DECRYPTBYKEYAUTOASYMKEY in Azure Synapse SQL Dedicated Pool

Frederick Samson 21 Reputation points
2022-04-01T15:57:05.747+00:00

The DECRYPTBYKEYAUTOASYMKEY function is available in SQL Server but NOT in Azure Synapse.

In order to be able to use Column-level Encryption (CLE) from Power BI in Direct Query mode so that some users see decrypted data and others receive null for encrypted columns, this function is required.

Otherwise one has to call OPEN SYMETRIC KEY prior to use DECRYPTBYKEY and it cannot be done from a VIEW or a TVF.

It could be done in a Stored Proc, but Power BI Direct Query mode doesn't support Stored Proc.

Best solution would be to add DECRYPTBYKEYAUTOASYMKEY to Synapse. If a user doesn't have access to the key, it doesn't fail, it simply returns null which is what we want.

Anyone know if it will be added in the future?

Frederick

Azure Synapse Analytics
Azure Synapse Analytics
An Azure analytics service that brings together data integration, enterprise data warehousing, and big data analytics. Previously known as Azure SQL Data Warehouse.
4,545 questions
{count} votes

1 answer

Sort by: Most helpful
  1. PRADEEPCHEEKATLA-MSFT 82,041 Reputation points Microsoft Employee
    2022-04-04T10:46:20.3+00:00

    Hello @Frederick Samson ,

    Welcome to the MS Q&A platform.

    Unfortunately, DECRYPTBYKEYAUTOASYMKEY is not supported in Azure Synapse SQL Dedicated Pool.

    To decrypt a column in a view (or otherwise without opening the symmetric key first) you must use DecryptByKeyAutoCert , DecryptByKeyAutoAsymKey, or DecryptByPassphrase none of which is available in Synapse SQL Pool and it only supported in SQL Server.

    Appreciate if you could share the feedback on our Azure Synapse feedback channel. Which would be open for the user community to upvote & comment on. This allows our product teams to effectively prioritize your request against our existing feature backlog and gives insight into the potential impact of implementing the suggested feature.

    Hope this will help. Please let us know if any further queries.

    ------------------------------

    • Please don't forget to click on 130616-image.png or upvote 130671-image.png button whenever the information provided helps you. Original posters help the community find answers faster by identifying the correct answer. Here is how
    • Want a reminder to come back and check responses? Here is how to subscribe to a notification
    • If you are interested in joining the VM program and help shape the future of Q&A: Here is how you can be part of Q&A Volunteer Moderators