My Profile
Sign Out
Tickets
Knowledge Base
Login
Articles in this section
Category / Section
  2. Data Sources

How to access the SQL Server encrypted columns in an SQL connector in Bold BI

Published:

What are ‘Always Encrypted’ Columns?

“Always Encrypted” is a feature in SQL Server that helps protect sensitive data, such as credit card numbers or national identification numbers, stored in SQL Server databases. Here’s a brief overview:

Definition:

Always Encrypted is a security feature that ensures sensitive data is encrypted and decrypted transparently to the application, not to the database itself. This means that data is encrypted in the database and only decrypted by the application that retrieves it.

Key Features:
End-to-End Encryption:

Data is encrypted at the client side and remains encrypted during transmission and storage. Only authorized users and applications with the necessary decryption keys can view the data in plaintext.

Encryption Types:

Deterministic Encryption: Produces the same encrypted value for any given plaintext value, enabling operations like equality joins, group by, and distinct operations.
Randomized Encryption: Uses a method that encrypts data in a less predictable way, providing a higher level of security but not supporting equality joins, group by, and distinct operations.

How to create SQL Encrypted columns

  1. To encrypt the column in SSMS, we need to open it in admin mode.

    image.png

  2. Choose “Local Machine” as the Master Key source in the Master Key configuration because the key needs to be present on the local machine for IIS.

    image.png

  3. When SSMS is opened without administrator privileges and an attempt is made to save encrypted data, an error occurs in our Bold BI application. Please open the request in admin mode, select the Encryption key from the drop-down menu, and try again.

    ecm10.png

How to connect SQL Encrypted columns in Bold BI

  1. Establish a SQL connection using the SQL credentials and additional parameters, include the property Column Encryption Setting=Enabled and proceed to connect to the data source.

    image.png

  2. Drag and drop the encrypted table, and you will see the decrypted data.

    ecm9.png

  • Encryption is only available for Live data sources and is not supported for data sources in Extract mode.
  • At present, only Windows machines with Internet Information Services (IIS) are supported.
  • Both SQL and Bold BI applications should be installed on the same Windows machine.

If encountering an issue in Bold BI where the user saves the encrypted column without admin mode, it is necessary to follow the steps given in the previous section to resolve this issue.

image.png

Limitations in SQL encryption in Bold BI

  1. Both SQL and Bold BI applications should be installed on the same Windows machine in order to ensure compatibility with IIS, and Bold BI should be configured to use the same user account.
  2. Encryption column is supported in SQL Server Management studio 2018 or latest version
    image.png
  3. Query-level encryption is not supported because it requires a master key in IIS. Please consider encrypting the columns using SSMS 2018 or above version.
Was this article useful?
Like
Dislike
Help us improve this page
Please provide feedback or comments
BK
Written by Baskaran K
Updated
Comments (0)
Please  to leave a comment
Access denied
Access denied