To demote active Personal Keys manually, you need the rights Modify
Keys and Manage Personal Keys. By default, the
right Manage Personal Keys has been assigned to the predefined
role Master Security Officer, but it can also be assigned to new user-defined roles. In
addition, you need Full access rights for the object
You can demote active Personal Keys manually, for example if a user leaves the
company. Provided that you have the right Manage Personal
you can assign the demoted Personal Key of this user to other
users to give them read-only access to files encrypted with this key. But they
cannot use this key for encrypting files.
Note: This cannot be undone. A demoted
Personal Key can never become an active Personal Key for any user again.
In the SafeGuard Management Center, select Users and
In the navigation area, select the required user.
In the Key tab, right-click the required
Active Personal Key and select Demote
Personal Key from the context menu.
The key is demoted. It is still a Personal Key, but cannot be used as an active
Personal Key anymore. If a File Encryption rule defines a Personal Key to be used for
encryption and the user does not have an active Personal Key, the SafeGuard Enterprise
Server automatically creates it.