[CR #395745] When executing sp_encryption 'remove_catalogs' to prepare for downgrade, you should get an error when a given key has been used to encrypt a column. No error is issued if the column and the key are in the same database, and sp_encryption removes sysencryptkeys even where there are encrypted columns in the database.
Workaround: With sso_role permissions, run:
sp_encryption help
This command prints a list of keys in the current database. For each key listed, the System Security Officer runs:
sp_encryption help, <keyname>, display_cols
The command lists the names of any columns encrypted by the key. Then use alter table to decrypt these columns before executing sp_encryption 'remove_catalogs'.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
