ON KEY
Syntax
GRANT { ENCRYPT | DECRYPT | HMAC | ALL [ PRIVILEGES ] }
ON KEY key_name
TO { role_specification } [, ...] [ WITH GRANT OPTION ]
Parameters
- ON KEY
- Grant privileges on an encryption key created with the CREATE KEY command.
- ENCRYPT
- Privilege to encrypt data, using a specific key.
- DECRYPT
- Privilege to decrypt data, using a specific key.
- HMAC
- Privilege to run the
HMAC_KSfunction with a specific key as input to the function.
Examples
Grant
ENCRYPT privilege on key yb100key to user
yb100:premdb=# grant encrypt on key yb100key to yb100;
GRANTGrant both
ENCRYPT and DECRYPT privileges on key
yb100key to user
yb100:premdb=# grant all privileges on key yb100key to yb100;
GRANTGrant
HMAC privilege on a
key:premdb=# grant hmac on key playerkey to bobr;
GRANT