Download eBook (PDF) - Red Gate Software

5 – Cell-Level EncryptionCONVERT(varchar(250),COALESCE(DecryptByKeyAutoCert (CERT_ID('MyHighCert'),NULL,Identification_Value_E,1,CONVERT(nvarchar(128), Borrower_ID)),'')) AS Identification_ValueFROMdbo.Borrower_Identification;GOListing 5-13: Creating the vwBorrower_Identification view.Please note that we selected to return the column name asIdentification_Value since it is a more intuitive name than theunderlying Identification_Value_E column name.The final step in implementing this view is to grant the appropriate permissionsto it. In Requirement 6, we specified that all data modification activities wouldbe managed through stored procedures; therefore we will only grant SELECTpermissions to the view.The Borrower_Information table contains four columns, three of whichhave the sensitivity classification of "Medium". Disclosure of the column thathas the sensitivity classification of "High" is managed through the permissionsto the symmetric key that decrypts it. There are no columns with the sensitivityclassification of "Low"; therefore we will grant SELECT permissions only tothe Sensitive_high and Sensitive_medium database roles.USE HomeLending;GOGRANT SELECT ON dbo.vwBorrower_IdentificationTO Sensitive_high, Sensitive_medium;GOListing 5-14: Granting permission to access the view.Let's now verify that the permissions are effective and that the decryptionperforms as expected. As described earlier, we'll use EXECUTE AS USER toimpersonate a user that is a member of the Sensitive_high database role,a user that is a member of the Sensitive_medium database role and a user120