Updated on 2024-05-07 GMT+08:00

DROP COLUMN ENCRYPTION KEY

Description

CREATE COLUMN ENCRYPTION KEY deletes a column encryption key (CEK).

Precautions

Only the CEK owner or a user who has been granted the DROP permission can run this command. By default, the system administrator has this permission.

Syntax

1
DROP COLUMN ENCRYPTION KEY [ IF EXISTS ] client_column_key_name [, ...] [ CASCADE | RESTRICT ];

Parameters

  • IF EXISTS

    If a specified CEK does not exist, a notice rather than an error is issued.

  • client_column_key_name

    Name of a CEK to be deleted.

    Value range: a string. It is the name of an existing CEK.

  • CASCADE | RESTRICT

    For fully-encrypted databases, this syntax is high-risk operation. Actually, encrypted columns that depend on CEKs cannot be deleted.

Examples

1
2
3
4
-- Delete a CEK.
gaussdb=# DROP COLUMN ENCRYPTION KEY ImgCEK CASCADE;
ERROR:  cannot drop column setting: imgcek cascadely because encrypted column depend on it.
HINT:  we have to drop encrypted column: name, ... before drop column setting: imgcek cascadely.