Once a user has been assigned a key copy, he or she can use alter encryption key to modify the key copy’s password.
This example shows how a user assigned a key copy alters the copy to access data through his or her personal password:
Key custodian Razi (whose UID is “razi”) sets up a key copy on an existing key for Bill and encrypts it with a temporary password:
alter encryption key key1 with passwd 'MotherOfSecrets' add encryption with passwd 'just4bill' for user bill
Razi sends Bill his password for access to data through key1.
Bill assigns a private password to his key copy:
alter encryption key razi.key1 with passwd 'just4bill' modify encryption with passwd 'billswifesname'
Only Bill can change the password on his key copy. When Bill enters the command above, Adaptive Server verifies that a key copy exists for Bill. If no key copy exists for Bill, Adaptive Server assumes the user is attempting to modify the password on the base key and issues an error message:
Only the owner of object '<keyname>'
or a user with
sso_role
can run this command.
You cannot create key copies for user “guest” for login association. Encrypting a key copy with a login password requires two-steps.
