December 17, 2009 at 1:52 pm
I am having a "security issue" with SSIS.
I need to move files from one Network Share to another Network Share.
I have written a very basic Script Task to move the test file and it works when I run it in BIDS after I granted myself access to the Shared Drives.
However, when I schedule the job, I get permissons errors.
Now, I know the reason is because the SQL Server Agent runs under Local System.
When I switch the log on Account to Network Service and run the Job, I get the error that the Network Service Account doesn't have access to the folder the Package is located in.
Any ideas on what I should do? I read that SSIS doesn't like shared drives, some I am close to telling management that the files need to be loaded onto the SQL Server Machine instead of the File Server.
Windows 2003 Server
SQL Server 2005
December 17, 2009 at 2:52 pm
SSIS not liking share drive is not the issue because SSIS cannot get to any location without the Agent so it is dependent on the account used to run the Agent and permissions of the owner of the package and Agent job. Check the first link below for accounts used to run the Agent which you can change in configuration manager right click properties change account. The second link is about permissions to run SSIS package in a network share.
http://msdn.microsoft.com/en-us/library/ms345380.aspx
http://www.sqlservercentral.com/Forums/Topic661486-148-1.aspx
Kind regards,
Gift Peddie
December 17, 2009 at 7:13 pm
SSCrazy, thanks for responding.
First, the account the SQL Server Agent runs under currently is Local System.
Second, the owner of the package will be the sa account.
So is it implied that I need to get with my company's Network Group and have a special Domain Account that is a Domain Admin created and this is what the SQL Server Agent would run under and it will be the owner of package?
I'm hoping there is another way besides having to create a special account.
Let me know if I am not understanding correctly.
December 17, 2009 at 7:33 pm
Mike Green-427952 (12/17/2009)
SSCrazy, thanks for responding.First, the account the SQL Server Agent runs under currently is Local System.
Second, the owner of the package will be the sa account.
So is it implied that I need to get with my company's Network Group and have a special Domain Account that is a Domain Admin created and this is what the SQL Server Agent would run under and it will be the owner of package?
I'm hoping there is another way besides having to create a special account.
Let me know if I am not understanding correctly.
You understand me correctly because that is what Microsoft says in the link I posted because when running in local system account the Agent those not have access to network resources.
Kind regards,
Gift Peddie
December 18, 2009 at 10:46 am
SSCrazy, thanks.
I will have to get with the Network Group and have them make me a Domain Admin Account.
Viewing 5 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply