?
Solved

How do I find and/or grant permissions to a SQL encryption key for a specific user?

Posted on 2014-03-20
5
Medium Priority
?
1,207 Views
Last Modified: 2014-03-26
First, I am working with a database I did not setup let alone encrypt.  I'm just in charge of creating some stored procs and getting them accessible to a SQL account user.

I can run the stored procs within SSMS but when I try to reach them through a web service I have created to serve up the data I get this error...

"Cannot find the symmetric key 'SKEY_DataEncryption', because it does not exist or you do not have permission."

How do I find the key? (Do I even need to find it...?)
How do I grant the necessary permissions to my web service designated user account within SQL Server 2008?

Thanks!
0
Comment
Question by:Bruce
  • 3
  • 2
5 Comments
 
LVL 40

Accepted Solution

by:
lcohan earned 2000 total points
ID: 39943250
GRANT permission:

http://technet.microsoft.com/en-us/library/ms179887(v=sql.100).aspx
<<
GRANT CONTROL
ON CERTIFICATE :: certificate_name
TO username
>>

Find permissions at server level:

-- server logins and their server level permissions:
            SELECT SP1.[name] AS 'Login', 'Role: ' + SP2.[name] COLLATE DATABASE_DEFAULT AS 'ServerPermission'
            FROM sys.server_principals SP1
              JOIN sys.server_role_members SRM ON SP1.principal_id = SRM.member_principal_id
              JOIN sys.server_principals SP2 ON SRM.role_principal_id = SP2.principal_id
            UNION
            SELECT distinct SP.[name] AS 'Login' , 'Permissions: ' + SPerm.state_desc + ' ' + SPerm.permission_name COLLATE DATABASE_DEFAULT AS 'ServerPermission'  FROM sys.server_principals SP  
            JOIN sys.server_permissions SPerm  ON SP.principal_id = SPerm.grantee_principal_id  
            ORDER BY [Login], [ServerPermission] desc;
0
 
LVL 1

Author Comment

by:Bruce
ID: 39943367
I ran the GRANT command and received a success message but am still getting the same error

"Cannot find the symmetric key 'SKEY_DataEncryption', because it does not exist or you do not have permission."
0
 
LVL 40

Expert Comment

by:lcohan
ID: 39943398
" but am still getting the same error"

When/Where are you getting the error and what SQL Login are you using when you get the error? Same like you just granted permissions as per above?
0
 
LVL 1

Assisted Solution

by:Bruce
Bruce earned 0 total points
ID: 39945349
I was able to get this working by granting control to both the certificate and the symmetric key.  Not sure why but it works now...

GRANT CONTROL
ON CERTIFICATE :: CERT_KeyAccess
TO AgentApplication

GRANT CONTROL
ON SYMMETRIC KEY :: SKEY_DataEncryption
TO AgentApplication
0
 
LVL 1

Author Closing Comment

by:Bruce
ID: 39955478
I added an additional SQL statement that completed the explanation of the solution to the issue I was asking about...
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever wondered why sometimes your SQL Server is slow or unresponsive with connections spiking up but by the time you go in, all is well? The following article will show you how to install and configure a SQL job that will send you email alerts includ…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Using examples as well as descriptions, and references to Books Online, show the different Recovery Models available in SQL Server and explain, as well as show how full, differential and transaction log backups are performed
Via a live example, show how to set up a backup for SQL Server using a Maintenance Plan and how to schedule the job into SQL Server Agent.
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question