Note: This question is part of a series of questions that use the same or similar answer choices. An answerchoice may be correct for more than one question in the series. Each question is independent of the other
questions in this series. Information and details provided in a question apply only to that question.
You are the database administrator for a company that hosts Microsoft SQL Server. You manage both onpremises and Microsoft Azure SQL Database environments.
You plan to delegate encryption operations to a user.
You need to grant the user permission to implement cell-level encryption while following the principle of least
privilege.
Which permission should you grant?
A.
DDLAdmin
B.
db_datawriter
C.
dbcreator
D.
dbo
E.
View Database State
F.
View Server State
G.
View Definition
H.
sysadmin
Explanation:
The following permissions are necessary to perform column-level encryption, or cell-level encryption.
CONTROL permission on the database.
CREATE CERTIFICATE permission on the database. Only Windows logins, SQL Server logins, and
application roles can own certificates. Groups and roles cannot own certificates.
ALTER permission on the table.
Some permission on the key and must not have been denied VIEW DEFINITION permission.
https://docs.microsoft.com/en-us/sql/relational-databases/security/encryption/encrypt-a-column-ofdata