The following rules apply to security constraint UDFs:
- The function must be a scalar UDF written in C or C++.
- The UDF cannot be an overloaded function.
- The UDF must reside in the SYSLIB database.
- If the security constraint object is defined with the NULL option, then the parameter style must be SQL to allow nulls. If the constraint object does not allow nulls, then the parameter style must be TD_GENERAL.
- You must drop the security constraint object before you can drop any security UDFs associated with the constraint. However, you can alter or replace the UDF as long as the replaced UDF contains the required parameters for the constraint definition.