问题
I would like to implement certificates on my sql server in order to encrypt data.
Users need abilty to open symetric key and to use the certificate in order to encrypt and decrypt data.
What the minimum permisdions i need to grant them ?
Also, in a scenario where a hacker got my mdf file , can he do something with data ?( if i put the permissions you gave me)
回答1:
We had the same issue. We solved it by granting the user (who was only in the db_datareader and db_datawriter roles) explicit "Control" rights on the certificate and explicit "references" rights on the Symmetric key. I am looking now for a query to use to show these explicit rights as the query on sys.permissions table fails to show these rights.
Also if a hacker got your mdf file, he still could not decrypt your key unless he had your password to the Database Master Key because you need to open the Database Master Key in order to link it to the Service Master key on the new server otherwise it won't work.
来源:https://stackoverflow.com/questions/7858313/sql-server-permissions-to-use-symetric-keys-certificates