Re: What does CONTROL permissions give on asymmetric key?
- From: Erland Sommarskog <esquel@xxxxxxxxxxxxx>
- Date: Tue, 18 Nov 2008 14:00:36 -0800
MDC (MDC@xxxxxxxxxxxxxxxxxxxxxxxxx) writes:
I am trying to determine if granting CONTROL permission on an asymmetric
key is a good or bad thing?
What does CONTROL mean in the context of the key? I want to assign it
to a database role that is used by typical users. I need to do this to
use the DecryptByKeyAutoAsymKey function in table functions, etc.
CONTROL means that you can do everything with the object that sysadmin cxan
do. Thus, with this permission, the users can drop the key and to all sorts
of things to it.
An alternative may be to sign the modules where you need to use DecryptByKey
with a certificate, and the grant a user created from the certificate
CONTROL permission on the key.
I have an article on my web site that describes this in detail:
http://www.sommarskog.se/grantperm.html.
--
Erland Sommarskog, SQL Server MVP, esquel@xxxxxxxxxxxxx
Links for SQL Server Books Online:
SQL 2008: http://msdn.microsoft.com/en-us/sqlserver/cc514207.aspx
SQL 2005: http://msdn.microsoft.com/en-us/sqlserver/bb895970.aspx
SQL 2000: http://www.microsoft.com/sql/prodinfo/previousversions/books.mspx
.
- References:
- Prev by Date: Re: Very basic login question
- Next by Date: Re: Minimal permissions needed to generate a script of all of a databa
- Previous by thread: What does CONTROL permissions give on asymmetric key?
- Next by thread: domain name change -- coonection denied
- Index(es):
Relevant Pages
|
