SetEncryptionKey Element (XMLA)
Resets or refreshes the instance encryption key for the Microsoft SQL Server Analysis Services instance.
Syntax
<Command>
<SetEncryptionKey Reset="boolean">
<Key>...</Key>
</SetEncryptionKey>
</Command>
Element Characteristics
Characteristic |
Description |
|---|---|
Data type and length |
String |
Default value |
None |
Cardinality |
0-n: Optional element that can occur more than once. |
Attributes
Attribute |
Description |
|---|---|
Reset |
Optional Boolean attribute. If set to True, the encryption key is reset and the contents of the EncryptionKey element are ignored. Otherwise, the EncryptionKey element must contain a valid encryption key. |
Remarks
The SetEncryptionKey command resets or updates the instance encryption key for an Analysis Services instance.
When an Analysis Services instance is first installed, an encryption key is defined for that instance. The instance encryption key is based on the security credentials of the Windows user account supplied for the Analysis Services service during installation, and can be decrypted only by using the same security credentials.
When an Analysis Services database is then created on the Analysis Services instance, the instance creates a database encryption key. The database encryption key is used to encrypt and decrypt secrets for the database, such as security credentials used to connect to data sources defined in the database. The instance uses the instance encryption key to encrypt the database encryption key.
If the Analysis Services instance can no longer decrypt the instance encryption key, data and metadata on that instance become inaccessible. There are several situations where the instance will be unable to decrypt the instance encryption key:
The Windows user account is changed for the Analysis Services instance through any method or utility other than SQL Server Configuration Manager, such as the Service Control Manager (SCM).
The Windows user account specified for the Analysis Services instance is no longer valid.
Failure of the computer running the Analysis Services instance requires the data folder to be moved to another computer.
The SetEncryptionKey method can change the existing instance encryption key either to an encryption key specified in the Key property of the command, or to a system-generated encryption key created by setting the Reset property of the command to true.
.gif "Security note") Security Note |
|---|
This command can only be executed by server administrators. |