-9]'
sp_bindrule rule_creditcard, creditcard

bcp in -C bypasses the domain rule or check constraint for encrypted columns because Adaptive Server uses fast bcp with bcp in -C. bcp out -C generates error number 2929 if an access rule exists on the encrypted column. Adaptive Server bypasses the rule or constraint for insert and update statements when you replicate encrypted columns with domain rules or check constraints. Adaptive Server also generates error number 2929 when you replicate encrypted columns with access rules for update, delete, or select statements.