Voltage SecureData Enterprise

Aster Scalar UDF Integration Guide

Jason Paul Kazarian
jason.kazarian@microfocus.com
(408) 844-4563
2/15 Aster Scalar UDF Integration Guide

Copyright © 2018, Micro Focus. All rights reserved.

This documentation is provided as is without warranty. Customers and prospects assume the entire
risk of using the information provided in this guide.
This guide makes reference to software source code used for building a user defined function
compatible with the Aster Java API. Customers licensed to use Voltage software, either for evaluation
or production, may obtain a copy of this software free of charge. Likewise, this software is provided as
is without warranty.
Aster Scalar UDF Integration Guide 3/15

Table of Contents

1.0 About this document .................................................................................................................. 4

1.1 Scope .................................................................................................................................................4
1.2 Purpose .............................................................................................................................................4
1.3 Audience ...........................................................................................................................................4
1.4 Developer resources .........................................................................................................................4

2.0 About Voltage SecureData Enterprise ......................................................................................... 5

2.1 What is Voltage SecureData Enterprise? ..........................................................................................5
2.2 What are the Voltage SDE servers? ..................................................................................................5
2.3 What is the Simple API? ....................................................................................................................6
2.4 What are Voltage SDE SOAP Web Services? .....................................................................................6

3.0 Integration considerations .......................................................................................................... 7

3.1 Using SOAP web services from Java .................................................................................................7
3.2 Singleton objects ...............................................................................................................................7
3.3 LDAP authentication .........................................................................................................................7

4.0 Integration solution installation ................................................................................................. 8

4.1 Solution overview .............................................................................................................................8
4.2 Define a deployment user.................................................................................................................8
4.3 Create a deployment directory structure .........................................................................................8
4.4 Define integration-specific variables ................................................................................................8
4.5 Install the Aster Java API ...................................................................................................................8
4.6 Install the Simple API for Java ...........................................................................................................9
4.7 Distribute the JNI files and certificate store to all cluster nodes .....................................................9
4.8 Build the scalar UDFs ........................................................................................................................9
4.9 Install the scalar UDFs .................................................................................................................... 10

5.0 Test and use Voltage SecureData within Aster .......................................................................... 11

5.1 Preparation .................................................................................................................................... 11
5.2 Create sample tables ..................................................................................................................... 11
5.1.2 Creating blank tables ................................................................................................................ 11
5.2.2 Loading sample data................................................................................................................. 11
5.3 Protecting the customers table ..................................................................................................... 12
5.4 Re-identifying sensitive data.......................................................................................................... 12
5.5 Further testing with another data protection format ................................................................... 12

Appendix A: Script Reference ......................................................................................................... 13

A.1 createTrustStore.sh Script ............................................................................................................. 13
A.2 buildUdf.sh Script .......................................................................................................................... 13
A.3 installLibraries.sql Script ................................................................................................................ 15
4/15 Aster Scalar UDF Integration Guide

1.0 About this document

This document is a guide to integrating the Voltage SecureData Enterprise (SDE) product family with
the Teradata Aster analytics database. Aster provides a Java scalar user-defined function (UDF)
application programming interface (API). The Voltage Simple API for Java and SOAP web services may
be called within this Aster-provided framework.
1.1 Scope
Voltage SDE is a product family offering application-level data protection. As such, Voltage SDE
provides servers with file processing tools, an Application Programming Interface (API), and Simple
Object Access Protocol web services, enabling protection for sensitive data within an application.
As infrastructure with a general purpose, client-side software API as well as file processing tools for
deployment and integration into a variety of platforms, Voltage SDE may be integrated by customers
into their own applications and data processes. Voltage SDE provides ready-made tools for a variety of
platforms. For platforms and systems not directly supported, for example Aster, customers may
create, own, manage and update integrations using the Voltage Simple API native client library as well
as the web services interface.
IMPORTANT: Voltage Security provides unsupported source code on an as-is basis to licensees for the
express purpose of providing an example of integrating data protection within Aster.

This code is neither supported nor warrantied. Licensees assume full risk of use.

