If you are using restricted decrypt permission, you can assign the privileges for creating the task’s schema and managing keys as follows:
System security officer – configures restricted decrypt permission, creates encryption keys, grants select permission on keys to the database owner, and grants decrypt permission to the end user.
Database owner – creates the schema and loads data.
