Solved

How do I find and/or grant permissions to a SQL encryption key for a specific user?

Posted on 2014-03-20
5
914 Views
Last Modified: 2014-03-26
First, I am working with a database I did not setup let alone encrypt.  I'm just in charge of creating some stored procs and getting them accessible to a SQL account user.

I can run the stored procs within SSMS but when I try to reach them through a web service I have created to serve up the data I get this error...

"Cannot find the symmetric key 'SKEY_DataEncryption', because it does not exist or you do not have permission."

How do I find the key? (Do I even need to find it...?)
How do I grant the necessary permissions to my web service designated user account within SQL Server 2008?

Thanks!
0
Comment
Question by:Bruce
  • 3
  • 2
5 Comments
 
LVL 39

Accepted Solution

by:
lcohan earned 500 total points
Comment Utility
GRANT permission:

http://technet.microsoft.com/en-us/library/ms179887(v=sql.100).aspx
<<
GRANT CONTROL
ON CERTIFICATE :: certificate_name
TO username
>>

Find permissions at server level:

-- server logins and their server level permissions:
            SELECT SP1.[name] AS 'Login', 'Role: ' + SP2.[name] COLLATE DATABASE_DEFAULT AS 'ServerPermission'
            FROM sys.server_principals SP1
              JOIN sys.server_role_members SRM ON SP1.principal_id = SRM.member_principal_id
              JOIN sys.server_principals SP2 ON SRM.role_principal_id = SP2.principal_id
            UNION
            SELECT distinct SP.[name] AS 'Login' , 'Permissions: ' + SPerm.state_desc + ' ' + SPerm.permission_name COLLATE DATABASE_DEFAULT AS 'ServerPermission'  FROM sys.server_principals SP  
            JOIN sys.server_permissions SPerm  ON SP.principal_id = SPerm.grantee_principal_id  
            ORDER BY [Login], [ServerPermission] desc;
0
 
LVL 1

Author Comment

by:Bruce
Comment Utility
I ran the GRANT command and received a success message but am still getting the same error

"Cannot find the symmetric key 'SKEY_DataEncryption', because it does not exist or you do not have permission."
0
 
LVL 39

Expert Comment

by:lcohan
Comment Utility
" but am still getting the same error"

When/Where are you getting the error and what SQL Login are you using when you get the error? Same like you just granted permissions as per above?
0
 
LVL 1

Assisted Solution

by:Bruce
Bruce earned 0 total points
Comment Utility
I was able to get this working by granting control to both the certificate and the symmetric key.  Not sure why but it works now...

GRANT CONTROL
ON CERTIFICATE :: CERT_KeyAccess
TO AgentApplication

GRANT CONTROL
ON SYMMETRIC KEY :: SKEY_DataEncryption
TO AgentApplication
0
 
LVL 1

Author Closing Comment

by:Bruce
Comment Utility
I added an additional SQL statement that completed the explanation of the solution to the issue I was asking about...
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article explains how to reset the password of the sa account on a Microsoft SQL Server.  The steps in this article work in SQL 2005, 2008, 2008 R2, 2012, 2014 and 2016.
JSON is being used more and more, besides XML, and you surely wanted to parse the data out into SQL instead of doing it in some Javascript. The below function in SQL Server can do the job for you, returning a quick table with the parsed data.
Familiarize people with the process of retrieving data from SQL Server using an Access pass-thru query. Microsoft Access is a very powerful client/server development tool. One of the ways that you can retrieve data from a SQL Server is by using a pa…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now