The key owner must grant select permission on the key before another user can specify the key in a create table, alter table, and select into statements. For the database default key, the owner is the System Security Officer. Grant select permission on keys only on an “as needed” basis.
The following example allows users with db_admin_role to use the encryption key “safe_key” when specifying encryption on create table and alter table statements:
grant select on safe_key to db_admin_role
Users who process encrypted columns through insert, update, delete, and select do not need select permission on the encryption key.
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