1.2 Purpose
This document defines the steps necessary to integrate the example code into the Aster environment.
Developers will need to adapt these steps and test the resulting integration in a specific installation.
1.3 Audience
This document’s primary audience is developers writing Aster applications. System architects, security
officers, and other parties with an interest in Aster data protection may find this document useful.
1.4 Developer resources
The following documents from the Voltage SDE product family may be useful as well:
 Voltage SecureData Administrator Guide
 Voltage SecureData Web Service Developer Guide
 Voltage SecureData Simple API Developer Guide
Please contact your Voltage Security account manager or sales engineer to verify you are using the
latest version of this integration.
Aster Scalar UDF Integration Guide 5/15

2.0 About Voltage SecureData Enterprise

This chapter discusses basic concepts behind the Voltage SecureData Enterprise (SDE) product family,
its various components, and user-defined functions (UDFs). We assume the reader is familiar with
these concepts as a prerequisite for performing the integration tasks documented in the following
chapters. For more details, please consult the references in Section 1.4, Developer resources.
2.1 What is Voltage SecureData Enterprise?
Voltage SDE is a product family consisting of several components, specifically:
 Services that may be deployed on one or more servers depending on performance needs.
 An Application Programming Interface (API) that interacts with these services, specifically the
key manager, to perform format-preserving encryption (FPE) within the application (in this
case on the Aster servers).
 A web server to perform both FPE and secure stateless tokenization (SST) entirely on a
partitioned server, with no Voltage SDE code running on the client itself.
 Unsupported, unwarranted example code that application developers may use as an example
for implementing a data protection integration project.
We discuss these components and general concepts in the following paragraphs.
2.2 What are the Voltage SDE servers?
The Voltage SDE product family includes multiple servers: a web management console, an identity-
based, stateless (dynamic) key server, an event monitor, and a health monitor. Optionally, a web
services server to perform SST is available.
These services may all run on a single real or virtual server, and this configuration is known as a single-
box deployment. This type of deployment is especially useful for non-production environments,
including development and testing.
In addition, the services may be deployed on multiple servers to support a production workload. The
management console (for example) may be deployed on one server, the stateless key server on
another, and an SST server on yet another. The actual number of services deployed per physical or
virtual instance varies based on performance requirements.
Two Voltage SDE services are stateless: key management and tokenization. The term “stateless” in
these contexts means (except for the root master secrets) there is no storage of cryptographic
material. Rather this material, be it a key or token, is computed “on the fly” dynamically using a set of
input data, including the identity of the application or person requesting the material.
Consequently the Voltage SDE suite stores neither keys nor a dynamic token table. 1 And some
operations such as key rotation are performed by the suite automatically. Since these components
and operations are stateless, assessing, auditing, and deploying data protection is far less complex
than with state-full solutions.

1
SST uses a static multi-dimensional data structure for mapping a token from a payment account
number (PAN). This data structure is initialized once at setup and, unlike database-driven tokenization
solutions, does not change over the system’s life.
6/15 Aster Scalar UDF Integration Guide

2.3 What is the Simple API?

Voltage SDE provides an API allowing developers to implement identity-based encryption using
Voltage Format-Preserving Encryption (FPE) on the client (or specifically referencing this integration,
the Aster server). The API obtains keys remotely, but executes encryption algorithms locally. As of this
writing, C, C++, and Java on AIX, Voltage Nonstop, Voltage-UX, Linux, OS X, Solaris, Stratus VOS, and
Windows are all supported. Additionally, a toolkit API is available for custom development purposes.
In general, developers incorporate the Simple API into programs by performing the following:
 Per process activation steps:
▫ Create a LibraryContext singleton instance for storing general parameters.
▫ Create an FPE instance storing parameters for a specific encryption format: credit card,
email, identification number, and so on.
 Per data item steps:
▫ Call protect() on the FPE instance to de-identify sensitive data prior to storage.
▫ Call access() on the FPE instance to re-identify data only when absolutely necessary.
The Simple API provides FPE services only. To protect integrity, reduce Payment Card Industry (PCI)
scope, and avoid using any Voltage SDE code on the client, tokenization is available only via
web services (which also provides FPE).
2.4 What are Voltage SDE SOAP Web Services?
Voltage SDE provides SOAP web services for encrypting (via FPE) and tokenizing (via Secure Stateless
Tokenization or SST) sensitive data items without using any Voltage SDE code on the requesting client.
In this case parameters are passed via SOAP to a server. The server processes the data and returns the
result to the requester, again via SOAP. Since the operations are entirely network-based, they may be
integrated with a web application at the network level using intelligent load balancers, such as the F5
Big IP product line. 2

Within the Voltage SDE management console, separate identities are provisioned for the Simple API
and SOAP web services. To access both, provision duplicate identites. See the Authentication and Web
Service overviews in the Voltage SDE Web Service Developer Guide for details.

