Reputation: 148524
Sql server permissions to use symetric keys && certificates?
I would like to implement certificates on my sql server in order to encrypt data.
Users need abilty to open symetric key and to use the certificate in order to encrypt and decrypt data.
What the minimum permisdions i need to grant them ?
Also, in a scenario where a hacker got my mdf file , can he do something with data ?( if i put the permissions you gave me)
Upvotes: 0
Views: 1069
Answers (1)
Reputation: 36
We had the same issue. We solved it by granting the user (who was only in the db_datareader and db_datawriter roles) explicit "Control" rights on the certificate and explicit "references" rights on the Symmetric key. I am looking now for a query to use to show these explicit rights as the query on sys.permissions table fails to show these rights.
Also if a hacker got your mdf file, he still could not decrypt your key unless he had your password to the Database Master Key because you need to open the Database Master Key in order to link it to the Service Master key on the new server otherwise it won't work.
Upvotes: 2
Related Questions
- How can I give SQL Server permission to read my SSL Key?
- Grant appropriate permission to use Symmetric Key in stored proc
- SQL Server: Cross Database Query; Ownership chaining; Stored Procedure Signature/Certificate
- SQL Server Authentication and Folder Permissions
- SQL Server certificate and symmetric key
- Encrypting SQL Server Data with Certificate and Symmetric Key
- SQL Server Windows Authentication Security
- Allowing a stored procedure to select from a system table using a certificate in SQL Server 2012
- SQL Server 2008 R2 User Permissions
- SQL Server Authorization/Security Question