KB #240041: Transparent Views do not decrypt columns, even though the User is Authorized
Type:
Information
Summary:
When using the NetLib Encryptionizer Column Encryption (Col-E) Manager, a Transparent View is created, and users are assigned to the authorized database roles. But the view does not return decrypted values for the authorized users.
Additional Information:
There may be several reasons why the views do not return decrypted values, even though the user is assigned to an authorized database role as configured in Col-E
User is also assigned to the System Administrator Server Role. Users assigned to the SysAdmin Server Role do not automatically have access to the encrypted data, even if they are assigned to the authorized DB role. In order for System Administrators to be able to have access to encrypted data, you must add System Administrators to authorized roles in the Manage Permissions section of the Col-E Manager.
User is not authorized to execute extended stored procedures in the master database. NetLib Encryptionizer Column Encryption makes use of extended stored procedures which can only be stored in the master database of a SQL Server instance. If a user is not assigned to the System Administrator role, they may not have automatic access to these extended store procedures. This can be remedied through the use of Cross Database Chaining. See KB 240035: SQL Error: Execute permission denied on object xp_n_*