2
Voltage Security and F5 have an integration partnership for delivering the benefits of Voltage SDE
FPE and SST to customers using BIG-IP without modifying application code. Consult with your Voltage
account manager or sales engineer for details.
Aster Scalar UDF Integration Guide 7/15

3.0 Integration considerations

This chapter discusses considerations for deploying a UDF that masks (protecting) and reverse masks
(accessing) a data item within Aster. We assume familiarity with Aster and its API conventions.
Architects may find this chapter useful for providing background on the integrated solution.
3.1 Using SOAP web services from Java
Since Aster has a Java API, we can use JAX-WS classes to call SOAP and invoke Voltage SDE on the web
services server. The Java Development Kit (JDK) includes the wsimport command for converting a
Web Services Description Language (WSDL) URL into JAX-WS classes, for example:

wsimport –keep –verbose \

https://<server>/vibesimple/services/VibeSimpleSOAP?wsdl

The above command ingests the WSDL URL, generates corresponding Java classes, and compiles those
classes. The output can be used to call web services from Java or a Groovy script.
We have provided a script to generate JAX-WS classes using wsimport with a Voltage SDE WSDL.
These objects are included in a JAR archive as part of the build process.

3.2 Singleton objects

We provide the AsterLoader class as a wrapper on top of the Simple API and JAX-WS. When using
this class, please redefine the WSDL_URL and other constants to fit your environment. These
constants are described below:

 AUTHORIZATION_METHOD: Set to the constant SharedSecret for this implementation. One may
modify the code to support other authentication methods described later.
 IBE_IDENTITY: The authentication identity used by the stateless key manager. Different
identity strings are given access to different keys.
 LIBRARY_NAME: The name of the C library loaded by JNI at program startup. The corresponding
value normally will not change, but is defined for future versions of the Simple API.
 POLICY_URL: The URL for the data protection policy file.
 TRUST_STORE_DIRECTORY: The on-disk location of the Simple API certificate store. This object
includes diagnostic statements to determine if this directory is accessible or not.
 WSDL_URL: A web services URL location to the web services server.

As delivered, these constants reference a public Voltage key server and web services server. Although
these symbols are defined as private static final constants, it is possible to modify the code and
read these parameters from a file into a Properties object.
3.3 LDAP authentication
Voltage SDE supports multiple forms of authentication including directory authentication. As
delivered, the source code uses shared secret authentication. In this method, we store the
authentication token in plain text.
Installations finding this method unacceptable may integrate a Java data vault, store the secret in the
vault, and obtain the secret programmatically (rather than using a constant definition). Installations
may also use directory service authentication. Consult with Voltage professional services for help with
these topics.
8/15 Aster Scalar UDF Integration Guide

4.0 Integration solution installation

This chapter documents the installation of the Voltage SDE for Aster integration solution for dynamic
masking use cases. We present details for commodity systems. This process should work on Aster
appliances. We have not tested for any difference between appliance and commodity installation.
4.1 Solution overview
The integrated solution has multiple installation phases:
1. Define a deployment user
2. Create a deployment directory structure
3. Define integration-specific variables
4. Install the Aster Java API
5. Install the Simple API for Java
6. Distribute the certificate store to all cluster nodes
7. Compile the scalar UDFs
8. Install the scalar UDFs
We present the details for each of these phases in the following sections.
4.2 Define a deployment user
Teradata professional services recommends that deployment be driven by an ordinary shell user,
specifically not the beehive user. Create a user with password-free SSH shell and SCP access to all
nodes in the Aster cluster. Grant this user the ability to read and write to the /usr/lib directory.
Finally, log into this user on the Queen and continue with the deployment process.

4.3 Create a deployment directory structure

As the deployment user, create the directory ~/scalarUdf for building the integrated solution. Then
copy all of the files and shell scripts provided with the solution archive to this directory.
Create a directory called ~/scalarUdf/simpleApi for installing the Voltage Simple API for Java.
Create another directory called ~/scalarUdf/sqlmr-java-sdk-lib for installing the Aster Java API.
The scripts and source code supplied with the installation kit depend on this directory structure. If one
modifies these directory names, one must also modify the scripts and code as appropriate.
4.4 Define integration-specific variables
As shipped, the solution uses a Voltage-hosted appliance with public Internet access. We provide
access to this environment for development and test purposes.
One may install the solution without changing the source code. However one should modify the
constants defined in the AsterLoader.java file with a text editor to match production needs.

