Product DocumentationAppearance
ON KEY
Syntax
GRANT { ENCRYPT | DECRYPT | HMAC | ALL [ PRIVILEGES ] }
ON KEY key_name
TO { role_specification } [, ...] [ WITH GRANT OPTION ]Parameters
- ON KEY
- Grant privileges on an encryption key created with the CREATE KEY command.
- ENCRYPT
- Privilege to encrypt data, using a specific key.
- DECRYPT
- Privilege to decrypt data, using a specific key.
- HMAC
- Privilege to run the
HMAC_KSfunction with a specific key as input to the function.
Examples
Grant ENCRYPT privilege on key yb100key to user yb100:
premdb=# grant encrypt on key yb100key to yb100;
GRANTGrant both ENCRYPT and DECRYPT privileges on key yb100key to user yb100:
premdb=# grant all privileges on key yb100key to yb100;
GRANTGrant HMAC privilege on a key:
premdb=# grant hmac on key playerkey to bobr;
GRANT