The SSO can transfer key ownership to a named user. Changing ownership may occur in the normal course of business, or as part of key recovery.
alter encryption key [[database.][owner].]keyname modify owner user_namewhere user_name is the name of the new key owner. This user must already be a user in the database where the key was created.
alter encryption key encr_key modify owner tinnap
A copy of key encr_key already exists for user tinnap
A user who already has a regular key copy or a recovery key copy cannot become the new owner of the key. SAP ASE does not allow a key copy to be made for a key owner.
If the previous key owner had granted any permissions on the key, the granter user ID in sysprotects system table is changed to the user ID of the new owner of the key. The ownership change is effective immediately; the new owner need not log in again for the change to take effect.