数据加密的密钥和证书要设置对应的权限
一,对加密机制的权限管理
对证书、对称密钥和非对称密钥的权限管理,可以授予的权限是 CONTROL, TAKE OWNERSHIP,ALTER,REFERENCES和VIEW DEFINITION。
对证书、对称密钥和非对称密钥的权限管理,Grant命令的格式是一致的
GRANT permission [ ,...n ] ON class :: securable TO principal [ ,...n ] class :: securable = ASYMMETRIC KEY :: asymmetric_key_name |SYMMETRIC KEY :: symmetric_key_name |CERTIFICATE :: certificate_name
举个例子,授予Principal引用证书的权限:
GRANT REFERENCES ON CERTIFICATE :: my_certificate_name TO user1,domain_user2
二,视图
查看系统中已存在的证书、对称密钥和非对称密钥:
- sys.certificates
- sys.asymmetric_keys
- sys.symmetric_keys
参考文档:
Security Catalog Views (Transact-SQL)
GRANT Certificate Permissions (Transact-SQL)