These constants are defined in Section 3.2, Singleton objects. Please use this information to modify
the solution for your production needs.
4.5 Install the Aster Java API
Please install the Aster Java API on the queen node. After installation, copy the following files to the
~/scalarUdf/sqlmr-java-sdk-lib directory:
Aster Scalar UDF Integration Guide 9/15
ncluster-aggregator-api.jar
ncluster-api-util.jar
ncluster-graph-api.jar
ncluster-scalar-api.jar
ncluster-sqlmr-api.jar
ncluster-sqlmr-runnercommon.jar
ncluster-sqlmr-swigkvstore.jar
ncluster-sqlmr-testrunner.jar
ncluster-system-aggregators.jar

One may also modify the CLASSPATH environment variable as defined in the installation scripts to
reference the directory containing these JAR archives on the Queen.

4.6 Install the Simple API for Java

Please install the Simple API for Java in ~/scalarUdf/simpleApi following the standard practice. This
solution assumes the libvibesimplejava.so and vibesimplejava.jar archive files are located in
the ~/scalarUdf/simpleApi/lib directory.

4.7 Distribute the JNI files and certificate store to all cluster nodes
According to Teradata professional services, Java Native Invocation (JNI) files, including the
corresponding C libraries, should reside in /usr/lib on all cluster nodes. For the Simple API
specifically, we also must distribute a certificate trust store to all nodes as well.
Work with system administration to obtain write permission for the deployment user to the /usr/lib
directory. Then copy the JNI files and certificates to all cluster nodes.
We provide a script called createTrustStore.sh that performs this step. This script assumes that
cluster nodes are numbered sequentially, SIAster1 through SIAster8 specifically. One may modify
this script, documented in Appendix A.1, to fit a particular installation’s needs.
When running this script, one may ignore the inc: not a regular file error. As a side note, this
script assumes the deployment user has password-free ssh and scp privileges on all cluster nodes.
4.8 Build the scalar UDFs
Verify a suitable Java Development Kit (JDK) resides on the Aster queen. Normally the JDK resides in:
/home/beehive/toolchain/x86_64-unknown-linux-gnu/jdk1.8.0_101/bin

Inspect the buildUdf.sh shell script and verify the environment variable definitions are correct for
this installation. Specifically, verify both JAVA_HOME and CLASSPATH are correct.
Run buildUdf.sh, which will perform the following tasks:
1. Build the JAX-WS classes used for Java to SOAP web services.
2. Compile the custom scalar UDFs used by the solution.
3. Built a Java Archive (JAR) file containing these objects along with the web services objects.
4. Package this custom JAR file and the Simple API for Java libraries per Aster Java API
specifications.
The contents of the buildUdf.sh script is provided in Appendix A.2 for reference. Note the URL for
the wsimport command should be updated to reflect site-specific requirements.
10/15 Aster Scalar UDF Integration Guide

4.9 Install the scalar UDFs

Aster database users must have EXECUTE permission to call the UDFs. In addition, the data base user
installing the UDFs must have permission to do so. Work with Aster administration to issue a GRANT
EXECUTE command. Then use act to install the UDFs via a command similar to the following:

act -U <installing database user> < installLibraries.sql

The installLibraries.sql file is an Aster SQL script that performs the UDF installation. The script is
documented in Appendix A.3.
In this script, authorized_user_name is the Aster database user that will execute the UDFs. Change
this user to one with UDF execution permissions. Note that “file does not exist” error messages may
be ignored the first time this SQL script is executed.
Installation is now complete. The following chapter provides documentation on how to test the
solution using supplied sample data.
Aster Scalar UDF Integration Guide 11/15

5.0 Test and use Voltage SecureData within Aster

After installing the UDF along with its associated certificate store, we may use vfpeaccess,
vfpeprotect, webaccess, and webprotect functions in Aster SQL. We describe steps for doing so in
this chapter.

