Once a user has been assigned a key copy, he or she can use alter encryption key to modify the key copy’s password.
This example shows how a user assigned a key copy alters the copy to access data through his or her personal password:
Key custodian “razi” sets up a key copy on an existing key for “bill” and encrypts it with a temporary password:
alter encryption key key1 with passwd 'MotherOfSecrets' add encryption with passwd 'just4bill' for user bill
“razi” sends “bill” his password for access to data through key1.
“bill” assigns a private password to his key copy:
alter encryption key razi.key1 with passwd 'just4bill' modify encryption with passwd 'billswifesname'
Only “bill” can change the password on his key copy. When “bill” enters the command above, Adaptive Server verifies that a key copy exists for “bill”. If no key copy exists for “bill”, Adaptive Server assumes the user is attempting to modify the password on the base key and issues an error message:
Only the owner of object '<keyname>'
or a user with
sso_role
can run this command.
You cannot create key copies for user “guest” for login association. Encrypting a key copy with a login password requires two-steps.
