When using Always Encrypted in SQL Server 2016, how do I as the DBA view the data?

Published On: 2016-05-04By:

The short answer is, you don’t.

The entire point of Always Encrypted is that the DBA can’t view or modify the data using SQL Server Management Studio. The only way to view and change the data is by using the front end application that created the data. This means that if someone submits a ticket to your team to change some data, you won’t be able to. You’ll have to refer that ticket back to someone in the business to have them make the change using the application just like a normal user would as you can’t touch the data.

Denny

The post When using Always Encrypted in SQL Server 2016, how do I as the DBA view the data? appeared first on SQL Server with Mr. Denny.

Contact the Author | Contact DCAC

One response to “When using Always Encrypted in SQL Server 2016, how do I as the DBA view the data?”

  1. zippy1981 says:

    In a proper environment, thats true. However, if the DBA gets a copy of the certificate, then he just needs to add “Column Encryption Setting=enabled” to SSMS. I’ve been told (and will verify by Philly) that as of RC3 you actually need the certificate on the server so if the DBA has local admin on the OS hosting the server, they could get the certificate in most scenarios.

    Its definitely possible to prevent the DBA from getting the certificate, and its probably possible (read: I never tried, but its my understanding) to use azure key store in such a way that the only people with access to the keys don’t have access to the database.

Video

Globally Recognized Expertise

As Microsoft MVP’s and Partners as well as VMware experts, we are summoned by companies all over the world to fine-tune and problem-solve the most difficult architecture, infrastructure and network challenges.

And sometimes we’re asked to share what we did, at events like Microsoft’s PASS Summit 2015.

Awards & Certifications

Microsoft Partner       Insights Sccess Award    Technology Headlines Award    Golden Bridge Gold Award    CIO Review Top 20 Azure Solutions Providers    VMWare Partner
Microsoft Certified Master    Microsoft MVP
Share via