revoke create encryption key

The SSO can revoke the permission to create encryption keys from users, groups, and roles:

The syntax is:

revoke create encryption key from user | role | group