sp_pdw_database_encryption (Azure Synapse Analytics)
Applies to: 
Azure Synapse Analytics
Analytics Platform System (PDW)
Use sp_pdw_database_encryption to enable transparent data encryption on for a Azure Synapse Analytics appliance. When sp_pdw_database_encryption set to 1, use the ALTER DATABASE statement to encrypt a database by using TDE.
Syntax
-- Syntax for Azure Synapse Analytics and Parallel Data Warehouse
sp_pdw_database_encryption [ [ @enabled = ] enabled ] ;
Note
This syntax is not supported by serverless SQL pool in Azure Synapse Analytics.
Parameters
[ @enabled = ] enabled
Determines whether transparent data encryption is enabled. enabled is int, and can be one of the following values:
0 = Disabled
1 = Enabled
Executing sp_pdw_database_encryption without parameters returns the current state of TDE on the appliance as a scalar result set: 0 for disabled, or 1 for enabled.
Return Code Values
0 (success) or 1 (failure)
Remarks
When the TDE is enabled using sp_pdw_database_encryption, the tempdb database is dropped, recreated and encrypted. For that reason, the TDE cannot be enabled on an appliance while there are other active sessions using tempdb. Enabling or disabling TDE on an appliance is an action that changes the state of the appliance, in most cases is expected to be performed once in the appliance lifetime, and should be executed when there is no traffic on the appliance.
Permissions
Requires membership in the sysadmin fixed database role, or CONTROL SERVER permission.
Example
The following example enables TDE on the appliance.
EXEC sys.sp_pdw_database_encryption 1;
See also
sp_pdw_database_encryption_regenerate_system_keys (Azure Synapse Analytics)
sp_pdw_log_user_data_masking (Azure Synapse Analytics)
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for