Solved

How do I find and/or grant permissions to a SQL encryption key for a specific user?

Posted on 2014-03-20
5
936 Views
Last Modified: 2014-03-26
First, I am working with a database I did not setup let alone encrypt.  I'm just in charge of creating some stored procs and getting them accessible to a SQL account user.

I can run the stored procs within SSMS but when I try to reach them through a web service I have created to serve up the data I get this error...

"Cannot find the symmetric key 'SKEY_DataEncryption', because it does not exist or you do not have permission."

How do I find the key? (Do I even need to find it...?)
How do I grant the necessary permissions to my web service designated user account within SQL Server 2008?

Thanks!
0
Comment
Question by:Bruce
  • 3
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
lcohan earned 500 total points
ID: 39943250
GRANT permission:

http://technet.microsoft.com/en-us/library/ms179887(v=sql.100).aspx
<<
GRANT CONTROL
ON CERTIFICATE :: certificate_name
TO username
>>

Find permissions at server level:

-- server logins and their server level permissions:
            SELECT SP1.[name] AS 'Login', 'Role: ' + SP2.[name] COLLATE DATABASE_DEFAULT AS 'ServerPermission'
            FROM sys.server_principals SP1
              JOIN sys.server_role_members SRM ON SP1.principal_id = SRM.member_principal_id
              JOIN sys.server_principals SP2 ON SRM.role_principal_id = SP2.principal_id
            UNION
            SELECT distinct SP.[name] AS 'Login' , 'Permissions: ' + SPerm.state_desc + ' ' + SPerm.permission_name COLLATE DATABASE_DEFAULT AS 'ServerPermission'  FROM sys.server_principals SP  
            JOIN sys.server_permissions SPerm  ON SP.principal_id = SPerm.grantee_principal_id  
            ORDER BY [Login], [ServerPermission] desc;
0
 
LVL 1

Author Comment

by:Bruce
ID: 39943367
I ran the GRANT command and received a success message but am still getting the same error

"Cannot find the symmetric key 'SKEY_DataEncryption', because it does not exist or you do not have permission."
0
 
LVL 39

Expert Comment

by:lcohan
ID: 39943398
" but am still getting the same error"

When/Where are you getting the error and what SQL Login are you using when you get the error? Same like you just granted permissions as per above?
0
 
LVL 1

Assisted Solution

by:Bruce
Bruce earned 0 total points
ID: 39945349
I was able to get this working by granting control to both the certificate and the symmetric key.  Not sure why but it works now...

GRANT CONTROL
ON CERTIFICATE :: CERT_KeyAccess
TO AgentApplication

GRANT CONTROL
ON SYMMETRIC KEY :: SKEY_DataEncryption
TO AgentApplication
0
 
LVL 1

Author Closing Comment

by:Bruce
ID: 39955478
I added an additional SQL statement that completed the explanation of the solution to the issue I was asking about...
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SQL Error in WHERE Clause 5 39
Can't connect to new installation of SQL Server 2016 6 29
Sql Join Problem 2 27
Query / Window function ? 3 16
Why is this different from all of the other step by step guides?  Because I make a living as a DBA and not as a writer and I lived through this experience. Defining the name: When I talk to people they say different names on this subject stuff l…
In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.
Viewers will learn how the fundamental information of how to create a table.
Viewers will learn how to use the UPDATE and DELETE statements to change or remove existing data from their tables. Make a table: Update a specific column given a specific row using the UPDATE statement: Remove a set of values using the DELETE s…

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now