Changing ownership may occur in the normal course of business, or as part of key recovery. This command, when executed by the SSO, transfers key ownership to a named user:
alter encryption key [[database.][owner].]keyname modify owner user_name
Where user_name is the name of the new key owner. This user must already be a user in the database where the key was created.
For example, if “razi” is the key custodian, and owns the key encr_key, but is being replaced by a new key custodian named “tinnap”, change the key ownership using:
alter encryption key encr_key modify owner tinnap
Only the SSO or the key owner can run this command.If the new owner already has a copy of the key, you see:
A copy of key encr_key already exists for user tinnap
A user who already has a regular key copy or a recovery key copy cannot become the new owner of the key. Adaptive Server does not allow a key copy to be made for a key owner.
If the previous key owner had granted any permissions on the key, the grantor uid in sysprotects system table is changed to the uid of the new owner of the key. The ownership change is effective immediately; the new owner need not log in again for the change to take effect.
