Friday, March 30, 2012

Restrict Key to SA only in SQL 2005

I have data that I want to encrypt and have the key avaiable to SA
users only. How can I revoke (or prevent) DBO from using the key? I
tried
deny view definition on symmetric key::SSKey to dbo
and got...
Cannot grant, deny, or revoke permissions to sa, dbo,
information_schema, sys, or yourself.
Any suggestions?
JimYou can have SA be the only dbo in that database or you can protect the key
with a password that is only known to SA and is the only encryption method
for the key.
Laurentiu Cristofor [MSFT]
Software Design Engineer
SQL Server Engine
http://blogs.msdn.com/lcris/
This posting is provided "AS IS" with no warranties, and confers no rights.
"Jim Youmans" <jdyoumans@.gmail.com> wrote in message
news:1147976354.347670.55540@.i40g2000cwc.googlegroups.com...
>I have data that I want to encrypt and have the key avaiable to SA
> users only. How can I revoke (or prevent) DBO from using the key? I
> tried
> deny view definition on symmetric key::SSKey to dbo
> and got...
> Cannot grant, deny, or revoke permissions to sa, dbo,
> information_schema, sys, or yourself.
> Any suggestions?
> Jim
>

No comments:

Post a Comment