<div>
<div class="content wysiwyg-content">
a login needs permission to <br />
OPEN MASTER KEY <br />
&amp;<br />
OPEN SYMMETRIC KEY<br />
<br />
but it was denied but after researching gave the below permissions<br />
CONTROL (grant CONTROL &nbsp;to user). now it is able to do the above two open.<br />
<br />
but now it has CONTROL on whole database. is it possible to isolate or minimize its control to just the two elements (OPENs) and not the whole db?
</div>
</div>


a login needs permission to 
OPEN MASTER KEY 
&
OPEN SYMMETRIC KEY

but it was denied but after researching gave the below permissions
CONTROL (grant CONTROL  to user). now it is able to do the above two open.

but now it has CONTROL on whole database. is it possible to isolate or minimize its control to just the two elements (OPENs) and not the whole db?

giving 'limited' CONTROL permission to a login (SQL2012)

Microsoft SQL Server 2008 is a suite of relational database management system (RDBMS) products providing multi-user database access functionality.Component services include integration (SSIS), reporting (SSRS), analysis (SSAS), data quality, master data, T-SQL and performance tuning. Major improvements include the  Always On technologies and support for unstructured data types.