Test access to Always Encrypted keys by another user

To test access to Always Encrypted keys by another user:

  1. Log in to the client using the <domain>\dbuser2 account.

  2. Launch Microsoft SQL Server Management Studio.

  3. Connect to the database on the remote SQL server, enabling Always Encrypted.

  4. Present the OCS, select the HSM, and enter the passphrase.

  5. Perform operations on the TestDatabase, which is possible since <domain>\dbuser2 has access to the same MyCMK and MyCEK keys created by <domain>\dbuser.