<a href="http://g.adspeed.net/ad.php?do=clk&zid=15220&wd=468&ht=60&pair=as" target="_blank"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15220&wd=468&ht=60&pair=as" alt="i" width="468" height="60"/></a>
Log in
::
Register
::
Not logged in
Home
Tags
Articles
Editorials
Stairways
Forums
Scripts
Videos
Blogs
QotD
Books
Ask SSC
SQL Jobs
Training
Authors
About us
Contact us
Newsletters
Write for us
<a href="http://g.adspeed.net/ad.php?do=clk&zid=15491&wd=120&ht=300&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=15491&wd=120&ht=300&pair=as" alt="i" width="120" height="300"/></a>
Recent Posts
Recent Posts
Popular Topics
Popular Topics
Home
Search
Members
Calendar
Who's On
Home
»
Article Discussions
»
Article Discussions by Author
»
Discuss Content Posted by Robert Pearl
»
SSIS Package Credentials
12 posts, Page 2 of 2
««
1
2
SSIS Package Credentials
Rate Topic
Display Mode
Topic Options
Author
Message
thierry.vandurme
thierry.vandurme
Posted Friday, December 11, 2009 2:23 AM
Mr or Mrs. 500
Group: General Forum Members
Last Login: 2 days ago @ 2:48 AM
Points: 583,
Visits: 287
I'm missing some things here (principal, job owner, ...). I doubt this (and the link to the summary on codeproject) is the recommended way if you want it to be "totally" secure (if that's ever possible).
The articles grant sysadmin and all MSDB roles. What for? This is way too much (in most cases). Plus, you are assigning all 3 msdb roles. You don't want this login to see ALL jobs, right? They should only see their own jobs. Check BOL and see that these roles follow a hierarchy (the most privileged one includes the permission from the other two). It's like people assigning a login the sysadmin server role AND the securityadmin role. The first one already includes all privileges...
You should be assigning a principal (needs only the public server role) access to the proxy, run the job step under the proxy, set the job owner to the SQL login, grant only the SQLAgentUserRole msdb role to the SQL login, set appropriate permissions on the dtsx file and folder it resides in, ...
We did it like this and it works fine. It needs a lot of work and maintenance though.
Post #832770
m--S3qU3L
m--S3qU3L
Posted Tuesday, July 20, 2010 4:44 AM
SSC Veteran
Group: General Forum Members
Last Login: Monday, November 19, 2012 11:30 PM
Points: 290,
Visits: 713
Hi,
I have a doubt regarding the final article ('How to Schedule and Run a SSIS Package job') mentioned in this article.
Why do we need to give sysadmin server role to the 'executor login' as the whole concept of proxy account is for executing job for under priviledged logins.
Please could any one clarify?
Thanks in advance
John
Post #955421
« Prev Topic
|
Next Topic »
12 posts, Page 2 of 2
««
1
2
Permissions
You
cannot
post new topics.
You
cannot
post topic replies.
You
cannot
post new polls.
You
cannot
post replies to polls.
You
cannot
edit your own topics.
You
cannot
delete your own topics.
You
cannot
edit other topics.
You
cannot
delete other topics.
You
cannot
edit your own posts.
You
cannot
edit other posts.
You
cannot
delete your own posts.
You
cannot
delete other posts.
You
cannot
post events.
You
cannot
edit your own events.
You
cannot
edit other events.
You
cannot
delete your own events.
You
cannot
delete other events.
You
cannot
send private messages.
You
cannot
send emails.
You
may
read topics.
You
cannot
rate topics.
You
cannot
vote within polls.
You
cannot
upload attachments.
You
may
download attachments.
You
cannot
post HTML code.
You
cannot
edit HTML code.
You
cannot
post IFCode.
You
cannot
post JavaScript.
You
cannot
post EmotIcons.
You
cannot
post or upload images.
Copyright © 2002-2013 Simple Talk Publishing. All Rights Reserved.
Privacy Policy.
Terms of Use.
Report Abuse.
