Question 3
You are the database administrator for a company that hosts Microsoft SQL Server. You manage both on-premises and Microsoft Azure SQL Database environments. You plan to delegate encryption operations to a user. You need to grant the user permission to implement cell-level encryption while following the principle of least privilege. Which permission should you grant?
Correct answer: G
Explanation:
The following permissions are necessary to perform column-level encryption, or cell-level encryption: - CONTROL permission on the database. - CREATE CERTIFICATE permission on the database. Only Windows logins, SQL Server logins, and application roles can own certificates. Groups and roles cannot own certificates. - ALTER permission on the table. - Some permission on the key and must not have been denied VIEW DEFINITION permission. https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-of-data
The following permissions are necessary to perform column-level encryption, or cell-level encryption:
- CONTROL permission on the database.
- CREATE CERTIFICATE permission on the database. Only Windows logins, SQL Server logins, and application roles can own certificates. Groups and roles cannot own certificates.
- ALTER permission on the table.
- Some permission on the key and must not have been denied VIEW DEFINITION permission.
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-of-data