Control Who Can Change Encryption Policies
Where: This change applies to Salesforce Classic, Lightning Experience, and all versions of the Salesforce app in Enterprise, Performance, Unlimited, and Developer editions.
Who: To restrict access, you need the Manage Encryption Keys permission.
Why: The Advanced Settings page has one setting to specify which security admins can handle encryption tasks, and which can continue to focus on other security-related admin jobs. You don’t have to touch the permission sets and role assignments that you spent so much time and effort on.
How: From Setup, enter Platform Encryption in the Quick Find box, and click Advanced Settings. Then select Restrict Access to Encryption Policy Settings.