5.1 Preparation
Prior to using the UDFs, please create a “scratch” schema to avoid collisions with production data. In
our example, we use the “public” schema, provided by default as part of an Aster installation.
5.2 Create sample tables
We can create sample data tables to test the UDF and verify proper operation. To do so, we perform
two major steps: creating blank tables and loading these tables with sample data.
5.1.2 Creating blank tables
We execute the SQL CREATE TABLE command twice, once to create a customer table and once to
create a loyalty table. The commands below, included in the sampleTableDdl.sql file, generate
the tables:

DROP TABLE IF EXISTS customers;

CREATE TABLE customers (

id INTEGER,
fullname VARCHAR(64),
street VARCHAR(64),
city VARCHAR(64),
STATE VARCHAR(8),
zip VARCHAR(16),
phone VARCHAR(64),
email VARCHAR(64),
birth_date DATE,
cc VARCHAR(32),
ssn VARCHAR(16)
) DISTRIBUTE BY REPLICATION;

DROP TABLE IF EXISTS loyalty;

CREATE TABLE loyalty (

ssn VARCHAR(16),
score INTEGER
) DISTRIBUTE BY REPLICATION;

After creating blank tables, we load sample data for evaluation and test purposes as described next.
5.2.2 Loading sample data
We provide two Comma Separated Value (CSV) structured data files for test and evaluation purposes.
These files are named, not too surprisingly, customers.csv and loyalty.csv respectively. We can
load data using the ncluster_loader command with appropriate parameters for this file type.
Here are sample ncluster_loader commands for loading our tables:
ncluster_loader --username authorized_user_name --password-prompt \
--csv customers customers.csv
12/15 Aster Scalar UDF Integration Guide
ncluster_loader --username authorized_user_name --password-prompt \
--csv loyalty loyalty.csv

Once these tables are loaded, we can use the UDFs to protect and access sensitive columns.
5.3 Protecting the customers table
We can test the UDF and verify proper operation by protecting the credit card column named cc in
the customers table. To do so, execute the following query from within an act shell:

UPDATE customers SET cc = vfpeprotect(cc, 'CC_NUM');

Please note that the single quotes around the format name are required: the function call will
fail with double quotes. Also recall the parameter 'CC_NUM' references a data protection format
defined within the Voltage SDE infrastructure.

5.4 Re-identifying sensitive data

We can demonstrate the use of vfpeaccess to re-identify sensitive data. To do so, execute the
following query:

SELECT vfpeaccess(cc, 'cc') FROM customers WHERE id = 1;

And compare the result set with the original data contained in the customers.csv file. Note the
original and re-identified values are identical.

5.5 Further testing with another data protection format

Congratulations! You’ve successfully integrated Voltage SecureData with Aster! We present the
following exercise to the reader as an example test case for further understanding of how to configure
and use this example code:
1. Protect the ssn column in both the customers and loyalty tables using the vfpeprotect
function and an UPDATE query.
2. Demonstrate the use of analytics on de-identified data by executing the following query:
SELECT fullname, phone FROM customers, loyalty WHERE score > 848 AND
loyalty.ssn = customers.ssn;

Note this last query demonstrates how Voltage Format-Preserving Encryption maintains the integrity
of database table references. This serves as an example of distributing de-identified data to a third
party for the purpose of executing a loyalty marketing program.
Comments? Questions? Let us know if you have any questions or comments. Contact your Voltage
Security Voltage account manager or sales engineer. We’d love to hear about your experiences
integrating Voltage SecureData Enterprise with Aster, especially if we could change this guide to make
the task easier.
Aster Scalar UDF Integration Guide 13/15

Appendix A: Script Reference

The following sections include text copies of the scripts provided in the development kit.
A.1 createTrustStore.sh Script
### createTrustStore.sh
# Copy the Simple API certificate trust store to all nodes of the aster cluster
# Running user ($USER) must have password-free SSH and SCP into all nodes

### Configuration environment variables

# Change these to suit your local environment

# The directory used for building the SecureData + Aster Scalar UDF
SIMPLE_API_HOME=~/scalarUdf/simpleApi

# The certificate trust store subdirectory

LOCAL_TRUST_STORE=trustStore

# Directories where Simple API and certificates will be stored on the Aster
nodes
# Note the source code must be updated if these change
REMOTE_LIB_HOME=/usr/lib
REMOTE_TRUST_STORE=trustStore

# Root cluster name

# This script assumes sequence numbering of node host names
BASE_CLUSTER_NAME=SIAster

# Clean and rehash the local trust store directory

cd $SIMPLE_API_HOME/$LOCAL_TRUST_STORE
rm -f *.0 *.1 *.2 *.3
./c_rehash .

