Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase 12»»

Run an SSIS Package Under a Different Account Expand / Collapse
Author
Message
Posted Wednesday, March 24, 2010 9:46 PM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Thursday, August 08, 2013 11:35 PM
Points: 22, Visits: 100
Comments posted to this topic are about the item Run an SSIS Package Under a Different Account
Post #889515
Posted Thursday, March 25, 2010 3:56 AM
UDP Broadcaster

UDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP BroadcasterUDP Broadcaster

Group: General Forum Members
Last Login: Thursday, April 17, 2014 8:05 AM
Points: 1,451, Visits: 2,911
Food for thought, I can see many uses for this.

Thanks


Facts are stubborn things, but statistics are more pliable - Mark Twain
Carolyn
SQLServerSpecialists
Post #889635
Posted Thursday, March 25, 2010 4:19 AM
Forum Newbie

Forum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum NewbieForum Newbie

Group: General Forum Members
Last Login: Thursday, May 17, 2012 4:45 AM
Points: 1, Visits: 4
It was very useful! Thank you for the article.

Vitor
Post #889648
Posted Thursday, March 25, 2010 7:28 AM
SSC Veteran

SSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC VeteranSSC Veteran

Group: General Forum Members
Last Login: Wednesday, April 16, 2014 8:07 AM
Points: 235, Visits: 714
"The ETLadmin account, which is a domain account that we use it to run SSIS packages, does not have the right permission to access views in that database even if it has sysadmin permission on that SQL Server instance."

Could the author please explain this a bit further? How can a database user with sysadmin permissions on the instance not be able to read any data it wants? I admit that with only 4 years DBA experience I'm not a SQL Server guru, but I find it hard to believe that this is truely the case.
Post #889797
Posted Thursday, March 25, 2010 9:39 AM
Mr or Mrs. 500

Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500Mr or Mrs. 500

Group: General Forum Members
Last Login: 2 days ago @ 5:57 PM
Points: 535, Visits: 729
Short, sweet and to the point! My favorite type of article.

I would also like an explanation as to how can sysadmin account not be able to read certain database tables?



Post #889933
Posted Thursday, March 25, 2010 10:44 AM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Thursday, August 08, 2013 11:35 PM
Points: 22, Visits: 100
It is true that a sysadmin loin has the permission to read all database objects. But many applications use views to control the data access.
For example, user logins are saved in a table, and grouped by permissions or positions. A view displays different employee data according to the current login. If the login is a department supervisor, then the view only return employees from this department. If the login is CEO, then it returns all employees. Or only if the login is HR user, the review returns salary, otherwise salary is null.
This permission control has nothing to do with the database permission.
If you know the database structure, you can run a query against tables instead of views. But unfortunately sometime purchased third party applications are not allowing you to know the inside of the database. And in most cases, the queries can be very complicated.
To make it worse, after an upgrade, tables could be changed.
Post #890010
Posted Thursday, March 25, 2010 11:39 AM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Today @ 5:46 PM
Points: 20,466, Visits: 14,100
Useful article on the use of Proxy accounts.

Thanks for the article.




Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server


SQL RNNR

Posting Performance Based Questions - Gail Shaw
Posting Data Etiquette - Jeff Moden
Hidden RBAR - Jeff Moden
VLFs and the Tran Log - Kimberly Tripp
Post #890087
Posted Thursday, March 25, 2010 12:14 PM
Grasshopper

GrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopperGrasshopper

Group: General Forum Members
Last Login: Thursday, August 08, 2013 11:35 PM
Points: 22, Visits: 100
Thanks for all the comments. It's encouraging.
Post #890138
Posted Thursday, March 25, 2010 12:35 PM


SSC-Insane

SSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-InsaneSSC-Insane

Group: General Forum Members
Last Login: Today @ 5:46 PM
Points: 20,466, Visits: 14,100
Grey Cat (3/25/2010)
Thanks for all the comments. It's encouraging.


You're welcome.




Jason AKA CirqueDeSQLeil
I have given a name to my pain...
MCM SQL Server


SQL RNNR

Posting Performance Based Questions - Gail Shaw
Posting Data Etiquette - Jeff Moden
Hidden RBAR - Jeff Moden
VLFs and the Tran Log - Kimberly Tripp
Post #890158
Posted Friday, March 26, 2010 10:15 AM
Old Hand

Old HandOld HandOld HandOld HandOld HandOld HandOld HandOld Hand

Group: General Forum Members
Last Login: Tuesday, April 15, 2014 4:45 PM
Points: 389, Visits: 153
The facet thing works only on SQL 2008.

If you were to run it in SQL2005, you'll have to use runas along with other parameters
Post #890803
« Prev Topic | Next Topic »

Add to briefcase 12»»

Permissions Expand / Collapse