# Use SSH and SCP to copy the local trust store and library to the nodes
for i in $(seq 1 8);
do
ssh $BASE_CLUSTER_NAME${i} "rm -fr $REMOTE_LIB_HOME/$REMOTE_TRUST_STORE"
ssh $BASE_CLUSTER_NAME${i} "mkdir $REMOTE_LIB_HOME/$REMOTE_TRUST_STORE"
scp * $USER@$BASE_CLUSTER_NAME${i}:$REMOTE_LIB_HOME/$REMOTE_TRUST_STORE
scp $SIMPLE_API_HOME/lib/libvibesimplejava.so
$USER@$BASE_CLUSTER_NAME${i}:$REMOTE_LIB_HOME
done

A.2 buildUdf.sh Script

### Build configuration environment variables
# Change these to suit your local environment

# The directory used for building the SecureData + Aster Scalar UDF
DEV_HOME=~/scalarUdf

# The URL of the SecureData appliance that hosts the web services description
language (WSDL) for tokenization
# Substitute this URL with the URL appropriate for the build environment
WSDL_URL=https://voltage-pp-
0000.dataprotection.voltage.com/vibesimple/services/VibeSimpleSOAP?wsdl
14/15 Aster Scalar UDF Integration Guide

# A substitute URL provided as a file with the development kit

# Comment out the above variable and uncomment the below one if access
to port 443 is problematic
# Not recommended for production but helpful during development and test
# WSDL_URL=VibeSimpleSOAP.xml

# Web services JAR directory and file name

WEB_SERVICES_JAR=vibesimplesoap

# WS Import log file

WS_IMPORT_LOG=wsimport.log

# The bin directory for the Java software development kit (SDK)
# We recommend the latest Java, Java 1.8 as of this writing
JAVA_HOME=/home/beehive/toolchain/x86_64-unknown-linux-gnu/jdk1.8.0_101/bin

#Java compilation class path

#Customize this only if you cannot install the Voltage and Aster libraries in
the standard places
CLASSPATH=./*:./sqlmr-java-sdk-lib/*:./bin:./simpleApi/lib/*

### Begin build

# Set the development directory and remove previously built files

cd $DEV_HOME
echo Cleaning artifacts of previous build...
rm $DEV_HOME/*.jar $DEV_HOME/*.zip
rm -r $DEV_HOME/$WEB_SERVICES_JAR
mkdir $DEV_HOME/$WEB_SERVICES_JAR

# Build the web services JAR

$JAVA_HOME/wsimport -keep -d $WEB_SERVICES_JAR $WSDL_URL >>
$DEV_HOME/$WS_IMPORT_LOG
cd $DEV_HOME/$WEB_SERVICES_JAR; $JAVA_HOME/jar -cf ../$WEB_SERVICES_JAR.jar *;
cd ..

# Build the four UDF functions

for f in VFpeAccess VFpeProtect WebAccess WebProtect
do
echo Compiling $f.java...

# Cleanup previous function

rm -r $DEV_HOME/bin
mkdir $DEV_HOME/bin

# Compile the current function

$JAVA_HOME/javac -d bin -cp $CLASSPATH AsterLoader.java $f.java
cd $DEV_HOME/bin; $JAVA_HOME/jar -cf ../$f.jar *; cd ..

# Pack everything up into an installable ZIP file

cp $DEV_HOME/simpleApi/lib/*.jar .
zip $f.zip *.jar
echo Built $f.zip!
Aster Scalar UDF Integration Guide 15/15
# Delete the JAR file so there is no confusion between it and the ZIP
rm $DEV_HOME/$f.jar
done
echo Build script finished.

A.3 installLibraries.sql Script

\remove VFpeAccess.zip
\remove VFpeProtect.zip
\remove WebAccess.zip
\remove WebProtect.zip
\install VFpeAccess.zip
\install VFpeProtect.zip
\install WebAccess.zip
\install WebProtect.zip
GRANT EXECUTE ON FUNCTION vfpeaccess to authorized_user_name;
GRANT EXECUTE ON FUNCTION vfpeprotect to authorized_user_name;
GRANT EXECUTE ON FUNCTION webaccess to authorized_user_name;
GRANT EXECUTE ON FUNCTION webprotect to authorized_user_name;